如何进入 IT AUDIT 行业

pgfish

还是那句话，机遇偏爱有准备的头脑。如果你有准备，又能静下心来储备经验和知识，进入一个行业并非难事。

不可否认IT AUDIT这个行业有壁垒，但是你还是有很多机会，四大也在扩张，在不断的招人，如果诸位真的有心进四大，我有朋友可以助一臂之力。

但前提是，你必须做好思想准备，因为你面临的可能是

1>一些枯燥和重复的工作；

2>长期的出差；

3>高频率的加班，个人时间被严重压缩，与家人团聚的时间也会很少；


总之，不做满3年不会有什么真实的成就感和满足感，唯一得到的只是不断增长的薪水。而做满3年之后，你可能又会面临其他的选择，那个时候又会有不同的烦恼。

我的邮件是pgfish@sina.com

hids

看来楼上各位的讨论自己也有些迷惘了，本来想考个cissp，cisa的，目的也是为了将来做打算（现在是做研发，算是个小头目了），可是未来的路又在哪里呢？

活着要努力

我觉得原来作ERP系统support的对ERP系统比较熟悉，比较容易转到IT audit，但是development的转型的话，原来的东西都不大用得上。但R&D转到作security consulting还是比较可行的。

madf

目前看来是比较难的，我有CPA，PMP，CISA三个认证，还有10多年的IT经验，其中包括8年的ERP（包括 财务）系统实施经验。也很难入行，除非从头做起。难

活着要努力

最初由 madf 发布
[B]目前看来是比较难的，我有CPA，PMP，CISA三个认证，还有10多年的IT经验，其中包括8年的ERP（包括 财务）系统实施经验。也很难入行，除非从头做起。难 [/B]

作senior你肯定不甘心吧，否则应该可以试试。

ching

最初由 madf 发布
[B]目前看来是比较难的，我有CPA，PMP，CISA三个认证，还有10多年的IT经验，其中包括8年的ERP（包括 财务）系统实施经验。也很难入行，除非从头做起。难 [/B]

I am not really sure why you want to become an auditor. Your background is really special and I would assume you are in good position now. Otherwise, I would really question your capabilities other than those needed to pass exams.

pgfish

像这位老兄这样的经验和资质，何不考虑自己开公司做些事情，现在，随着sox 404这个领域越来越热， 应该有你的一席之地的。

madf

最初由 ching 发布
[B]
I am not really sure why you want to become an auditor. Your background is really special and I would assume you are in good position now. Otherwise, I would really question your capabilities other than those needed to pass exams. [/B]

Actually, I don't want to be an  auditor. Recently, I am very interest in IT security management very much.  In adition, ERP market is going down now. IT security will take  more important role in more and more companies in  furture.  There are good job prospects about IT security.

But there are few job opportunities related information security except for Big 4. In Big 4, they also provide advisory service to clients. But so far, most of job  is to conduct financial system auditing.

tttkoo

LS的话没明白,说信息安全会有前途,又说除了四大没啥职位...
懂了,老兄站好了坑可不愿意挪了.
可是CPA,PMP,CISA跟信息安全的关系不是很密切,至少不如CISSP, CCIE

ching

最初由 madf 发布
[B]

Actually, I don't want to be an  auditor. Recently, I am very interest in IT security management very much.  In adition, ERP market is going down now. IT security will take  more important role in more and more companies in  furture.  There are good job prospects about IT security.

But there are few job opportunities related information security except for Big 4. In Big 4, they also provide advisory service to clients. But so far, most of job  is to conduct financial system auditing. [/B]

Then I am not sure how your experience and background can help you. None of your certificates has advantage of getting you into security management. CISM should be the better certificate than CISA for your current career interest, but I doubt it can really help you without real/extensive experience.

I always have this kind of discussion/arguement with one of my peers about if the more certificates the better for one's career growth. My take-on is that more professional certificates will help you as long as they can show a consistent or related career interest. Your background is too diversified with the certicates you have had, which will give negative impact if I am the hiring manager. My peer might want you in his team, however, as he likes people who are constantly learning. To me, learning doesn't always result in improving. Hope my 2 cents can help.