This Certificate in Cyber Risk & Governance for Business is a 12-week, part-time standalone and stackable micro-credential comprising two integrated 5 ECTS modules: 1) Security Awareness for Organisations and Governance, and 2) Risk & Compliance. The course is funded by the Micro-credential Learner Fee Subsidy 2026 programme and fees are subsidised at 80% for all eligible learner categories.
The programme is designed to address the rapidly growing demand for professionals who can manage cybersecurity risk and regulatory compliance obligations within business settings, without requiring a technical ICT background. The introduction of the EU NIS2 Directive, the Digital Operational Resilience Act (DORA), and ongoing GDPR enforcement has created a significant new compliance burden for Irish organisations. Eurostat’s 2024 survey found that almost one in four Irish companies report difficulty recruiting cybersecurity-skilled staff, and the SOLAS Difficult-to-Fill Vacancies Survey (November 2025) confirms that cybersecurity and compliance roles remain among the hardest to fill nationally.
The programme equips participants with directly labour market relevant skills: the ability to assess organisational cyber risk, design security awareness programmes, interpret regulatory requirements (NIS2, DORA, GDPR), evaluate governance frameworks (ISO 27001, NIST CSF), and prepare compliance documentation and audit-readiness materials. These competencies are in immediate demand from employers across financial services, technology, healthcare, and the broader SME sector, where regulatory compliance is now a board-level concern.
This micro-credential has been developed with input from CCT’s Industry Engagement Forum (IEF). IEF consultation has identified a specific gap in governance and risk management skills among non-technical business professionals—the exact audience this programme targets. Industry partners in financial services and regulated sectors have confirmed strong demand for graduates who can bridge the gap between technical cybersecurity controls and business-level risk management and compliance reporting.
Demand for this programme is supported at both regional and national levels. Dublin hosts the European headquarters of major technology and financial services firms, all of which face NIS2 and DORA compliance obligations. Nationally, the EGFSN Skills Insights Note 2025-3 identifies governance and compliance as a shared European and Irish priority under the EU Union of Skills initiative. The National Skills Bulletin 2025 highlights ongoing shortages in ICT and business analysis roles that combine technical understanding with regulatory knowledge.
Target cohorts include business managers, compliance and legal professionals, HR and finance staff, SME owners managing digital risk, career changers entering the cybersecurity or GRC space, and employed individuals at all qualification levels seeking to upskill. The programme is inherently transversal, spanning cybersecurity awareness, organisational behaviour and culture, regulatory interpretation, risk assessment methodology, and business continuity planning.
This Certificate in Cyber Risk and Governance for Business course is scheduled to commence week of October 12th 2026*. This is an 11 week, part-time programme with contact hours delivered over evening and weekend schedule slots. This programme will lead to a QQI award at Level 7 of the NQF.
*Subject to validation by Quality and Qualifications Ireland (QQI)
This programme comprises two integrated modules.
This module overs the cyber threat landscape from a business perspective, social engineering and phishing attack vectors, password management and authentication, incident response awareness, security policy fundamentals, and designing and evaluating security awareness programmes for organisations.
This module covers risk identification and assessment methodologies, governance frameworks and standards (ISO 27001, NIST CSF), the EU regulatory landscape including NIS2, DORA, and GDPR, business continuity and disaster recovery planning, third-party and supply chain risk management, and compliance reporting and audit readiness.
For October 2026 the course will be offered on an evening/weekend blended learning basis. Typically learners will attend two evenings per week (online) plus 1-2 Saturdays (on campus).
All students will be introduced to the CCT online learning environment as part of the induction to the programme and will have access to further support as required.
Online activities can include live or pre-recorded lectures, independent learning and assessment activities such as research tasks, discussion forums, simulations, quizzes and e-portfolio work along with online group activities such as live classes, group project work, virtual labs and tutorials. Completing the online elements of the programme each week is essential to successfully complete the programme. On campus activities can include small group tutorials, labs, project supervision, problem solving case studies, library research and seminars.
Assessment is through a security awareness programme proposal (case study), a risk assessment and compliance report (scenario-based), and a governance framework evaluation.
Industry initiated real-world problems are used as the context for planning and designing assessment solutions, as well as being an aid for problem solving sessions. Summative assessment is a blend of integrated assessment and module specific assessment utilising both group and individual work, while formative assessment is pipelined into module delivery and feedback, so as not to add to the assessment burden of students.
Admission to this Certificate in Cyber Risk and Governance for Business is through one of the following:
Evidence of prior learning, including experiential learning,
or
Possession of an NFQ level 5 award, including leaving certificate, FET award, or equivalent.
In addition, all applicants must evidence competence in mathematics equivalent to O6 standard in leaving certificate and competence in the use of IT. Basic computer literacy is not sufficient for this programme.
International applicants whose first language isn’t English must demonstrate a minimum competency in the English
Language of CEFR B2+.
Applicants are encouraged to apply for entry based on prior learning (RPL) or prior experiential learning (RPEL) in line with the College policy. The College will thoroughly assess applications received through RPL and RPEL to ensure that candidates are able to evidence learning to an appropriate standard – normally the framework level equivalent to the direct entry qualification requirement and demonstrate potential to succeed and benefit from the programme.
Those who are in employment/working :
For eligible applicants who are currently in employment/working 80% of the tuition fees will be covered by the HEA through the Micro-Credential Learner Fee Subsidy (LFS) and the remaining 20% is payable by the student or their employer.
The Course Tuition Fee is €1050 so €210 euro is payable by the student or their employer
Those who are unemployed, formerly self-employed and ‘Returners’:
Th is Micro-credential course is also 80% funded for eligible applicants who are unemployed, formerly self-employed or who are classified by the HEA as ‘Returners’ or ‘Homemakers’.
Application for this Micro-Credential Certificate in Cyber Risk and Governance for Business should be made via the Springboard Courses Website
