Any thoughts? Which is a better certification for a CISA qualified IT auditor?
CISSP vs CISM
I hope all is well. Both exams have a very similar knowledge base, and are closely aligned. They are both designed to target similar audiences... Senior I.T. Security leaders.
The key difference is "Awareness" and "Brand Recognition". ISC2's CISSP has both and is globally recognized.
ISACA's CISM does not has as wide a range of awareness and brand recognition... they are well known for the CISA, not for CISM or CRISC, or CGEIT, all of which are GREAT certifications... just not as well known.
If you are looking to build skills, and certify BUT... to stay within your current company, I would suggest that you see if they have a preference, or based on job descriptions have a need for one or the other.
If, on the other hand, you are looking to get certified, and to use that as a stepping stone to a new job with a different company, then CISSP would be a better choice.
Good Luck !!