What is an IT Auditor?

Jul 26, 2019

An Ashling Team "What Is" Feature: IT Auditor

a.k.a.: Information Security Auditor, Information Systems Auditor, IA Auditor, and Security Auditor

About: An IT Auditor evaluates the business risk related to the security of an organization’s technological infrastructure by identifying issues with efficiency, risk management, and compliance. Upon uncovering vulnerabilities, this pro gets down to documenting, recommending “best practices,” and collaborating with management to determine appropriate mediation strategies.


Responsibilities (in most cases):

  • Planning, executing and leading security audits
  • Documenting, documenting, documenting!
  • Analyzing security controls related to financial and information systems
  • Evaluating efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations
  • Assessing exposures resulting from ineffective or non-existent control practices
  • Interpreting audit results against defined criteria
  • Partnering with management on “best practices” to improve security 
  • Collaborating with departments to improve security compliance and manage risk 
  • Ensuring security recommendations comply with company procedures

Requirements: 3-5 years of experience in general IT/security. And for senior/management level positions, 5+ years of auditing experience.


Education: Although not every company requires a degree, a relevant bachelor’s is an asset. Meanwhile, a master’s degree in Computer Science, Information Systems, or Cybersecurity turns heads.

Popular Certifications: CISA, CISM, CISSP

Steppingstone Roles: Often, those aspiring to be IT Auditors will have had experience in security administration, network administration, or system administration. However, information technologists also have a knowledge base that can easily be built upon for a segue into cybersecurity.

LATERAL Growth Opportunities:

  • Security SpecialistSecurity Ananlyst, Security EngineerSecurity Consultant

VERTICAL Growth Opportunities:

  • Security ManagerIT Project ManagerSecurity DirectorCISO

Ashling Team Insight

To truly differentiate yourself as a candidate for an IT Auditor role, ensure you have experience in auditing computer applications and information systems of varying complexity. Companies are also keen on professionals with an elevated technical skill set, and an in-depth understanding of COBIT framework.

Furthermore, your resume and/or profile should detail your experience with Enterprise Resource Planning Systems (ERP); your familiarity with data repositories and their risks; and your proficiency in key operating systems (Windows, UNIX/Linux), databases (SQL, Oracle) and security concepts (firewalls, public/private key encryption, VPN, etc.).

You will also want to emphasize your ability to communicate auditing, internal control, and other IT issues with all levels of management. Specifically, highlight your ability to ‘flex’ communications according to your audience.

The CISA and/or CISSP certifications are often required, so having multiple certs. is invaluable.

Other news

Cookies help us deliver our services. By using our services, you agree to our use of cookies.