I have more than 20 years IT experience, with 10+ years managerial experience. I am still working as an IT Manager, but strongly feel the need to prepare for the next level of my career, to change to infosec by getting a job with a Cyber security company before a final career switch into infosec consulting.
I have passed CISM, CRISC and preparing for CISSP. My goal is to do CISSP and either ISO 27001 Lead Auditor or CISA. For now, I am in Europe, so thinking the switch to an Infosec company or environment to be in Europe or Middle East (Dubai). I understand different geographic areas have bias for either CISA or ISO 27001.
What is your take on these two courses (CISA, ISO27001), one that will fit well with my career prospects and the most marketable?
The decision about which certification to choose will depend on the type and depth of the activities you desire to perform (both are world-wide recognized certifications for auditing). If you want to focus on auditing information security management, you should consider ISO 27 001 Lead Auditor. If you want to go beyond auditing the scope of information security, and also consider the audit of strategic relationships between information security and the information systems and business objectives you should consider CISA. Please note that these courses do not exclude each other, they only offer different perspectives about how audit the way information interacts with business.
Considering your background, and the certifications you already have taken exam, ISO 27001 Lead Auditor would add more value to your profile (CISA will add auditing skills to CISM knowledge, but the knowledge added by ISO 27001 Lead Auditor can be used as well, and ISO 27001 brand could be more attractive in Europe and the Middle East).