//
you're reading...
Information Security, IT & TECHNOLOGY

My Transition From IT Audit to CISO


My transition from internal IT auditor to CISO in banking felt natural because, while working as an auditor, I developed a strong knowledge of information security and control concepts while also improving my communication skills.

Communication skills are crucial to the success of a CISO. Effective communication helps build positive relationships with employees at all levels within the organization. As an auditor, I presented audit reports to the Audit Committee. This served as excellent experience because I learned how to communicate effectively with top-level personnel, which was also required in my role as CISO.

Internal auditors are facing new challenges. Sensitive information is pervasive in the digital world because users expect it to be available when needed. Prior to the Internet-connected world, the focus in banking tended to be on business continuity planning, the exposure of sensitive information from threats to physical media, and other financial fraud activity such as physical credit card theft.

In the connected world, data is readily available through connected networks, and that data is the target of cyber attacks. Given the rise of successful attacks, IT auditors must continually educate themselves on the new types of threats and be knowledgeable of information security controls and how to test those controls.

There are many resources available to auditors. Just as a mechanic needs to acquire a toolset, an IT auditor must also assemble an array of resources. An auditor must network with other IT audit and information security professionals by participating in professional organizations. In addition to networking, websites such as ISACA’s and SANS’ provide audit and information security resources. ISACA has an online library with information security and audit books. These are useful resources for professionals new to IT audit.

IT auditors must remain relevant by constantly educating themselves regarding the latest information security threats, trends and controls by using all available resources. IT auditors are no longer an asset to their organization when they stop learning.

Changing career paths from IT audit to CISO was a smooth transition because I developed strong communication skills as an auditor, I had a strong knowledge of the latest security threats and trends, continuous education was a priority to me, and I assembled a set of resources. For those who are interested in a career path change from IT audit to CISO, these key items should help ensure success.

John Pouey, CISA, CISM, CRISC, Secretary, Greater New Orleans Chapter

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 117,099 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,158 other followers

Twitter Updates

Archives

April 2017
M T W T F S S
« Mar   May »
 12
3456789
10111213141516
17181920212223
24252627282930
%d bloggers like this: