Information Security (IS) Auditor Salary and Job Prospects [Updated 2021]
Businesses and corporations have to make sure that their lines of defense are beefed up on a daily basis. If there is just one tiny crack in the IT infrastructure, the cyber-attacker can find his or her way in very quickly and exploit all vulnerabilities and weaknesses to their advantage. Therefore, all systems need to be checked on a routine basis in order to help to make sure that this does not happen, as far as possible.
This is where the role of the information system auditor comes into play. In this article, we examine both the job outlook and the salary prospects for this role.
What Are the Specific Duties of an IS Auditor?
The role of the IS auditor is to assess the strengths and weaknesses of the IS Infrastructure from within the organization. The specific job functions include the following:
- Assessing the risks and controls that are associated with the IS assets of a business entity
- Identifying the specific weaknesses of an IS system’s network
- Planning and executing of various types and kinds of internal audit procedures
- Creating and developing internal audit reports for the management team and the C-levels executives of a business or a corporation
- Maintaining thorough and complete IS audit documentation sets
- Create a set of best standards which can be used to conduct risk assessment studies
- Making sure that previous resolutions to previous IT audit issues have been implemented
- Developing the entire IS audit program for an organization
- Collaborating with other business units (primarily those of finance and accounting) in order to develop a succinct list of IS audit inputs that can be used for processing
- The creation and the development of IS audit test plans.
As one can see from this list, the role of the IS auditor is very integral in maintaining a strong IT security posture for the business. Because of this, the job prospects of this role will remain strong in the coming years.
The Job Prospects of the IS Auditor
There are a number of key reasons why the job prospects for an IS auditor will continue to remain good for quite some time to come:
- As described previously, a huge catalyst is the quickly changing dynamics of the cyber-threat landscape. Business entities are always struggling keep their internal IT controls up to date and in compliance with the latest federal regulations and requirements
- There are many new kinds of innovations that are coming out today, especially that of the Internet of Things (IoT). Because of this, newer types of IT controls have to be implemented in order to ensure that the connectivity of the objects in both the physical and the virtual world are intact, and remain as secure as possible
- Recent global-based merger and acquisition activity means that separate IT infrastructures are now coming together as one cohesive unit. Because of this, thorough IT audits have to be conducted in order to ensure that controls from one system will be interoperable with the controls from the other systems
- Overall, the pay range for an IS auditor ranges anywhere from $46,250 (for entry-level positions) all the way up to $175,250 for the most senior positions (such as that of the Chief Audit Executive). However, there are multiple factors that can impact the salary of an IS auditor, and of the prime ones is if he or she possesses any related certifications
An Overview of the Certified Information Systems Auditor (CISA)
The CISA certificate is offered by ISACA. In order to qualify to take the exam, the IS auditor must have at least five years of professional work experience, with the following substitutions being permitted:
- One year of IT experience can substitute for one year of IT audit experience
- 60 college credit hours can substitute for one year of IT audit experience
- 120 college credit hours can substitute for two years of IT audit experience
- Two years of full-time teaching at a university can substitute for one year of IT audit experience.
There are five domains that are associated with the CISA, and are displayed in the matrix below:
|Domain||Percentage Covered on the Exam|
|Domain 1: The Process of Auditing Information Systems||21% of exam questions|
|Domain 2: Governance and Management of IT||16% of exam questions|
|Domain 3: Information Systems Acquisition, Development and Implementation||18% of exam questions|
|Domain 4: Information Systems Operations, Maintenance and Service Management||20% of exam questions|
|Domain 5: Protection of Information Assets||25% of exam questions|
The CISA exam consists of 150 multiple-choice questions, and in order to pass it, the candidate must receive a scaled score of at least 450 (with the range being 200 to 800) within a four-hour time limit. The cost of taking the CISA exam is $760.00 (for non-ISACA members) and $575.00 (for ISACA members).
IS Auditor Job Titles and Salaries
The following matrix examines the salary levels of an IS auditor, based on job title:
|Job Title||Salary Range|
|Entry-Level Information Technology Auditor||$52,125 – $85,552|
|Mid-Level Information Technology Auditor||$58,337 – $97,423|
|Senior Information Technology (IT) Auditor||$68,000 – $108,891|
|Information Systems Audit Manager||$84,329 – $130,853|
|Internal Audit Director||$90,000- $183,000|
|Internal Auditing Manager||$70,000 – $124,265|
Further examination of this data reveals that the titles that command the highest salaries are those of Manager+. It appears that the highest level of title that an IS auditor can achieve is that of a director, which would correspond with the highest level of income.
IS Auditor Salaries by Geographic Location
The following matrix examines the salary levels of an IS auditor, based geographic location in the United States:
|City and State||Salary Range|
|New York City, New York||$76,320 – $145,505|
|Chicago, Illinois||$63,978 – $127,288|
|Washington, District of Columbia||$75,429 – $131,688|
|Dallas, Texas||$65,414 – $119,036|
|Atlanta, Georgia||$59,036 – $120,746|
Based on further review of this data, it appears that the larger cities pay the highest levels of salary to an IS auditor. One can also conclude that the federal government is probably one of the largest employers of IS auditors, as an IT auditor can make the highest income in Washington, DC.
Overall, the job prospects for an IS auditor will remain quite strong in the coming years. After all, businesses and corporations do need highly-trained individuals in order to assess the weaknesses and vulnerabilities of an IT infrastructure and its associated controls.
For those IS auditors who aspire to reach the highest income level possible, possessing the following would be of great benefit:
- At least 10 years of related work experience
- Have an advanced degree in information technology
- Have a job title of at least Manager, with the ability to climb up to the Director level
- Have the CISA cert
- Be located in a large city
- Have a job with the federal government
Want to read more? Here’s another article you might enjoy!
Description of an IT Auditor, Chron
IT Auditor Responsibilities and Duties, Great Sample Resume
CISA: Certified Information Systems Auditor, Accountingverse
How to Become CISA Certified, ISACA
What is CISA Exam Like and Its Different Domains?, ISauditing.com