The CISSP is a security certification. IT is very broad and probably is geared more towards the manager in security, CISO, etc. It has become a very widely used standard in job requirements for security positions.
The CISA is strictly an auditing certification is only needed if you are going to be an IS Auditor. No one else looks for this or requires it.
BOTH certification require a certain number of years either in IS security or as an auditor before you can receive the designation. To get the CISA you have to have been doing auditing for a minimum of 3 years (education can then make up the other 2 years of the 5 required). This one actually requires a sign off from your current or past employers to prove that you have been auditing. The CISSP requires that your cert app (after exam) be signed off by another CISSP who can verify your experience.
The exams for both of tough, but nothing that cant be passed with experience.
Again, only do the CISA is you have been an auditor and will be auditing.
The CISSP goes across more jobs.
Hope that helps!