When thinking about the recruiting landscape for 2016, my first thought is that it all depends on which side of the interview you are on. 2015 has shown the strongest demand for skillsets that ISACA members have (IT audit, governance, security and risk) that we have seen since 2005-2007, during the first years of Sarbanes-Oxley Act (SOX) compliance. Currently, conditions are extremely tough for hiring managers who are trying to lure top talent to their teams, and I do not expect this to change anytime soon.
Why the talent shortage? IT audit, governance, security and risk skillsets are an increasingly bright spot on the radar of organizational leaders. This is partly due to increasing regulatory and compliance requirements and high-profile data breaches, but also because of years of efforts to transform IT audit from a “necessary evil” to a value center.
Because of the increased understanding of the value IT risk and controls professionals provide, there has been a significant uptick in non-audit positions since 2012—especially IT risk and compliance roles. These “second line of defense” roles were gaining traction in 2007-2008, but funding in this space tightened (or just plain vanished) during the recession in the US. Now, in a steadily improving economy, budgets for these roles have replenished and the resulting demand has stretched a thin talent pool even thinner by recruiting heavily from IT audit groups.
Another factor is that some of the primary talent generators in our field, the “Big 4” and similar client service firms, made deep staffing cuts during the recession and also dramatically reduced hiring off college campuses from 2009-2012.
These factors have created rosy conditions for most IT professionals seeking new opportunities. Barring a significant global political or economic disturbance, I expect the strong demand in our space to extend at least through 2016.
I am often asked, “What are the top skills in demand?” That is a difficult question to answer for a constituency as diverse as ISACA’s, for example, which covers many disciplines in the IT controls world, ranging from the deeply technical to more general relationship management roles. Cyber security is the word on almost everyone’s lips right now. You can question whether or not cyber security is “new” or just the next iteration of complexity in technology assurance, but regardless, rebranding your skillset toward cyber security activities is a sound career strategy in the near term.
In the long term, whether you are focused on IT audit, governance, risk, compliance, or security, your success will depend on aptitude, attitude, and altitude. By aptitude, I mean your ability to continually learn and adapt quickly to technology and business developments in an increasingly complex and competitive business climate. By attitude, I mean approaching your work with dedication, resilience, optimism and empathy. By altitude, I mean seeing IT risks from the viewpoint of the C-suite, and communicating the impact of risks in business language to a variety of stakeholders.
So, how do you position yourself for continued success in 2016? You have heard the saying, “if it ain’t broke, don’t fix it.” I say, “if it ain’t broke, do preventative maintenance.” Each of you probably knows at least one professional who learned a painful lesson during the recession. Many faced involuntarily unemployment for the first time, and were caught having allowed their skills to get stagnant. Now is the time to do preventative maintenance and to be proactive about future-proofing your skillset. Earn an additional certification. Seek out a mentor to help you determine three specific soft and hard skills for you to acquire or improve, and then put an action plan in place to achieve those goals.
Some people will read this and think, “I should do that,” but then it will get shuffled to the side, as life’s many professional and personal demands take a higher priority. I understand. I will leave you with this: I am optimistic that the steady climb in demand for the discussed IT skillsets will continue in 2016, but go ahead and plan your career as if it will not. Either way, you will be a winner.
Derek Duval, CPC
Duval Search Associates, LLC
[ISACA Now Blog]