The Certified Information Systems Auditor (CISA) certification has truly benefited my professional aspirations.
In 1997, when I transitioned from active duty as a Captain in the US Army, I had a 10-year-old computer science degree and not a great deal of experience in corporate America, particularly in the financial services industry. The extent of my background at that time was having an IRA. Fortunately, I was able to gain an entry level position as an IT Auditor at Prudential Insurance Company of America (now Prudential Financial) in Newark, New Jersey, through their junior military officer (JMO) hiring program.
It became very clear that on-the-job training was not going to be sufficient for me. During my first couple of months, I concluded that pursuing the CISA professional certification would give me the jump-start I needed to gain a baseline understanding of IT audit and risk management, IT general controls, and IT auditing—especially with regards to assessing applications and the technology environments they resided in. Studying for six months, two nights a week and a number of weekends, becoming a member of my local ISACA chapter, and taking full advantage of the available local chapter CISA preparation courses and materials enabled me to successfully pass the CISA examination and become a credentialed IT audit practitioner.
The professional payoff was immediate for my career development. Understanding IT risk management and associated controls to establish or maintain a well-controlled IT environment served to differentiate me from others in competing for positions and, honestly, just helped me be more successful in meeting or exceeding expectations. While these foundational audit and risk management skills helped to launch my IT audit career, more importantly, they also served to enhance what I had to offer in other risk management and project management roles.
As a result of increased threats to the digital processing environments and subsequent increased regulatory expectations, financial services companies gained an increased appreciation for employees who have the skills that the CISA certification fosters. Since my initial IT auditor role, I have continued to leverage the knowledge and experiences gained through not just the efforts required to gain the CISA certification, but also through completing required continuing education to stay abreast of emerging technologies and becoming a more active participant in ISACA-provided training (such as webinars, local chapter offerings, and attending or presenting at national conferences).
Whether managing IT or operational audit responsibilities at Wachovia, Wells Fargo, or TIAA, a mission-based company where I am fortunate to currently work, or performing project/risk management roles at previous employers such as Goldman Sachs and Ernst & Young, having an IT audit and risk management perspective has been a huge component of my personal success. I am grateful that for 40 years, ISACA has continued to provide the CISA certification, and I encourage all my employees and mentees to pursue the CISA to grow as professionals.