An Ashling Team "What Is" Feature: IT Auditor
a.k.a.: Information Security Auditor, Information Systems Auditor, IA Auditor, and Security Auditor
About: An IT Auditor evaluates the business risk related to the security of an organization’s technological infrastructure by identifying issues with efficiency, risk management, and compliance. Upon uncovering vulnerabilities, this pro gets down to documenting, recommending “best practices,” and collaborating with management to determine appropriate mediation strategies.
Responsibilities (in most cases):
- Planning, executing and leading security audits
- Documenting, documenting, documenting!
- Analyzing security controls related to financial and information systems
- Evaluating efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations
- Assessing exposures resulting from ineffective or non-existent control practices
- Interpreting audit results against defined criteria
- Partnering with management on “best practices” to improve security
- Collaborating with departments to improve security compliance and manage risk
- Ensuring security recommendations comply with company procedures
Requirements: 3-5 years of experience in general IT/security. And for senior/management level positions, 5+ years of auditing experience.
Education: Although not every company requires a degree, a relevant bachelor’s is an asset. Meanwhile, a master’s degree in Computer Science, Information Systems, or Cybersecurity turns heads.
Popular Certifications: CISA, CISM, CISSP
Steppingstone Roles: Often, those aspiring to be IT Auditors will have had experience in security administration, network administration, or system administration. However, information technologists also have a knowledge base that can easily be built upon for a segue into cybersecurity.
LATERAL Growth Opportunities:
- Security Specialist, Security Ananlyst, Security Engineer, Security Consultant
VERTICAL Growth Opportunities:
- Security Manager, IT Project Manager, Security Director, CISO
Ashling Team Insight
To truly differentiate yourself as a candidate for an IT Auditor role, ensure you have experience in auditing computer applications and information systems of varying complexity. Companies are also keen on professionals with an elevated technical skill set, and an in-depth understanding of COBIT framework.
Furthermore, your resume and/or profile should detail your experience with Enterprise Resource Planning Systems (ERP); your familiarity with data repositories and their risks; and your proficiency in key operating systems (Windows, UNIX/Linux), databases (SQL, Oracle) and security concepts (firewalls, public/private key encryption, VPN, etc.).
You will also want to emphasize your ability to communicate auditing, internal control, and other IT issues with all levels of management. Specifically, highlight your ability to ‘flex’ communications according to your audience.
The CISA and/or CISSP certifications are often required, so having multiple certs. is invaluable.