I would like to take advice from you regarding my plans to change my current profile i.e., from IT Incident management and to move completely to IT Security Management which involves audits and risk assessment. I don't have any technical background and knowledge in security except having only 7 years of work experience into service desk/service management. I work in India. Currently, I am working with *** from 3.5 years in Incident management which at times involves a few security based incidents that's it. Challenge is that I want to internally move into *** into security management domain but do not have any previous experience, so what's shall I do to get a suitable role of IT Auditor in security management within organization (***) and if not within organization than at least in a different but my first preference will be to move within the organization.
I am going through a big dilemma as to which certification shall I pursue either ISO 27001 Lead Auditor OR CISA OR CISSP because all the three are very costly.
Will look forward to your suggestions and advise.