Cybersecurity analyst showing colleague important project information

If you’re interested in risk management and information technology, becoming an IT auditor might be the perfect job for you. An IT auditor uses project-management principles and auditing processes to ensure that an organization’s IT systems comply with all applicable rules and regulations. It’s an essential role when it comes to big issues such as cybersecurity and financial fraud.

When you’re applying for a job as an IT auditor, you’ll need to impress hiring managers with your knowledge of auditing processes, audit standards, and more. We’ll break down what an IT auditor job entails, along with an IT auditor sample resume.

What does an IT auditor do?

Depending on their IT auditor skills, the nature of the company and its industry, and other factors, the day-to-day duties of a typical IT auditor might include:

  • Reviewing current IT systems and networks, including documentation.
  • Testing systems for vulnerabilities in conjunction with other team members (such as cybersecurity analysts).
  • Ensuring the company follows applicable regulations.
  • Adjusting the process for identifying and assessing IT-related risks and vulnerabilities.
  • Recommending more effective IT systems, workflows, and controls to management.

Those tasks demand the following skills:

  • Data analysis
  • Report writing
  • Understanding financial transactions
  • Independent testing and compliance auditing
  • Risk assessment
  • Software development

Any IT auditor resume will need to break down (mostly via the experience and skills sections) how the IT auditor has carried out these tasks at other companies, which challenges they’ve overcome, and how they could potentially use their experience to deliver results for a future employer.

What education do I need to become an IT auditor?

Many recruiters and hiring managers will look for a Certified Information Systems Auditor (CISA) certification, which demonstrates the bearer understands IT auditing processes, information systems operations and business resilience, and protecting data. Other certifications such as the Certified Information Systems Security Professional (CISSP) can likewise come in handy, especially if you’re expected to work closely with cybersecurity professionals.

While you don’t need a specific two- or four-year degree to become an IT auditor, degrees in accounting, IT management, and software development can all impart the skills necessary to effectively audit organizations’ tech stacks. If you’re currently working in a different tech role and want to quickly learn the necessary skills for IT auditing, see if your organization has a senior IT auditor who can mentor you through the particulars of the job.

What does an IT auditor resume need to include?

Before sitting down to write your IT auditor resume, example the original job posting and note the listed skills; make sure to input any of those skills you’ve mastered into your own resume. Companies rely on automated resume-screening software to parse resumes, and they’ll likely reject any applications that don’t feature a number of the skills listed in the job posting.

Next, you’ll want to ensure that your experience section shows how you used your IT skills to benefit your previous companies; with every bullet point, demonstrate that you had a real impact on your previous employers’ abilities to remain in compliance.

What does a sample IT auditor resume look like?

Glad you asked! Feel free to modify the following to suit your needs:


Kate T. McDonald, CISA


1 Dice Way  |  Stamford, CT 06005  |  000-000-0000  |


Analytical and experienced IT Auditor with expertise in general control and application review



  • 6 years of experience in IT audits for retail, manufacturing, and health care industries.
  • Proven track record of assessing system/network availability, security, and data integrity to identify, manage, and reduce risks and ensure general compliance.
  • Extensive background in all stages of audits, including planning; study, evaluation, and testing of controls; reporting; and follow-up.
  • In-depth knowledge of Sarbanes-Oxley Act (SOX) and business processes.
  • Acute understanding of networking, hardware, software, and data centers, as well as emerging technologies, such as biometrics and mobile devices.



ABC Company, Stamford, CT

2005 - Present

IT Auditor II for this Fortune 500 retailer with 1200 employees.

  • Oversee 3 auditors to identify IT related risks throughout development phases. Areas include networks, operating systems, ERP, databases, security, and disaster recovery.
  • Conduct SAP and legacy system reviews to support products and ensure business objectives are met.
  • Perform general controls oversight and review to verify compliance with SOX provisions and professional standards.
  • Liaise between in-house managers/IT department and external financial and operational auditors.
  • Ensure audit tasks are completed accurately and within established timeframes.

DFG Inc., New York, NY

2003 - 2005

IT Auditor for this publicly traded manufacturer with 265 employees.

  • Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades.
  • Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.
  • Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and ensure availability, accuracy, and security under all conditions.
  • Used ACL to administer computer aided audit tests (CAAT).
  • Coordinated with IT department and external auditors during SOX IT testing.

HJK Company, New York, NY

2001 - 2002

IT Auditor for this major health care provider with 150 employees.

  • Performed operational and financial integrated audits and pre- and post-implementation reviews.
  • Helped establish annual audit plan for core competency areas using risk assessment methodology.
  • Reviewed systems for adequate management controls, efficiency, and compliance with policies, regulations, and accounting principles. Made recommendations when necessary.
  • Created flowcharts to document business systems and processes for IT audit reports.
  • Coordinated with various departments to create remediation plans for deficiencies found during audit.


Windows NT/2003, UNIX, ACL, MS Office (Word, Excel, PowerPoint), AS/400, Linux, Sybase, Solaris, Novell, Sequel, Oracle, firewalls, routers/switches, LAN/WAN, TCP/IP, VPN, HTML, JavaScript


Certified Information Systems Auditor; ISACA (2005)


Bachelor of Science, Computer Science; City University of New York New York, NY (2000)