Overview of Security Auditor Positions
A security auditor is an individual who conducts a systematic evaluation of the security for a company’s information system including the system’s physical configuration, user practices, information handling processes, and software. Security auditors are also responsible for creating a report which details the effectiveness of the security system as well as explains problems within security systems as well as counsels management on how to become compliant. Legislation such as HIPAA, and the California Security Breach Information Act have increased the desirability and necessity for security auditors.
Security Auditor Job Description
- Design and execute audits
- Establish the audit’s objectives
- Assess the overall structure of a business or organizations system
- Facilitates Risk Assessment
- Utilize Testing matrices and risk assessment
- Interpret data
- Offer written as well as oral reports on audit findings
- Create clear and effective practices for organizations that aim to improve security at every level.
- Assess computer systems
- Evaluate an organization’s IT budget
- Define criteria for audit and interpret results
In many cases, it may not be the technology that is the source of technical weakness in an organization, it may be the employees. Behavioral auditing analyzes user behavior to essentially check for human error. This component of the audit may include a penetration test where the auditor then switches roles and attempts to gain access to user information- mimicking a malicious hacker. Employees may be vulnerable to phishing attacks or engage in behavior that is not considered best-practice- such as sharing passwords in emails, leaving computers unlocked etc. This is another component to security auditing.
Based on your starting point (whether you’re already a security auditor, service member, IT specialist, or a student) there are a few paths to entering the field of security auditing. We’ve listed some different levels at which you can engage in security auditing below. These levels will depend on the typical number of years of experience associated with career stages (entry, middle, senior) as well as how specialized your education is. For an in-depth look at how job experience in cyber security and education levels compare and contrast, check out our guide on how to prepare for a career in cyber security.
A note on the positions below: Some job titles are tiered within that position- a position labeled “mid-level” for example, may have a range between mid to advanced.
- Entry level:Security Administrator, IT Auditor, System Administrator
- Mid-Level Level:Security Specialist, Regulatory/Policy Analyst, Security Engineer, Security Auditor
- Senior Level: Senior Security Auditor, Senior Cybersecurity Analyst, Lead Cybersecurity Tester, Advanced Ethical Hacker
- Ethical Hacking
- Strong Oral and Written Communication Skills
- Strong Code of Ethics
- Team Player
- Independent worker
Security Auditor Job Outlook and Salary
There are thousands of jobs available for security auditors across the nation. This is a highly specialized field. Security Auditor positions are projected to grow by 18% by 2024, which is a much faster rate than most fields. The median salary of security auditor is $88,890, though can range from $62,000 – $140,000+
Security Auditor Resources
- For information how to utilize the G.I Bill Head to the U.S. Department of Veteran Affairs
- To get certified as a systems auditor check out the Information Systems Audit and Control Association.
- Here is more comprehensive information regarding Auditing Cyber Security .
- For in-depth information on a variety of information security assessment types we like Daniel Miessler’s blog.