Recently, a reader named Porak asked me what careers IT auditors can move to when they leave auditing (see the original question here).
I couldn’t find much on the Internet on this topic, but there’s a lot of options.
I’ve actually worked in quite a few of the areas mentioned below…
If you’re skilled in general IT, you should consider the following fields, depending on your specific IT auditor skills and years of experience. Bold text indicates you’d probably need to possess a high level of skill in that area already to make a move.
- Business Continuity Planning/Disaster Recovery* – help departments do risk assessments, business impact analyses, and create and test BCP/DR plans, and update them.
- Compliance, Risk Management, or Information Security* – all these departments need people who understand policies, standards, risk, controls, running technical projects, research, etc.
Here’s one of the few articles on found re: life after IT audit: http://www.careersinaudit.com/article/moving-from-it-audit-to-cyber-security/?s=2
- Vulnerability Assessor or Penetration Tester* – Run vulnerability scans and try to break software/hardware manually and/or with tools.
- Technical Writing* – Documenting manufacturing processes, computer operation manuals, training materials, etc. Assuming you have excellent interviewing and written communication skills.
- Training – teach others how to use computer systems, software, hardware, etc.
- Data Analytics* – most departments are doing some type of analytics these days.
- Management* – easy to move into if you managed or mentored people when you were in audit.
- Process Improvement – usually auditors identify problem areas that can be made more efficient as part of some audits, so this may be a possibility.
- Merger integration – Assist your company acquire another company, working through the redundant networks, IT systems, personnel, etc. I list this one as an example that almost anything is possible, especially since one IT audit director I know just moved within the same company to this very position.
*These are positions I’ve held prior to my experience as an IT auditor. The only exception is Data Analytics, which I did not get into until I was in IT audit. In my case, all this prior experience made me a better IT auditor, but it works the other way around too.
I’m sure I missed several other careers.
Who can add a few more, with a short description of why you think it’s a valid option for a IT auditor to aspire to?