Change profile from incident management to security compliance domain
I would like to take advice from you regarding my plans to change my current profile i.e., from IT Incident management and to move completely to IT Security Management which involves audits and risk assessment. I don't have any technical background and knowledge in security except having only 7 years of work experience into service desk/service management. I work in India. Currently, I am working with *** from 3.5 years in Incident management which at times involves a few security based incidents that's it. Challenge is that I want to internally move into *** into security management domain but do not have any previous experience, so what's shall I do to get a suitable role of IT Auditor in security management within organization (***) and if not within organization than at least in a different but my first preference will be to move within the organization.
I am going through a big dilemma as to which certification shall I pursue either ISO 27001 Lead Auditor OR CISA OR CISSP because all the three are very costly.
Will look forward to your suggestions and advise.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Considering the mentioned certifications and your background, you should consider ISO 27001 Lead Auditor or CISA. CISSP is more indicated to people who want to work in technical areas. For the choice between ISO 27001 Lead auditor and CISA, you need to consider the type and depth of the activities you desire to perform (both are world-wide recognized certifications for auditing).
If you want to focus on auditing information security management, you should consider ISO 27001 Lead Auditor. If you want to go beyond auditing the scope of information security, and also consider the audit of strategic relationships between information security and the information systems and business objectives you should consider CISA. Please note that these courses do not exclude each other, they only offer different perspectives about how to audit the way information interacts with the business. ISO 27001 Lea Auditor would also need to be considered if you which to work for certification bodies, as a certification auditor.
These articles will provide you further explanation about personal certifications:
- CISA vs. ISO 27001 Lead Auditor certification https://advisera.com/training/iso-27001-lead-auditor-course/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
To see more about the ISO 27001 Lead Auditor Course, please access: https://advisera.com/training/iso-27001-lead-auditor-course/
Comment as guest or Sign in
Feb 10, 2021