Average CISA salary in 2024: Insights for IT auditors
As organizations shore up their cybersecurity defenses, the demand for competent IT auditors is at an all-time high, with nearly 6,000 US job openings, according to CyberSeek. One of the primary criteria for a successful IT auditor career is the CISA (Certified Information Systems Auditor) certification, which was by the recent quarterly IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners as one of the most sought-after and highest-paying IT certifications.
Earn your CISA, guaranteed!
Get your CISA live online or on-site, backed with an Exam Pass Guarantee!
With the average US CISA holder's salary over $149,000, IT auditors can uplevel their skills and ensure an organization's network systems and infrastructure run smoothly, efficiently and securely. By consistently analyzing data and systems to identify potential risks and vulnerabilities, an IT auditor is responsible for ensuring an organization's cybersecurity posture.
In this article, we'll cover IT auditor salary insights, career impact, benefits of the CISA certification and the importance of the CISA certification in the evolving landscape of cybersecurity.
What is the CISA certification?
The CISA certification is one of the most valuable and widely recognized certifications in the cybersecurity field. As one of the more rigorous and thorough certification processes, it arms professionals with the necessary skills, knowledge and expertise to identify and manage vulnerabilities, employ complex control mechanisms, implement innovative technologies and evaluate compliance and regulatory requirements.
According to ISACA, there are 151,000 CISA certification holders, and the average U.S. CISA holder's salary is over $149,000.
To receive the CISA certification, you must submit verified evidence of a minimum of five years of professional information systems auditing, control or security work experience. You can waive up to 3 years of experience with various other requirements.
The growing demand for CISA professionals
Skilled CISA professionals are in high demand as cyberattacks increase, more organizations operate online and sensitive data is stored in public and private clouds. Cyberattacks are becoming increasingly damaging, potentially costing millions of dollars of losses in revenue, productivity and business reputation. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years, according to IBM. Rapid digital transformation is also only making the need for strong cybersecurity protocols more important as workers access files and applications remotely from personal devices, and network infrastructure is no longer relegated to a single on-premise location.
As the CISA tests auditing, controlling, monitoring and assessing IT and systems, it's the ideal certification for security professionals with some experience.
CISA and its impact on cybersecurity careers
The CISA certification is either required or highly preferred for most security professionals. Especially as it's not an entry-level certification, it shows more in-depth mastery of the information system auditing process, governance and management, information systems operations and business resilience. For security jobs like IT auditor, Internal Auditor, IT risk analyst, compliance officer and chief information officer, a CISA is particularly valuable when combined with relevant job experience and other specialized security and IT certifications.
A CISA validates an experienced candidate's knowledge and shows a thorough and global perspective of the best practices in information systems, making it a precious certification to employees.
Average CISA salary in 2024
Based on 2023 averages from Payscale ($115,00), Glassdoor ($115,852) and Salary.com ($87,848), an average IT auditor salary ranges from $87,848 to $115,00 with a rough average of $106,233. According to ZipRecruiter, IT auditors can make as high as $151,000 annually for top earners. The IT auditor's salary is steadily increasing thanks to the ongoing demand for talent.
Many of these salary figures are influenced by location, years of experience, industry, organization, size, exact, title, etc.
Salary breakdown by job titles
Look at some detailed salary information for various job roles associated with CISA certification.
IT auditor
-
As an entry-level IT auditor with 0-1 years of experience, you can expect to make roughly $74,658 a year, according to Glassdoor
-
As you gain experience the average salary goes up, hitting $88,932 for those with 4-6 years of experience and $119,564 for those with 15+ years of experience
-
Your salary will depend on location, industry, company size and other factors
Information security auditor
-
An Information Security Auditor can expect a salary ranging between $104,197 and $148,132, according to Salary.com
Internal audit manager
-
For a more advanced internal audit manager, an average salary will range from $122,403 to $154,893
-
The majority of workers earn a base salary of around $132,043
Highest paying cybersecurity roles in 2024
IT already offers high-paying jobs, and cybersecurity takes it a step further. Take a look at some of the top-paying cybersecurity jobs, including those requiring or preferring CISA. CISA plays a pivotal role in the attainment of these coveted positions, demonstrating a commitment to learning and development along with technical knowledge of best practices:
-
Cybersecurity director: $170,190 and $209,490 (Salary.com)
-
Information security manager: $134,317 and $165,201 (Salary.com)
-
Security architect: $135,617 and $166,667 (Salary.com)
-
Internal auditing director: $177,132 and $216,601 (Salary.com)
Keep in mind these are base salary numbers and don't include potential bonuses or perks.
CISA salary in different industries
With a CISA certification, an entry-level salary might offer a 19% to 28% raise over another entry-level IT salary, and salaries vary across industries as well.
CISA professionals can bring their skills and education across a wide variety of industries, including financial services, major tech companies, large retailers, manufacturing vendors, government agencies and more. Industries where cybersecurity is of the utmost importance, but perhaps hasn't been prioritized are where CISA professionals are in high demand. This includes public works, industries, healthcare organizations and education systems.
Get your guide to the top-paying certifications
With more than 448,000 U.S. cybersecurity job openings annually, get answers to all your cybersecurity salary questions with our free ebook!
Enhancing your career with CISA
A CISA certification shows candidates passed a rigorous and comprehensive exam that often requires months of study. Leverage the CISA certification to advance your career by highlighting your digital badge with employers, sharing the certification on LinkedIn and adding it to your Certifications on LinkedIn.
Many security professionals and IT auditors choose other specialized certifications to enhance their CISA background, such as the Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH). Long-term, prepare to maintain your CISA through 20 Continuing Professional Education (CPE) hours annually and 120 CPE hours over three years, along with annual professional fees.
With high average salaries and a positive long-term career outlook, CISA-certified professionals stand to have a high-growth career. As cybersecurity becomes increasingly complex and important while the security professionals' talent gap also increases, CISA professionals will be in high demand. Depending on your level of experience, organization and industry, CISA salaries can vary widely but offer tons of growth opportunities.
Explore the CISA certification further to advance your career and enhance your skill set. Learn more in the CISA Boot Camp and the CISA Learning Path.
- Live expert CISA instruction
- Exam Pass Guarantee
- CISA exam voucher
In this series
- Average CISA salary in 2024: Insights for IT auditors
- How to pass the CISA exam: 10 proven tips for 2025 success
- CISA study materials 2025: Comprehensive guide to pass the exam
- CISA interview questions (2024): Essential guide for candidates and interviewers
- An in-depth overview of CISA domains for aspiring auditors
- Job Outlook for CISA Professionals [Updated 2019]
- Maintaining your CISA certification: Renewal requirements [Updated 2019]
- CISA certification: Overview and career path
- Earning CISA CPE credits
- Roles and responsibilities of information security auditor
- CISA Domain 5 - Protection of Information Assets
- CISA domain 4: Information systems operations, maintenance and service management
- CISA domain 3: Information systems acquisition, development and implementation
- CISA domain 1: The process of auditing information systems
- IT Auditor interview questions
- IT auditing and controls - Database technology and controls
- IT auditing and controls - Infrastructure general controls
- IT auditing and controls – Auditing organizations, frameworks and standards
- CISA Domain 5 – Protection of Information Assets
- CISA Domain 2 – Governance and Management of IT
