CISA - Certified Information Systems Auditor

pipemajorpipemajor Member Posts: 65 ■■□□□□□□□□
I'd like to become one. I have 30+ years IT experience dating all the way back to legacy mainframe environments, have BBA/MBA degrees from solid brick 'n mortar institutions but can't get my foot in the door.

The CISA requires an exam AND five years proven IT Audit experience. Seems like a Catch 22 since I can't get any experience as an IT Auditor without first having the CISA. I was even an IT manager for a company who did various audit work once.

And yes, I'm currently unemployed. icon_cry.gif

Comments

  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    The CISA is a tough cert to get because of the experience which you're mentioning. I work with three CISAs and combined they have 20-30 years of IT audit experience. I do IT audits but I've only been here for a year. For me to be able to get a CISA (even though I actually DO audits) I'd have to be here another four years or find another job over the next four that lets me continue to do audits.

    I talked to one of our CISAs and he said that you don't necessarily need 5 years of experience in auditing - if you have experience in other domains it may count for the experience. check their experience requirements again.

    ALSO, you can take the CISA exam without getting the actual cert. This will allow you to tell employers that you have passed the CISA, you just do not meet the experience requirements. However, with your time in the field of IT you probably meet the experience requirements anyway.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    [email protected]
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I wanted to take this test because I was doing auditing half of the time at my current job of five years. Pretty much the audits were technical and administrative in nature. Only problem for me is my job situation changed and the test is only offered twice a year. I would have had to pay by Sept 24th to take the December one which I was not sure if I could allocate study time if I got a new job soon.
  • GAngelGAngel Member Posts: 708
    pipemajor wrote: »
    I'd like to become one. I have 30+ years IT experience dating all the way back to legacy mainframe environments, have BBA/MBA degrees from solid brick 'n mortar institutions but can't get my foot in the door.

    The CISA requires an exam AND five years proven IT Audit experience. Seems like a Catch 22 since I can't get any experience as an IT Auditor without first having the CISA. I was even an IT manager for a company who did various audit work once.

    And yes, I'm currently unemployed. icon_cry.gif

    If i were you i'd sign up for the exam it seems like you more than meet the criteria. The requirements page lists what you can use and frankly most It managers would qualify.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,251 Mod
    pipemajor wrote: »
    I'd like to become one. I have 30+ years IT experience dating all the way back to legacy mainframe environments, have BBA/MBA degrees from solid brick 'n mortar institutions but can't get my foot in the door.

    The CISA requires an exam AND five years proven IT Audit experience. Seems like a Catch 22 since I can't get any experience as an IT Auditor without first having the CISA. I was even an IT manager for a company who did various audit work once.

    And yes, I'm currently unemployed. icon_cry.gif

    I feel that you can get your experience credited even if it's not directly related to Auditing, specially that you managed teams of auditors, best way is to ask the test organization itself.
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • eMeSeMeS Member Posts: 1,875
    Personally I question the marketability of ISACA's certifications. It could be because I spend my time mostly doing other things, but I've yet to see anything come across my desk that required a CISA. I'm not sure that I'd be looking at the CISA as the ticket out of unemployment.

    Based on what you've told us about your background, you can likely substitute some of what you've done for some of the direct audit experience requirements.

    As others have said, "audit experience" is fairly broad. There are many ways to achieve this, and you've likely hit some of it. The other key factor is that the experience has to have been obtained in the 10-year period preceding the application date.

    I'm more inclined to get any certification as a way to take official credit for the work that I've done, as opposed to earning the credential to get the work. The CISA is no different. My specific experience was direct management of an organization's SAS 70 response, and setting up and managing internal audit programs to meet ISO/IEC 20000 requirements. I have other audit experience as well, but you don't have to list everything...only what meets the requirements.

    I have mixed feelings about the exam. It wasn't really that tough, but it was difficult to study for. When I took it I really hadn't had much time to study, and so I wasn't sure how I did on it. The one thing that I can really say is that the exam is long....if I remember correctly it was 200 questions on a Saturday morning. At some point I felt as if I was just going through the motions. I would rank it as mildly harder than the PMP, but much less difficult than many of the technical exams that people at this site mostly take.

    You might also consider the CIA certification, here's a link to that: Certified Internal Auditor - The Institute of Internal Auditors

    Aside from auditing, the place that I would probably be looking at the moment for the next (1-2 years) hot high-level certification is the CBAP. More information at http://www.theiiba.org/AM/Template.cfm?Section=Certification&Template=/CM/HTMLDisplay.cfm&ContentID=4688 .

    MS
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,736 ■■■■■■■■■■
    Funny that you say that. I just did a Monster search out of curiosity about what you said. I found 16 pages of jobs listing the CISA as either a requirement or something they would like to see on your resume.
    Currently working on: Linux and Python
  • eMeSeMeS Member Posts: 1,875
    Funny that you say that. I just did a Monster search out of curiosity about what you said. I found 16 pages of jobs listing the CISA as either a requirement or something they would like to see on your resume.

    I did the same search...looks like it was mostly recruiters and agencies that posted out there.

    My work comes directly from customers, so looking on Monster or some other job board for full-time or contract-to-full-time work at a much lower rate than I'm willing to work isn't an option.

    MS
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,736 ■■■■■■■■■■
    eMeS wrote: »
    My work comes directly from customers, so looking on Monster or some other job board for full-time or contract-to-full-time work at a much lower rate than I'm willing to work isn't an option.

    MS

    Gotcha! I was wondering why you would say that.
    Currently working on: Linux and Python
  • eMeSeMeS Member Posts: 1,875
    Gotcha! I was wondering why you would say that.

    No worries...I know a ton of people that do different audit jobs full-time in companies. A few of them have a CISA or a CIA, but it's a small percentage of the total population.

    I just don't equate "marketable" as necessarily equal to what staffing agencies and recruiters say they want.

    MS
Sign In or Register to comment.