Best certifications for IT Auditor with no other IT experience?

reawtf234reawtf234 Member Posts: 1 ■□□□□□□□□□
I have been an Internal IT Auditor (Senior, Manager, and now Director) for almost 10 years, spending a lot of time with SOX ITGCs. I got my CISA a long time ago, now I am looking for another certification to make me more marketable, but it looks like a lot of them require some experience in areas other than audit. For example, CISM requires direct experience in Security. 
It looks like my best option is CISSP assuming I am allowed to claim that my experience as an IT Auditor spans more than one of their domains. Any other IT Auditors have success with this?
Are there other popular certifications out there for IT Audit leaders?
Thanks in advance for your help.


  • Options
    AzazelloAzazello Member Posts: 18 ■■■□□□□□□□
    ISO/IEC 27001 Lead Auditor — Information Security Management

    With your experience, you'll have no problem acquiring that.
  • Options
    scascscasc Member Posts: 462 ■■■■■■■□□□
    This really depends on interest as you work at director level already.

    If you want to learn more about technical security auditing, SANS GSNA is a great programme. ISACA have also brought out a Cyber Security Auditing Cert too. If you want to develop more all round security skills to compliment your audit knowledge  - perhaps something like Security +, CISSP would be good. With CISSP, you can leverage your risk/audit/compliance background to obtain the necessary pre-req.

    Alternatively, if you want to learn basic ethical hacking skills to compliment how to ascertain gaps to controls/weaknesses in control procedures etc. this can also help (e.g. CEH). What are you really interested in learning about? 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Sign In or Register to comment.