The bulk of resume I came across for applicants applying for it security jobs are neither it security experince or certified. This is a good sign for you if you can get some certification that gives you over the edge of others. However, a single it security certification is nearly useless, even having cissp alone may not look as good as compare to a candidate with cissp, gcih. You will need a few to pack a punch in and stand out from others.

taking that into consideration. You may want to iron out your path considering what path would you like to take. Then take a few certifications to reach that goal

a few examples
Pentester path: Ceh, Gcih, Gpen, Oscp, Gxpn, Ocse, Gwapt

Forensic Path: Ceh, GCIH, chfi, gcfe, gcfa, grem

Intrusion Analyst Path: Ceh, Gcih, Gcia, Gcfw

Generic Path: Ceh, Gcih, Gsec, Gisp, Cissp, Cism

Auditor Path: Ceh, Gcih, Gsna, Gisp, Cissp, Cisa

Security Administrator/Incident Handler Path: Ceh, Gcih, Gcwn*, Gcux*, Gced

*Optional for incident handler

While it seems weird that I seems to be practically mentioning ceh and gcih for every path. I would like to emphasize it security may not required hacking skills at all. Take for example is the job of a bcp manager, whose role is mainly to ensure the bcp success and may not required to go in depth in any technical skills. However, for entry level, ceh and gcih should be able to cover the foundation required for most path.

Ceh teaches the basics for hacking while gcih covers common possible security incident scenerios and how to handle them. After that you can choose to go into whatever specialisation you wish to.