What's your career been like so far? Has it been a struggle? Are you slow […]
Need help deciding what you want to be when you grow up? Check out the rest of our posts on credentials for accountants.
If you’re really into internal audits and information systems, want to make decent money and never want to worry about having to find a job, you may want to look into the CISA.
None that we know of, beyond what you’d need to secure a job in the field to gain required professional experience.
CISA candidates must have 5 years of relevant experience in IS auditing, control or security work and adhere to the IASCA Code of Professional Ethics. Experience must be obtained in the 10 years before taking the exam.
The exam is administered twice a year (June and December) and candidates must register no less than two months before the exam date. The exam is made up of 200 multiple choice questions that must be answered within 4 hours. The score is graded from 200 – 800 points and a CISA candidate must score at least 450 points to pass. It covers the following areas:
IS Audit Process (10%)
IT Governance (15%)
Systems and Infrastructure Lifecycle Management (16% of Exam)
IT Service Delivery and Support (14%)
Business Continuity and Disaster Recovery (14%)
The Information Systems Audit and Control Association (ISACA) sets the standards of and administers the CISA examination.
PayScale has some interesting figures on compensation for those with the CISA and we have to say, it’s one of the more lucrative credentials we’ve covered thus far. Interestingly, GT pays its CISAs far better than P-Dubs.
|Deloitte||$59,942 – $86,500|
|Ernst & Young||$60,737 – $90,757|
|KPMG||$70,736 – $111,331|
|PricewaterhouseCoopers||$58,448 – $97,657|
|Grant Thornton||$56,500 – $143,400|
IS Auditors make between $60,047 – $82,842 while IS Audit Managers can make up to $108,226. The money is good if you’re willing to put in the hours and pass a little more than half of the exam.
BlackRock is looking for an experienced auditor who has is familiar with testing of SAS 70 and Sarbanes-Oxley technology controls.
The position requires 9 years experience with Big 4 firm and professional certifications (e.g. CPA, CISA). The position also requires approximately 20% travel.
Check out the details for this position, based in New York, after the jump.
Title: IT Internal Audit Manager
Location: New York, NY
Experience Required: 9 years
Description: The candidate will supervise one to two staff and will work closely with other internal auditors in executing the global integrated internal audit plan. The candidate will report to the Director of Internal Audit IT, who reports to the Global Head of Internal Audit. BlackRock’s internal audit group is comprised of approximately 40 professionals based principally in New York, San Francisco and London, with additional personnel in Edinburgh, Tokyo and Hong Kong.
Responsibilities: More than 9 years experience in the fields of information technology audit, information security and technology risk management; Strong experience auditing operating systems, databases, networks, and technology operations; Experience working within a risk based internal audit function executing audit planning, fieldwork and report writing; A good understanding of information technology, technology risks and emerging technologies; A good understanding of information technology best practice disciplines and frameworks such as CoBIT, ITIL and COSO; Experience managing small teams of skilled professionals and building strong trusted relationships with senior IT and business management.
Qualifications: Experience of auditing Unix, Linux, Sybase, Oracle, MSSQL and Windows; Experience working in a global financial services firm, and a good understanding of the asset management industry and regulatory environment; A “Big 4” background and experience of SAS70 and SOX technology controls testing; Experience working in a non-audit role such as information security or technology operations; Professional certifications such as: CPA, CISA, CISM, CISSP, GSNA, CGEIT, CRISC; Additional technical knowledge, e.g. attack and penetration techniques, security configuration audit tools and techniques, development tools and languages, data modeling and data management techniques.