SANS, CTIA and ISACA all offer certifications, although focused slightly differently.
SANS offers the GISF (GIAC Information Security Fundamentals) certification as a continuance of its introductory security course. This demonstrates a general understanding of information assurance. The thing about SANS that may be attractive is the additional set of courses and certifications available to the project manager to continue his/her learning and skills.
CTIA offers the Security+ certification, which is also highly regarded in the industry, and allows more flexibility in what background education the project manager would need to prepare for the certification test.
Finally, if the project manager needs to worry about the audit aspects of the systems/projects, then ISACA offers a few audit-centric certifications focusing on security.
ROI is hard to gauge because it all depends on what the IT project manager needs to do now and in the future. If all that's required is for him/her to get a broad idea of how to secure systems, then any of the certifications will provide a decent return.
This was first published in September 2008