| certifications | security - Bob Salmans
What Jobs Can I Get as a CISA?
When I first sat for the Certified Information Systems Auditor (CISA) in 2015, it required that I travel 6 hours to one of the testing sites and fill out a bubble-type answer sheet with a #2 pencil. There were probably 200 other test takers present — all for this exam. It reminded me of sitting for the SATs. It was very strange because I was accustomed to taking online certification exams at a testing center where I was very often the only test taker.
One of the things that most surprised me about the experience was the number of accountants who were sitting for the exam. I asked one of them why they were sitting for an IT-related exam, and it was explained to me that in the financial industry they audit businesses every day. They could just as easily audit for information security compliance with the training provided by the CISA program. I found this to be very interesting, as I had never thought of someone outside of IT performing IT-based audits.
Who Should Take the CISA?
So now you may be asking yourself, other than auditors, who might be interested in the CISA certification. The answer comes by looking at the heart of the content of the certification curriculum which is dealing with risk and compliance. That being said, any position that is known for managing risk and compliance is a good fit for the CISA certification.
So other than an IT auditor, some of these jobs are:
Compliance Analyst/Program Manager: These positions mainly deal with compliance programs and ensuring organizations maintain compliance with programs such as PCI-DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), and GDPR (General Data Protection Regulation). There are several aspects to compliance. It requires attention to detail as there is much paperwork to be generated and reviewed to ensure policies and procedures to support the compliance requirements.
Risk Analyst/Program Manager: Any risk-based position works to identify and reduce risk. These positions are responsible for observing business processes in order to identify areas of potential risk and then provide solutions for addressing the risk to minimize its possible impact on the organization.
Data Protection Manager: Data protection roles focus on identifying sensitive data and verifying adequate controls are in place to protect that data. This requires working with data owners to locate sensitive data and then verifying controls are in place and functional. The data protection personnel are also responsible for ensuring data is being handled and protected in compliance with applicable data protection laws.
Security Officer / Security Manager (CISO/ISSO/ISSM): Finally, we have the security officer or manager who oversees the security of an organization at some level and provides guidance. These roles are more generalized as they oversee all of the security practices. It's because of this generalization that the CISA certification would be helpful to people in these roles. The CISA certification brings a breadth of new knowledge pertaining to the auditing of risk and compliance to ensure practices and processes are in fact being followed by the persons working for them.
There is one more group of individuals who would benefit from the CISA certification. That's anyone providing information assurance functions with access to the US Department of Defense (DoD) information systems. This group includes military members, DoD employees and contractors, and other federal organization employees. This is because the DoD requires information technology personnel to meet certain requirements outlined in the DoD 8570 and DoD 8140, which includes the CISA certification as one of the available options.
You Should Take the CISA
If you fall into any of these job roles or categories the CISA certification may be a great option for you to further your information security skill set. One thing is for sure though, and that’s the fact that information security is here to stay and compliance and risk management is on an upward trend and will continue to be a necessary skill set in the industry.