Internal / IT Audit is nothing more than a checkbox
I started as an Engineer back in the mid 90’s and due to the dot-com bust, I didn’t want to work for startup so I joined one of the Big 5 as an auditor.
At the time, these firms will interview any Engineer who wants to work as an auditor because you need to know tech in order to do audit work. I remember a lot of auditor in the 90’s didn’t even know what SSH is.
Fast forward to today, internal audit team consist of a checkbox person who doesn’t know shit about tech.
Just for fun, I applied to a few IT audit job with my experiences as an auditor AND engineer. 90% rejected me. The other 10% didn’t even ask me any tech questions.
But if I applied for an Engineer role, I got at least 75% chance for an interview.
IT audit is just a checkbox... it doesn’t bring any value other than forcing me (as an Engineer) to create lots of “policies” docs.
comments
Oh, and I have to deal with SOC 2, PCI, etc. Gotta have those “daily firewall check” as required.
SMH....
Internet audit in the industry dies offer some real audit experience since there's variety of teams and you can ask to be moved to another team
Back then, Big 4 and IA will salivate off an engineer applied. Today, it’s as if they’re “scared” of engineer and won’t bother interviewing you if haven’t done full checkbox audit in the last 3 years.