Treat this much like any other request to the executive staff. So, rather than explaining that certifications aren't necessary, explain why this particular candidate is the best, in spite of not being certified. What is it that you like about this particular candidate, and why is he or she better than the others? Is it particular skills or experiences he or she has? Or is it the way the candidate handled him or herself in the interview? Does this person just seem like a better fit with the rest of the team?
Regardless of the answers, present why you think this person is the best candidate. If the executives are really hung up on the certification issue, you can always offer to help the candidate become certified within a certain period of time after he or she starts the job; that way, you can have your cake and eat it, too.
For more information:
Dig Deeper on Information security program management
Related Q&A from David Mortman
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ... Continue Reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security... Continue Reading
Learn when Social Security numbers can be used for patient identification without violating HIPAA patient confidentiality requirements. Continue Reading