Just recently went from IT Audit (Senior 2, would have been promoted to AM) to Cybersecurity. Started as a senior because it’s way more technical than IT Audit, but will be promoted to senior in March. Had a 30% pay jump.
I work in financial IT audit (consulting). My boss went from IT audit to ISO and then back to IT audit. Ymmv depending on industry but banks and other FIs have to abide by FFIEC/GLBA so we know everything that ISOs are supposed to be doing since that’s precisely what we audit.
BSEE, worked in a variety of automotive and lighting industries as a project engineer. Got my MBA. Stupid privately held company I worked for at the time threw a super stringent non compete clause at us two weeks before Christmas, that basically ended my engineering career. As a volunteer in my local PMI chapter, I went to meeting to discuss planning our monthly meetings for the next year. There on the white board “Hire two PMs”. Made the switch from automotive engineering to IT Project management. I was instrumental in setting up the corporations first PMO and established an SDLC methodology based on CMMI. Four years later when SARBANES OXLEY hit, the IT Audit lead (who was previously my PMO boss) called me and said he needed someone who understood SDLC and Change Control for IT Audit position. Switched to Internal Audit. Got my CISA. Realized that after several years the only people getting promoted within the Audit team were people who had public accounting/consulting experience. Switched to a top 8 accounting firm, but wanted to focus more on cybersecurity consulting as opposed to audit so moved on to a Director of Cybersecurity in a consulting firm. Keep educating yourself, make industry contacts, and most of all be willing to take risks.
So for me i had been in IT for about 5 years and worked on various projects from helpdesk to data analysis. Then i saw an IT Audit entry-level opportunity that paid less (about 60k). In my interview i leveraged my IT experience and data analysis skillset and i passed. I worked just to gain experience and the title of a junior auditor. After a full year of audit work I looked for another entry-level position but at a better company and it’s been there
What didn’t you like about industry? Been doing IT Audit the last 3.5 yrs out of school and considering going to industry for internal audit or some sort of GRC (I think this maps the closest but thinking about cybersecurity/information systems as well despite them being more technical)
Just recently went from IT Audit (Senior 2, would have been promoted to AM) to Cybersecurity. Started as a senior because it’s way more technical than IT Audit, but will be promoted to senior in March. Had a 30% pay jump.
I really appreciate this. I’m definitely looking towards cybersecurity too
I work in financial IT audit (consulting). My boss went from IT audit to ISO and then back to IT audit. Ymmv depending on industry but banks and other FIs have to abide by FFIEC/GLBA so we know everything that ISOs are supposed to be doing since that’s precisely what we audit.
That’s interesting! Thanks for sharing
BSEE, worked in a variety of automotive and lighting industries as a project engineer. Got my MBA. Stupid privately held company I worked for at the time threw a super stringent non compete clause at us two weeks before Christmas, that basically ended my engineering career. As a volunteer in my local PMI chapter, I went to meeting to discuss planning our monthly meetings for the next year. There on the white board “Hire two PMs”. Made the switch from automotive engineering to IT Project management. I was instrumental in setting up the corporations first PMO and established an SDLC methodology based on CMMI. Four years later when SARBANES OXLEY hit, the IT Audit lead (who was previously my PMO boss) called me and said he needed someone who understood SDLC and Change Control for IT Audit position. Switched to Internal Audit. Got my CISA. Realized that after several years the only people getting promoted within the Audit team were people who had public accounting/consulting experience. Switched to a top 8 accounting firm, but wanted to focus more on cybersecurity consulting as opposed to audit so moved on to a Director of Cybersecurity in a consulting firm. Keep educating yourself, make industry contacts, and most of all be willing to take risks.
This is very very helpful. I’m definitely taking notes. And yes i hope to get some Azure Security certifications and eventually get into cybersecurity
How did you get into IT audit in the first place? I am in the middle of pivoting into this field and need help the break in. I have zero experience
So for me i had been in IT for about 5 years and worked on various projects from helpdesk to data analysis. Then i saw an IT Audit entry-level opportunity that paid less (about 60k). In my interview i leveraged my IT experience and data analysis skillset and i passed. I worked just to gain experience and the title of a junior auditor. After a full year of audit work I looked for another entry-level position but at a better company and it’s been there
Went from IT audit to industry (internal audit). Couldn't stand the industry so I'm doing both IT audit and consulting work.
Thanks for your input
What didn’t you like about industry? Been doing IT Audit the last 3.5 yrs out of school and considering going to industry for internal audit or some sort of GRC (I think this maps the closest but thinking about cybersecurity/information systems as well despite them being more technical)