Figuring Out ISACA Certifications for Cybersecurity Careers: ② CISA
In this second piece of the “Figuring Out ISACA Certifications for Cybersecurity Careers”, I’m introducing the certificate for Certified Information Systems Auditor (CISA). You can skip towards the end for more information on salaries you can earn with CISA.
ISACA (Information Systems Audit and Control Association®) is one of the world’s leading education and certification center for IT professions including cybersecurity. Started in 1967 by a small group of individuals, ISACA has become a “… centralized source of information and guidance in computer systems as well as an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.” Accepted widely across sectors, ISACA offers a myriad of education programs in addition to powerful certificates.
Here are eight cybersecurity certificates offered by ISACA, with some of the certifications being cumulative ‘composites’ of several certificates:
- Information Technology Certified Associate (ITCA) (Read about it here)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC) (Read about it here)
- Certified Information Security Manager (CISM) (Read about it here)
- Certified Data Privacy Solutions Engineer (CDPSE) (Read about it here)
- Certified in Governance of Enterprise IT (CGEIT)
- CSX Cybersecurity Practicioner (CSX-P)
- Certified in Emerging Technology (CET)
Let’s take a look at the second certificate on the list: Certified Information Systems Auditor (CISA). According to the information provided by ISACA, the CISA is mostly for entry-level to mid-career professionals such as those IT professionals who are looking into entry to mid-level positions, IT and internal auditors who have to audit for information security compliance, professionals in any role that is engaged in risk and compliance. CISA is very useful for showcasing expertise in risk-based approach to planning, executing and reporting on audit tasks.
Having CISA in your CV will grant immense credibility in your interactions with internal stakeholders, regulators, external auditors, and customers. However, there is an experience requirement for taking up CISA unlike ITCA. The applicant is expected to have five years of experience in professional information systems auditing, control or security work. Making the effort to get to the CISA is meaningful if you are aiming to become either of these below:
- Risk Analyst/Program Manager (Average annual US base salary in 2022: $154,768)
- IT Consultant (Average annual US base salary in 2022: $123,720)
- IT Auditor (Average annual US base salary in 2022: $100,063)
- Compliance Analyst/Program Manager (Average annual US base salary in 2022: $86,163)
- Data Protection Manager (Average annual US base salary in 2022: $67,847)
- Security Officer/ Security Manager (Average annual US base salary in 2022: $62,794)
The training for the certificate is completely knowledge-based without any hands-on lab-based training, so the process can be done entirely online. Since early to mid-career IT professionals can easily get started along with a nice bump up in annual salaries with potential career switches, CISA is worth pursuing for many of us interested in cybersecurity careers.
Source: History of ISACA, ISACA Credentialing, Glassdoor, Payscale, Indeed
Note: You can read more on ITCA here.