Experienced IT and Cyber Network Systems Manager transitioning in a few months. Interested in pursuing a career as an IT Security Auditor. Looking to gain an additional information about the profession. As well as any additional skills or certifications I may need.
Semper Fi!
Answers
Many healthcare organizations are relying on technology to record things like patient medical records and their billing records, as well as business oriented records like accounting and payroll. This reliance on tech leaves these organizations vulnerable because hackers can find a way into the organization’s database and access these important files.
This is such a problem that 50% of data breaches are caused by criminals and one of these breaches could cost over $2.2 million to fix! So, it’s safe to say that there will always be a demand for an IT Security Auditor. More info on data breaches can be found here: https://cahsonline.uc.edu/resources/him/infographics/building-up-hospitals-immunity-to-cyber-security-breaches/
To become an IT Security Auditor, you’ll need to have at least a bachelor’s degree in Computer Science, Cyber Security, or a technical field related to the career. Fortunately, this is fairly easy to obtain – especially since many universities, like Norwich University, offer accredited online course: https://online.norwich.edu/degree-programs/masters/information-security-assurance/overview
Skills you should have before applying to this position will vary, but ideally you should have a working knowledge of:
· Regulatory and industry data security standards (e.g. FFIEC, HIPAA, PCI, NERC, SOX, NIST, EU/Safe Harbor and GLBA)
· ISO 27001/27002, ITIL and COBIT frameworks
· Windows, UNIX and Linux operating systems
· MSSQL and ORACLE databases
· C, C++, C#, Java and/or PHP programming languages
· ACL, IDEA and/or similar software programs for data analysis
· Fidelis, ArcSight, Niksun, Websense, ProofPoint, BlueCoat and/or similar auditing and network defense tools
· Firewall and intrusion detection/prevention protocols
In terms of experience, this is a mid-level role, therefore most employees are expected to have 3 to 6 years of experience working in the IT field. Once you do become an IT Security Auditor, you can expect to earn between $64,000 to $74,000 to start. Source: https://www.glassdoor.com/Salaries/it-security-auditor-salary-SRCH_KO0,19.htm
If maybe down the road you’d like to try for a Senior Security Auditor, you’ll need to have at least 5 years of experience. So while it may take some time to get there, you can expect to make anywhere from $95,000 to as much as $159,000. Of course, it is worth noting that the salary will depend on the company.
You may enjoy better recognition through this program :
http://www.umuc.edu/academic-programs/cyber-security/index.cfm
Check salary guides here :
You can check out this list put together by the NIST:
https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content
Hi. I would suggest you look into CISA certification and programs that have internship/relationship with companies that will let you gain some experience in IT security. SAN also has a few certification programs which are good.
Before venturing off realize that IT security is a huge domain and that you can be a generalist or a specialist. Do some homework and figure out what you like and what has the best prospects.
Feel free to reach out to me if you have any questions.
Best
Claudio
Your Answer
Please log in to answer this question.