Interview - IT Auditor

Keener

I have an interview for an IT Auditor on Wednesday. I have never worked in this arena before. They are looking for an IT Auditor/Sr. Auditor (doe). They want people that either have the CISA (which I do not) or who would like to get it. After looking more into CISA, what it encompasses and the areas it can lead to, my interest became very high. Through waivers and other experience I would qualify for the credentials in about as much time as it would take for me to study and pass the exam in September or December.

I passed the initial phone screen with the internal recruiter about 2 weeks ago. I now have a face to face with the same recruiter and the hiring manager tomorrow. As mentioned above, I do not have any "true" experience in auditing so I am not sure what kind of questions to expect in the interview. To clarify, I'm looking for questions specific to an auditing role.

Thanks in advance, everyone!

dmoore44

When I interviewed for an auditor position, I was asked security configuration questions. Stuff regarding SNMP, if I knew what certain protocols were (and pertinent questions about them), if I knew what certain tools were (and if I knew how to use them), opinions regarding policies, etc... Stuff like that. See if you can glean that type of info from the job description and study up!

GoodBishop

Keener wrote: »

I have an interview for an IT Auditor on Wednesday. I have never worked in this arena before. They are looking for an IT Auditor/Sr. Auditor (doe). They want people that either have the CISA (which I do not) or who would like to get it. After looking more into CISA, what it encompasses and the areas it can lead to, my interest became very high. Through waivers and other experience I would qualify for the credentials in about as much time as it would take for me to study and pass the exam in September or December.

I passed the initial phone screen with the internal recruiter about 2 weeks ago. I now have a face to face with the same recruiter and the hiring manager tomorrow. As mentioned above, I do not have any "true" experience in auditing so I am not sure what kind of questions to expect in the interview. To clarify, I'm looking for questions specific to an auditing role.

Thanks in advance, everyone!

I would suggest going over to ISACA's page and clicking on Knowledge Center, and take a look at some of the material there. They will look for folks who pay attention to detail, who have knowledge about IT systems (Windows, UNIX, networking, Oracle, etc...), as well as best practices too - password parameters, access control, making recommendations, that sort of stuff.

I would also recommend familiarizing yourself with being able to explain your background, what you've done, and if you have done any audit work before, or have worked on remediating audit findings.

Finally, go in with a positive "can-do" attitude, as well as be able to explain why you want the job, and why it would be a great fit for you, as well as explain what value you will be bringing to the company.

Good luck! Let us know how you do.

Keener

Awesome info! I definitely appreciate it. I have the info sec bug and a lot of the basic knowledge. I will keep y'all updated afterwards.

Keener

I had the interview yesterday. Overall, things were great. However, after going over my long term goals, we both mutually agreed this was probably not the best path for me to take in my career. This position was more for application security auditing versus network/systems security auditing. She has others on her team with the CISSP and they do not get to use it very much.

On the huge plus side, she believes that the Security team will be opening up some new positions in the relatively near future. The hiring manager is going to type up her notes and forward my resume over the director of that department and recommend that he take a look at me. I've already had a pre-screen phone interview and a face to face with one of the internal recruiters. I'm sure that a recommendation from another hiring manager after a face to face will carry some extra weight!

Here's to great things to come!

GoodBishop

Keener wrote: »

I had the interview yesterday. Overall, things were great. However, after going over my long term goals, we both mutually agreed this was probably not the best path for me to take in my career. This position was more for application security auditing versus network/systems security auditing. She has others on her team with the CISSP and they do not get to use it very much.

On the huge plus side, she believes that the Security team will be opening up some new positions in the relatively near future. The hiring manager is going to type up her notes and forward my resume over the director of that department and recommend that he take a look at me. I've already had a pre-screen phone interview and a face to face with one of the internal recruiters. I'm sure that a recommendation from another hiring manager after a face to face will carry some extra weight!

Here's to great things to come!

Well done!

RoyalRaven

Good job on getting info on another lead at the same place. Might be all that it takes to get in.

I would highly recommend joining a local ISACA chapter after reading your postings. You'll have incredible networking opportunities with like-minded individuals, plus you'll get exposure to areas you were considering. I've been in a local chapter for many years now and I learn new things at each meeting/event I attend. It definately helped me understand what the audit landscape looks like and what it takes to work in audit-based roles.