I work in identity and access management for a company with offices in the US, UK, and Singapore, and my manager suggested the CIMP. Before I commit 8-10 weeks to studying, I want to know how it's viewed internationally rather than just taking my manager's word for it.
The content covers identity governance, access control frameworks, and compliance standards - which maps pretty well to what I do daily. So the material itself isn't the concern, it's more whether the credential carries real weight outside North America at the senior IAM level.
From what I've found, the exam is around 100 questions with a 70% passing threshold. I'd plan on 90 minutes of study a day for about 6-7 weeks given my schedule. That feels right for the content volume, assuming I'm not also chasing a credential that nobody outside the US recognizes.
What I can't figure out is whether this is respected at the enterprise level or if it's still more of a checkbox cert that looks good on paper but doesn't move the needle in hiring decisions abroad.
Got mine last year and it opened up different interview conversations than CISM alone did. Enterprise IAM teams specifically seem to respond well to it - it signals specialization rather than just broad security credentials, which matters when the role is specifically identity-focused.
The governance and access control sections are the core of the exam. If you're doing that work daily, 6 weeks is plenty. The exam content felt closely aligned with real IAM practice compared to broader security certs that only graze the surface of identity.
It's recognized in Europe and APAC within the identity management space, but it's not in the same weight class as CISM or CISSP. Works best as a complement to one of those rather than a standalone credential if international recognition matters to you.
We require it for senior IAM roles at my UK-based company. It's been gaining traction steadily over the last 2-3 years. Still newer than the big security certs but I wouldn't call it a checkbox anymore - at least not in the IAM-specific hiring space.
I failed the first time and honestly it was because I underestimated the governance sections. I'd been doing IAM hands-on work for years so I figured the technical stuff would carry me, but the exam leans hard into policy frameworks and compliance concepts that don't come naturally if you've been heads-down in config all day. Second attempt I spent about three weeks doing nothing but scenario-based practice questions, specifically ones that forced me to think about why a policy decision gets made, not just what the decision is.
On the international recognition question, I can't speak to Singapore specifically, but I've had zero issues being taken seriously in UK hiring conversations with it on my CV. It's not CISSP-level name recognition but in IAM-focused roles people seem to know what it is. The content itself is solid enough that even if a hiring manager hasn't heard of it, you can explain what you studied and it holds up.
Related Discussions
- CCP exam — worth it for someone already in PR for 5 years?6 replies
- CCP exam prep — how deep does the physical science section actually go?6 replies
- CCP board exam - studying while working full perfusion shifts6 replies
- CCP exam - is it as clinical as the content outline makes it look?6 replies
- Going for GAF Master Elite certification — what's the process actually like?5 replies