Information leaks and system hacks show up in the news ever more often. Big names cannot protect their computer networks properly, letting backdoor open for people who strive to get in, unnoticed. Sometimes they aim to steal information, and sometimes they just want to prove their skills, and warn the company of the potential threat.
Working as an IT Auditor, you will try to minimize the risks associated with the computer networks in the company. You will safeguard information, trying to locate weak-spots and create strategies to prevent security breaches.
Studying the entire IT systems of the company in detail, you will ensure sufficient controls are kept, and the data are stored or transported in a secure way. Let’s have a look at some questions you may face while interviewing for this interesting and well paid job.
Can you please walk us through your resume?
Try to tell them a short and meaningful story. It starts with your passion for computer systems, and understanding of the crucial role they play (and will play) in our society. Hence you opted for studying computer science (as they can see on your resume), and you also worked a lot in your free time. Because you know that the most important things one cannot learn at school…
Then you got your first job–perhaps a system admin, network admin in a smaller company. Or you did something related to auditing. In any case, the job allowed you to understand better how computer networks work in the company, and you got your certification (CISA, CISSP), benefiting from your experience in work.
Finally, after everything you’ve been through and learned, your story culminates at this point–in an interview for a job of an IT auditor, your dream job, the role you always wanted to have.
What is your experience with auditing computer networks and IT systems?
Any experience is better than no experience. Even if you just monitored and audited a local computer network back home.
When you narrate your experience, try to talk about various operating systems, software programs and tools you worked with. You should also point out some particular improvements, or the weaknesses of a network you identified, and how you addressed them.
That’s the most important thing, because they expect from you exactly the same thing in a job of an IT auditor.
What is the most difficult network security problem that you ever troubleshooted?
Try to answer this questions using a STAR method. Firstly, describe a Situation. It can be a certain weakness you identified in the network, or an existing problem, information leak, malware, etc.
Based on your identification of the problem, you set Task for yourself. This can be anything from improving the security by upgrading the firewall and enabling other means of network protection, to trying to retrieve the lost data, or reinstalling the systems–anything.
Setting task, or if you want a goal, you finally took Action. Here you should be particular about what you did. For example you enabled a cloud backup on XYZ platform and secured it with ABS solution, to ensure the data won’t be lost again in the future.
The last point is Result. At the end of the day, that’s what companies expect from you-results. In this case you can describe how your action (what you did) improved the situation. For example, as a result of your intervention, no other data breach occurred in the company in the future…
* May also interest you: Information Security Analyst interview questions.
In your opinion, what role does employee training plays in this job?
At the end of the day, people are responsible for most security breaches. They set weak passwords, open email attachments they should not open, install things that can threaten the security of the network. IT guys can do a great job, but unless they instruct other employees on security features and precautions they should take in their work with computers, something bad will eventually happen.
Ensure the interviewers that you give employee training high importance. You plan to devote part of your time to employee training, and you want to instruct each new employee on the common mistakes and pitfalls.
If we hire you for this job, what will be the first thing you do as our new IT auditor?
The key is to show proactive approach to your role. If you will be their only (or first) auditor, you should say that you will start with a throughout audit of their existing computer network, and also a short interview with key employees of the company–to understand their goals and how they relate to the IT systems in the business.
You will identify areas for improvement and suggest an action plan, and you may also devise internal network security policies and procedures. That’s what they want to hear from you, if you’ll be their only IT auditor.
Situation changes when you will be just one of many auditors, or when you apply for a job with a company like KPMG, which conducts IT audits for clients all around the world, and employs dozens of IT auditors.
In such a case you can say that you expect to take part in the training, getting to know your position in the team, meet other people from the IT audit department. You will learn about the corporate values and system of work, and you will ask a lot of questions. You’ll do everything to get ready to do the actual work on the client site.
How will you explain technical issues to people who lack technical knowledge?
The most important thing is to ensure the interviewers that you will do whatever you can to eventually get our message over, that you won’t give up easily. Understanding that unless they comprehend your message, you can hardly move forward with any proposed changes or improvements, you will continue until they get the main point.
You can say that you will use practical examples, demonstration, or comparisons, simply something to help them visualize the problem or a solution you are talking about. You will also try to minimize the number of technical terms you use in your description.
To sum it up, you will adjust your language and way of explanation to your audience, their skills, intelligence, position in the company, etc.
Other questions you may face in your interview for a job of an IT auditor
- In your opinion, how has this field evolved in the last five years? What do you consider the most important innovation in the field of network security?
- How do you feel about traveling to client sites?
- What are some basic and some advanced measures you will take to protect the network from external threats?
- In your opinion, what role does internal policies for employees play when it comes to the security of the network?
- How often would you suggest a big company with 100+ computers to do an IT audit?
- Here are the results of an IT audit (they hand you a report from an audit). Based on the observations of the auditors, what steps would you suggest to the management of the company?
- What do you consider the biggest flaws of cloud applications?
- How do you ensure to keep your knowledge up to date?
- What motivates you the most in this job, and what would you like to achieve while working as an IT auditor in this company?
- What are your salary expectations?
* You can also download the full list of questions in a one page long PDF, and practice your interview answers anytime later, even when offline:
Conclusion, next steps
Interview for a job of an IT auditor belongs to interviews with average difficulty. You may get some technical questions, but as long as you have some experience with auditing computer networks, you should not find them difficult.
Situation changes when you interview for a job in one of big 4 companies, or in another corporation that specializes in providing auditing services for clients. In such a case you may face some tricky behavioral questions, simply because these companies use them always while interviewing job applicants, regardless of the role.
Try to think about your past experience, some problems you identified, computers or networks you troubleshooted, improvements you suggested. Try to recall at least three or four such situations. You can later use them in an interview while answering both technical and behavioral questions.
Last but not least, do a good research about your future employer. The more you know about them, the easier it will be to answer certain questions that refer to company culture, your role in the company, and similar things.
This isn’t an easy interview, but if you spend enough time preparing for the meeting with the hiring managers, you should succeed. I wish you good luck!
May also interest you:
- Compliance officer interview questions.
- Assistant Controller interview questions.
- Internal audit interview questions – Some questions may overlap with questions for IT auditors. Check them out and get ready.