Average CISA salary in 2024: Insights for IT auditors

Infosec Institute
January 26, 2024 by
Infosec Institute

As organizations shore up their cybersecurity defenses, the demand for competent IT auditors is at an all-time high, with nearly 6,000 US job openings, according to CyberSeek. One of the primary criteria for a successful IT auditor career is the CISA (Certified Information Systems Auditor) certification, which was by the recent quarterly IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners as one of the most sought-after and highest-paying IT certifications. 

With the average US CISA holder's salary over $149,000, IT auditors can uplevel their skills and ensure an organization's network systems and infrastructure run smoothly, efficiently and securely. By consistently analyzing data and systems to identify potential risks and vulnerabilities, an IT auditor is responsible for ensuring an organization's cybersecurity posture. 

In this article, we'll cover IT auditor salary insights, career impact, benefits of the CISA certification and the importance of the CISA certification in the evolving landscape of cybersecurity. 

What is the CISA certification? 

The CISA certification is one of the most valuable and widely recognized certifications in the cybersecurity field. As one of the more rigorous and thorough certification processes, it arms professionals with the necessary skills, knowledge and expertise to identify and manage vulnerabilities, employ complex control mechanisms, implement innovative technologies and evaluate compliance and regulatory requirements. 

According to ISACA, there are 151,000 CISA certification holders, and the average U.S. CISA holder's salary is over $149,000. 

To receive the CISA certification, you must submit verified evidence of a minimum of five years of professional information systems auditing, control or security work experience. You can waive up to 3 years of experience with various other requirements. 

The growing demand for CISA professionals 

Skilled CISA professionals are in high demand as cyberattacks increase, more organizations operate online and sensitive data is stored in public and private clouds. Cyberattacks are becoming increasingly damaging, potentially costing millions of dollars of losses in revenue, productivity and business reputation. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years, according to IBM. Rapid digital transformation is also only making the need for strong cybersecurity protocols more important as workers access files and applications remotely from personal devices, and network infrastructure is no longer relegated to a single on-premise location. 

As the CISA tests auditing, controlling, monitoring and assessing IT and systems, it's the ideal certification for security professionals with some experience. 


CISA and its impact on cybersecurity careers 

The CISA certification is either required or highly preferred for most security professionals. Especially as it's not an entry-level certification, it shows more in-depth mastery of the information system auditing process, governance and management, information systems operations and business resilience. For security jobs like IT auditor, Internal Auditor, IT risk analyst, compliance officer and chief information officer, a CISA is particularly valuable when combined with relevant job experience and other specialized security and IT certifications. 

A CISA validates an experienced candidate's knowledge and shows a thorough and global perspective of the best practices in information systems, making it a precious certification to employees. 

Average CISA salary in 2024 

Based on 2023 averages from Payscale ($115,00), Glassdoor ($115,852) and ($87,848), an average IT auditor salary ranges from $87,848 to $115,00 with a rough average of $106,233. According to ZipRecruiter, IT auditors can make as high as $151,000 annually for top earners. The IT auditor's salary is steadily increasing thanks to the ongoing demand for talent. 

Many of these salary figures are influenced by location, years of experience, industry, organization, size, exact, title, etc. 

Salary breakdown by job titles 

Look at some detailed salary information for various job roles associated with CISA certification. 

IT auditor 

  • As an entry-level IT auditor with 0-1 years of experience, you can expect to make roughly $74,658 a year, according to Glassdoor 

  • As you gain experience the average salary goes up, hitting $88,932 for those with 4-6 years of experience and $119,564 for those with 15+ years of experience 

  • Your salary will depend on location, industry, company size and other factors 

Information security auditor 

  • An Information Security Auditor can expect a salary ranging between $104,197 and $148,132, according to 

Internal audit manager 

  • For a more advanced internal audit manager, an average salary will range from $122,403 to $154,893 

  • The majority of workers earn a base salary of around $132,043 

Highest paying cybersecurity roles in 2024 

IT already offers high-paying jobs, and cybersecurity takes it a step further. Take a look at some of the top-paying cybersecurity jobs, including those requiring or preferring CISA. CISA plays a pivotal role in the attainment of these coveted positions, demonstrating a commitment to learning and development along with technical knowledge of best practices: 

Keep in mind these are base salary numbers and don't include potential bonuses or perks. 

CISA salary in different industries 

With a CISA certification, an entry-level salary might offer a 19% to 28% raise over another entry-level IT salary, and salaries vary across industries as well. 

CISA professionals can bring their skills and education across a wide variety of industries, including financial services, major tech companies, large retailers, manufacturing vendors, government agencies and more. Industries where cybersecurity is of the utmost importance, but perhaps hasn't been prioritized are where CISA professionals are in high demand. This includes public works, industries, healthcare organizations and education systems. 

Enhancing your career with CISA 

A CISA certification shows candidates passed a rigorous and comprehensive exam that often requires months of study. Leverage the CISA certification to advance your career by highlighting your digital badge with employers, sharing the certification on LinkedIn and adding it to your Certifications on LinkedIn. 

Many security professionals and IT auditors choose other specialized certifications to enhance their CISA background, such as the Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH). Long-term, prepare to maintain your CISA through 20 Continuing Professional Education (CPE) hours annually and 120 CPE hours over three years, along with annual professional fees. 

With high average salaries and a positive long-term career outlook, CISA-certified professionals stand to have a high-growth career. As cybersecurity becomes increasingly complex and important while the security professionals' talent gap also increases, CISA professionals will be in high demand. Depending on your level of experience, organization and industry, CISA salaries can vary widely but offer tons of growth opportunities. 

Explore the CISA certification further to advance your career and enhance your skill set. Learn more in the CISA Boot Camp and the CISA Learning Path.   

Infosec Institute
Infosec Institute

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training.