IT Employment

General discussion


Ground Level Position in IT Auditing

By eddie_is_okay ·
Hi, I have over 6 years work experience as a IT Network System Admin/Support. I have been looking very closely at steering my career into more of a CISA/CISSP/IT Security Auditing direction.

Recently the internal auditing department where I work have an opening for an auditor/assistant working for the auditors there. To be very honest I don't know much about them. They all seem to be CA's and CGA's. They work on policies and procedures for my workplace.

I am considering applying for the position even though it might be a big step down and pay cut. But it sounds like a job that might be worth much more as far as relevant experience for pursuing my career goals.

Do you think I am right in my assumption or incorrect? Is IT Auditing very different than "tradiitonal" auditing?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by uofM In reply to Ground Level Position in ...

You say CISA/CISSP... but what exactly do you want to do in term of security? IT Auditing can be very broad. I work for a mgmt consulting firm that caters to the Federal government, and I perform technical audits. Basically look throught router/firewall logs and interview network/sys admins to make sure their operations/controls/policies are compliant with federal regulations. So for this, you really need to have a technical background (RACF, Cisco, IP etc..). However, my counter part actually is a PMP and he performs audits on policies and procedures (like you mentioned) to ensure business owners have the proper plans in place to conform to Federal/agency level regulations (i.e. FISMA).

I'm not sure what you mean by "traditional" audits.. unless you're refering to financial/legal audits that most corporations go through.

Collapse -

by eddie_is_okay In reply to

Thanks for that reply. I was worried no one knew what I was talking about. I was hoping to do something similar to what you do once I get more experience under my belt. Thats why I was looking at the CISA and CISSP. I have 6 years, but I still feel I need more. Every additional year of experience makes me much better at what I do.

I guess by "traditional" I mean financial and legal audits. I can't see this department doing anything else.

Basically, I have a technical background but not much else. I haven't done much as far as IT audits other than security scans. I also did a couple of policies up for my work area.

This position looks like a heavy administrative position providing support for the Auditing Director and his staff. I thought it might expose me to how auditing works. The systems and procedures of what is involved.

Collapse -

Appreciate your kind help

by sdhanraj In reply to

Hi uofM,

I am really trying to find an area in information technology that would endure
as a career. Your expertise is tied to the federal government and involves

Two necessary and well funded areas as of today.

Would you be kind enough to suggest how I should go about started in this area.
(eg. recourses to study books, courses etc.)

What areas would you think would find most useful for this.

I have my mcse NT and BS in biochemistry, healthcare experience, could buckle
down and finish my CCNA. I just got cruelly laid off from my hospital job
pending investigation. I'm sure that I will get my job back but this was a
tremendous wake up call and I don't to be at people's unscrupulous mercy.

Thank you kindly and I am located in NY Long Island.

Thanks kindly :-)

Collapse -

how did you get laid off?

by secure_lockdown In reply to Appreciate your kind help

what were the reasons?

Collapse -

how did you get laid off?

by secure_lockdown In reply to Appreciate your kind help

what were the reasons?

Related Discussions

Related Forums