It depends on what you are aiming for.
CISSP is a broad information security certification for senior level people, hence the requirement of having 5 years of experience.
CISA is for those involved in systems analysis. Most IT auditors get this, but its NOT an infosec cert. So many get the CISA, but not the CISSP. Some get both.
CISA is most suitable for you if you wish to remain in audit or governance-related roles in the cybersecurity industry.
I hope this will help to you
Stop it! You're embarassing me! And you are embarrassing this tiny ad!