Information Security Auditor Resume Example & Writing Guide

Use this Information Security Auditor resume example and guide to improve your career and write a powerful resume that will separate you from the competition.

Information security is one of the fastest growing fields in the world of work. And if you’re someone who loves solving puzzles and protecting valuable assets, this might be the perfect role for you.

Information security auditors are tasked with investigating an organization’s security systems and procedures to uncover potential vulnerabilities. They identify risks and recommend solutions to protect against unauthorized access, theft of data, and other threats.

If you’re looking to break into this field or switch jobs in the next year, it’s time to write a resume that will get you noticed by hiring managers at information security companies. Here are some tips and an example plus resume template to help you do just that.

James Smith
Phoenix, AZ | (123) 456-7891 | [email protected]

Information security auditor with 10 years of experience in the field. Proven ability to assess and mitigate information security risks across a variety of industries, including banking, healthcare, and retail. Holds CISSP and CISA certifications.

Utica College Jun '10
M.S. in Information Security and Assurance
Utica College Jun '06
B.S. in Computer Science
Company A, Information Security Auditor Jan '17 – Current
  • Performed risk assessments and gap analysis of the company’s information security program against industry best practices, including PCI DSS, SOX, FISMA, NIST SP800-53/ATO2.3, ISO27001/27002, CSA Z1002 and others as applicable.
  • Developed a comprehensive audit plan based on findings from the risk assessment to ensure that all areas are covered during an audit.
  • Conducted internal audits for various business units within the organization using standard methodologies such as walkthroughs, interviews with management and staff members involved in processes under review etc., to determine compliance with policies and procedures related to information security standards (e.g., PCI DSS).
  • Analyzed results of internal audits performed by Information Security Auditors and prepared reports documenting findings and recommendations for corrective action or further investigation where appropriate.
  • Provided technical support to other auditors regarding specific technologies used within the organization when performing their own audits (e.g., payment card processing systems).
Company B, Information Security Auditor Jan '12 – Dec '16
  • Performed risk assessments on all company assets, including computer systems and physical locations to identify potential security risks
  • Conducted penetration testing of the company’s network infrastructure to uncover vulnerabilities in system configurations
  • Developed a comprehensive information security policy that was approved by management and implemented across the entire organization
  • Implemented an automated vulnerability scanning tool for continuous monitoring of critical systems and services
  • Created detailed documentation of findings from each audit or assessment using proper controls and procedures (i.e., ISO 27001)
Company C, Security Analyst Jan '09 – Dec '11
  • Conducted security assessments of systems and applications to identify vulnerabilities and risks.
  • Documented findings and created reports with recommendations for remediation.
  • Implemented security controls to mitigate risks and vulnerabilities.
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)

Industry Knowledge: IT Audit, Cyber Security, IT Governance, ISO 27001, NIST, PCI DSS, ITIL, COBIT, GDPR, FISMA, ISO 27017, ISO 27018
Technical Skills: ArcSight, Splunk, McAfee, RSA, VASCO, Symantec, FireEye
Soft Skills: Communication, Leadership, Teamwork, Time Management, Risk Management, Attention to Detail, Problem Solving

How to Write an Information Security Auditor Resume

Here’s how to write an resume of your own.

Write Compelling Bullet Points

Bullet points are the most important part of your resume because they’re the first thing recruiters and hiring managers will see. And they’re the best way to showcase your experience and qualifications.

So it’s crucial that you use them to your advantage. And one of the best ways to do that is by using bullet points to describe your accomplishments.

For example, rather than saying you “conducted risk assessments,” you could say you “conducted risk assessments of global financial services company’s global network of data centers, identifying over 200 high-risk vulnerabilities.”

The second bullet point is much more specific and interesting. And it provides more detail about what you did and the results of your work.

Identify and Include Relevant Keywords

When you apply for a job as an information security auditor, your resume goes through an applicant tracking system (ATS). This system looks for certain keywords related to the job in order to determine whether you are a good fit. If your resume doesn’t have enough of the right keywords, the ATS might automatically reject your application.

One way to make sure your resume makes it past the ATS is to include relevant keywords throughout all sections of your document. Here are some common keywords for information security auditors:

  • Information Security
  • Internal Audit
  • Auditing
  • Security Operations
  • Security
  • Scada
  • ITIL
  • IT Risk Management
  • Penetration Testing
  • Security Awareness
  • Risk Assessment
  • Information Security Management
  • System Administration
  • Cybersecurity
  • Software Development Life Cycle (SDLC)
  • ISO 27001
  • Cybersecurity
  • Cryptography
  • Information Security Auditing
  • Vulnerability Management
  • Risk Management
  • Sarbanes-Oxley Act
  • Financial Reporting
  • Internal Controls
  • SOX
  • Information Security Standards
  • IT Service Management
  • Governance
  • Vulnerability Assessments
  • Information Security Testing

Showcase Your Technical Skills

As an information security auditor, you need to be proficient in a variety of software programs and systems in order to do your job effectively. This might include familiarity with security research databases, vulnerability management software, or incident response tools. Additionally, many organizations are now using social media platforms to share information about security threats and vulnerabilities, and security auditors who are familiar with these platforms will be better equipped to take advantage of this growing trend.


Dressmaker Resume Example & Writing Guide

Back to Resume

AWS Data Engineer Resume Example & Writing Guide