Cybersecurity ops

CISA: Certified Information Systems Auditor

The ISACA reference credential for IT audit. Five domains, four-hour exam, the audit credential Big Four engagements default to. Four-day cohort with one re-sit included.

ISACAPractitioner4 daysLiveSelf-pacedIn-house
  • Practitioner-led, taught by a working CISO
  • Exam & certificate included
  • Re-sit covered if needed

Right fit if you are.

  • IT auditors moving from internal audit into a specialised IS audit role.
  • Compliance officers in regulated industries (banking, insurance, healthcare).
  • Security analysts transitioning into audit or GRC.
  • Big Four consultants targeting client-facing engagements.

NOT for. When to skip it.

We'd rather you keep your money than buy the wrong path.

  • Aspiring CISOs with no audit interest. CISM is the management-focused alternative.
  • Risk managers without an audit angle. CRISC fits better.
  • Practitioners under three years of experience. ISACA recognises only experience earned within the ten years preceding the application.

What you'll be able to do

  • 1Plan and execute a risk-based IS audit aligned with ISACA standards.
  • 2Evaluate governance and management of IT against COBIT and ISO 27001.
  • 3Assess controls across IS acquisition, development and implementation.
  • 4Audit IS operations, business resilience and asset protection.
  • 5Produce audit reports that hold up in a Big Four review.

Upcoming public sessions

Open-enrolment cohorts. Pick a date and book your seat. Want a private cohort for your team instead? Request an in-house quote.

No confirmed live cohort right now. You can still:

Buyers always ask

How long is the CISA exam?+

Four hours, 150 multiple-choice questions, computer-based at a PSI testing centre. Scoring is 200 to 800; passing mark is 450. Result is available immediately on screen.

What is the experience requirement?+

Five years of professional IS audit, control, assurance or security work experience. Up to three years can be substituted by general IS experience, a relevant bachelor or master degree, or two years of teaching at university level. Experience must have been earned within the ten years preceding the application or within five years following the exam pass.

How does CISA fit with ISO 27001 Lead Auditor?+

They are complementary, not substitutes. ISO 27001 Lead Auditor is the certification-audit credential for the 27001 standard specifically. CISA is the broader IS-audit profession credential, used across frameworks (COBIT, NIST CSF, ISO 27001, SOX, PCI). Big Four engagements typically require CISA; an internal ISMS audit programme typically requires Lead Auditor. Many senior auditors hold both.

Is there a re-sit included?+

Yes. Cyber Academy ships the CISA cohort with one re-sit voucher included. ISACA allows up to four attempts in a 12-month rolling window. Our 99.1% first-attempt pass rate means most learners never use the re-sit.

Ready to get certified?

Taught by a practicing CISO. Prices shown up front. Certified or refunded.