SANS, CTIA and ISACA all offer certifications, although focused slightly differently.
SANS offers the GISF (GIAC Information Security Fundamentals) certification as a continuance of its introductory security course. This demonstrates a general understanding of information assurance. The thing about SANS that may be attractive is the additional set of courses and certifications available to the project manager to continue his/her learning and skills.
CTIA offers the Security+ certification, which is also highly regarded in the industry, and allows more flexibility in what background education the project manager would need to prepare for the certification test.
Finally, if the project manager needs to worry about the audit aspects of the systems/projects, then ISACA offers a few audit-centric certifications focusing on security.
ROI is hard to gauge because it all depends on what the IT project manager needs to do now and in the future. If all that's required is for him/her to get a broad idea of how to secure systems, then any of the certifications will provide a decent return.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading