Related Posts
What made you go into law enforcement?
More Posts
Is tcs calling all employees to work from office
Any advice on moving from L4 to L5 in Amazon?
Additional Posts in Risk Assurance
Hello - hope everyone is having a great weekend. I'm looking into risk assurance opportunities at Meta, especially Application Manager, Controls (min 5 YOE) and Manager, Compliance (min 12 YOE). I am a Senior Manager with 9 years of IT risks assurance experience. Does anyone have any thought on which position I should apply? If anyone currently at Meta could share your experience, that would also help. If anyone is open to providing referrals, I could provide my background. Facebook (Meta)
What makes more money IT Audit or IT GRC?
New to Fishbowl?
unlock all discussions on Fishbowl.



I’m seriously considering this too. I think I know audit enough and I need the ERM type experience rn
I did so by just applying, skills are there for many jobs unless they are VERY Security heavy which tbh, most aren’t. I switched to Risk focusing mostly on SOX for a new public company, great experience and in non-Sox time got exposed to more security related work. After a year I found it pretty dull however, but I also think that was because we were done with the heavy grunt work of getting sox controls ready for year 1, etc. you do work less overall on risk based on my experience. Recently transitioned to internal IA for a F500 since.
It took me 15 years to get out of third line, and I should have done it much earlier. I finally got out through networking and demonstrating my effectiveness. I got asked to lead a second line team, and trust me, the grass is definitely greener. All that toxic Big 4 crap that follows you into internal audit because half of them came from public just doesn't exist in the second line.
IAM. They got tired of me constantly issuing access findings that they asked me to lead the team to get it fixed. I say that only half joking. The other part is that I've spent years networking with the security team, volunteering at conferences, attending chapter meetings. Almost 10 years ago now, I had been doing a cybersecurity audit, and one of the security managers suggested I go for the CISSP, which was a pain, but I passed.
I never intended to end up in security, but I guess I've been playing the long game for a while now.
What's 3rd line to 2nd line?
https://www2.deloitte.com/us/en/pages/advisory/articles/modernizing-the-three-lines-of-defense-model.html