Interview cisa/cism

craig009craig009 ITIL V3 , QA-CTFL ,BSc. ITIL , CFTL , SEC+501,CISMMember Posts: 51 ■■■□□□□□□□

Please what are likely interview questions for CISM OR CISA JOBS FIR ENTRY Level.

Any videos to be acquainted with what the daily job of an auditor (cisa) or cism  looks like.

Answers

  • balancebalance Member Posts: 210 ■■■■□□□□□□
    Those are not entry level certifications .   

    No one can tell you why you went  and or are going after a certification.  That is all personal. 
  • scascscasc Member Posts: 377 ■■■■■□□□□□
    Agreed - the certs mentioned are for people with detailed experience and it is expected that whoever attains these will know exactly what they encounter on a day to day basis. If you dont know what the day to day tasks are then best to look it up to see what a junior auditor does for example.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GDSA, GCSA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
  • E Double UE Double U Member Posts: 1,853 ■■■■■■■■■□
    edited January 19
    Likely interview questions are based on what the job requirements are which can vary by organization even when the job title and requested certifications are the same. You can go to the ISACA website to read the knowledge those credential holders should hold, but that will not tell you what you will be asked on a job interview. That applies to any certification in my opinion. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    You can search job postings containing "CISA" and "CISM" and see what qualifications the hiring managers are asking for. This will give you an idea of what types of questions you might be asked in interviews for those jobs. If you see any entry-level jobs asking for these certs then the hiring mangers (or HR) have no idea that these certs are only for people with prior experience as an IT auditor or InfoSec team manager.

  • craig009craig009 ITIL V3 , QA-CTFL ,BSc. ITIL , CFTL , SEC+501,CISM Member Posts: 51 ■■■□□□□□□□
    Thanks everyone, 
    I have been an IT risk analyst for 5 years working in both auditing and governance ,i have also worked with 3rd party vendor on behalf of my company  but saw an opening in one the branches I work with and their requirements is an experience of 8 years and with a certification in cism which I just passed last year .
    That's why am here to ask experts if there's any preliminary advice.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    craig009 said:
    That's why am here to ask experts if there's any preliminary advice.

    Advice specifically for what? For what kinds of questions you might be asked in an interview for an IT auditor or InfoSec team manager position?
  • craig009craig009 ITIL V3 , QA-CTFL ,BSc. ITIL , CFTL , SEC+501,CISM Member Posts: 51 ■■■□□□□□□□
    I was speaking to my manager and he said there's no way I can get it because they will be looking for someone with no less than 8 to 10years of experience . 
    I thought having worked for the company for 5 years as a an IT Risk  analyst/Auditor and also worked in the capacity dealing with 3rd party contractors , this would form a good standing and with the experiences as an auditor  . This might help. 
    Though I have applied for the managerial role and shortlisted for the interview but it is my first managerial role
    I hope this convey exactly what my question was all about  . 

  • E Double UE Double U Member Posts: 1,853 ■■■■■■■■■□
    craig009 said:
    I was speaking to my manager and he said there's no way I can get it

    Hopefully you are the type of person to ignore things like this.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, and more.

    2021 goals: AZ-303, AZ-304, maybe TOGAF and more ISACA

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,082 Admin
    craig009 said:
    I was speaking to my manager and he said there's no way I can get it because they will be looking for someone with no less than 8 to 10years of experience .

    Talk with your HR representative, the internal recruiter, and (if possible) the hiring manager. If none of them have an administrative reason why you can't apply for the position then apply. Your manager is NOT involved in this hiring process and probably prefers that you not inconvenience him/her by moving to a new situation. If your manager attempts to block you from interviewing, talk with your HR rep about it. You may not get the job, but you will at least get some experience in a managerial position interview and finding out from the interviewer(s) why they turned you down.

  • balancebalance Member Posts: 210 ■■■■□□□□□□
    Like others have said , maybe you don't get picked up for the position. However, that does not mean you can not gain value from applying and interviewing. If nothing else it allows you to keep your interview skills sharp and practice on your value pitch. I did not make it though several AVP interviews  but I enjoyed interviewing for them and learned a lot during the process. 

    If possible give it a shot and enjoy the process. 
  • scascscasc Member Posts: 377 ■■■■■□□□□□
    @craig009 - totally ignore what your manager has said because as mentioned above he/she may have other motives. They would not have called you if they felt you could not do the role. In fact with experience you will realise that keep your cards close to your chest and only disclose your intentions at the right time. Go for the interview, show why you can do the role and how your experience has harnessed your expertise. To be honest, even in other walks of life such as your hobbies show how you have led teams (for example football captain - or in US lingo Soccer captain) etc.

    From my take on this you have done the fieldwork in respect to your risk/audit work (sampling, testing controls, writing working papers, collecting evidence, articulating gaps/risk, failures etc etc). They probably need someone to lead engagements/manage timelines/budgets allocated and present key results to senior management and audit committee if there is one. So think about how you can go about articulating risk to SM and what impact this has.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GDSA, GCSA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
Sign In or Register to comment.