On the other hand, if you are looking to show that you've achieved a certain level of competence (which given your background seems to be the case), then a certification can help you convey that you have a minimum level of knowledge. Personally, that's how I view any of these certifications (of which I have none, by the way). You must be knowledgeable to get the certification, but that certainly doesn't indicate competence or ability to execute a project.
In terms of comparing and contrasting the various certifications, (ISC)2's CISSP has the best "brand" of all certifications in that most people understand what it is and what it means.
ISACA's security oriented certifications, CISA and CISM, aren't as well-known, but are respected. The Certified Information Security Auditor certification is targeted toward folks that want to roll up their sleeves and get into the audit game. So if you are looking to move away from the security group toward taking on an audit function (within either the internal audit or perhaps an external auditor), then the CISA is a good choice.
The Certified Information Security Manager (CISM) is analogous to the CISSP. I guess ISACA got sick of giving all the certification business to (ISC)2, so they built their own. My impression is that the CISM is a bit tougher to get than a CISSP, but in the end I'm not sure it matters. It all goes back to what you are trying to accomplish with the certification.
For more information:
This was first published in August 2007