IT Audit entrance point?

Provided the following situation:

I have two years experience as a programmer. Now I want to shift my career towards IT Audit and Security.
I have applied for CISA and CISSP exams on October and December 2005 respectively. Assume that I can pass both I may still need some experience in order to be certified.

The problems is:
CISA requires at least 2 years IS AUDIT experience, but companies normally hires people with 2-3 years audit experience. This forms a dead loop. Where can I obtain these 2 years experience after I finish the exam?

==================
http://www.bizcoin.com
Commercial and financial institutions, mortgage corps, stock broker firms…
Domain name now for sale on Sedo