In December 2013, a data breach at large retailer Target led to more than 70 million customers’ personal information being stolen by hackers. This was the first in a chain of highly publicized cyber-attacks on large businesses, which spurred an increasing number of companies to invest in information and network security professionals. “Today, advances in computer technology have changed the way data is stored, retrieved, and controlled, and as a result there’s been a dramatic increase in demand for the IT Audit professional,” says Lisa Samson, Director of ES Technology, a division of The Execu|Search Group. Companies are in search of the right IT professionals to effectively assess and monitor their business systems to avoid cyber breaches.
Therefore, if you’re a business-savvy IT professional who understands the relationship between technology and operational processes and how they allow organizations to run smoothly, you are an ideal candidate to pursue a career as an IT Auditor. According to Lisa, here are areas you need to focus on to pursue an IT Audit career.
Proven technical and compliance experience
As an IT Auditor, companies will rely on you to not only identify holes in business processes and procedures to ensure their systems are secure and operating correctly, but to also create solutions to manage constant industry changes. Some examples of IT roles that you can gain information and security experience include:
- Network Engineer
- Security Administrator
- Security Analyst
In fact, IT professionals that have demonstrated the ability to keep networks secure and ensure confidential information is safe, and are knowledgeable about some of the most important industry changes and governmental regulations affecting companies will excel in the interview stages. As a result, it’s important to stay abreast of industry news and how it pertains to your role. Some examples to be familiar with include the Sarbanes-Oxley Act, Health Insurance Portability and Accountability, or Control Objectives for Information and Related Technology.
Possessing the proper certifications
As the information and network security market evolves, employers will be in search of well-rounded IT candidates that possess the right certifications and can apply that knowledge to produce measurable results. In fact, according to Lisa, possessing the relevant certification(s) can help you get a leg up against your competition. “If you’ve gone through the proper training to attain certain certifications, companies will be better able to determine if you’re a good fit for the position because this distinguishes you as an IT professional.” Here are a number of certifications that you can pursue in order to enhance your technical and compliance skills:
- Certified Information Security Manager (CISM)
- Certificate in Accountancy Program (CAP)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Internal Auditor (CIA)
- Certified Authorization Professional (CAP)
- Certified Computer Professional (CCP)
- Certified Information Privacy Professional (CIPP)
- Certified Information Systems Security Professional (CISSP)
Strong Communication Skills
Along with experience and any of the certifications above, strong communication skills are another big area where IT Auditors must be able to demonstrate strength in. Throughout the application and interview process, employers may be interested in your ability to communicate with different departments at varying levels. Since you will need to be able to translate heavy technical jargon and processes into explanations that less tech-savvy professionals should be able to understand, this plays a major role in how effective you can be as an IT Audit professional.