Skip to main content

ISO 27001 Lead Auditor — Sydney & Melbourne

eLearning delivered by PECB master trainers Carl Carpenter, Graeme Parker, Nathalie Claes · Online-live & in-person led by Aegentra's NV1-cleared, ISO 27001-certified instructors · Aegentra Academy

Develop the expertise to plan, conduct, and report on ISO/IEC 27001 audits. Covers audit principles, evidence gathering, nonconformity classification, third-party and supplier audits, and the certification audit process.

ISO 27001 Lead Auditor course — $849 AUD, PECB-certified. The Aegentra Academy ISO 27001 Lead Auditor is a PECB-accredited, self-paced online program priced at $849 AUD, including the official PECB exam voucher and one free resit within 12 months. Instructor-led cohorts are also available in Melbourne and Sydney. Aegentra Academy is an official PECB authorised training partner in Australia.

This PECB-accredited course is sold and supported by Aegentra Academy — an official PECB authorised training partner in Australia. Every enrolment includes the official PECB certification exam voucher and one free resit within 12 months of purchase. Courses run online and self-paced through the myPECB platform; instructor-led cohorts and in-person delivery are also available in Melbourne and Sydney.

PECB is accredited by ANAB (ANSI National Accreditation Board) under ANSI/ASTM E2659-18, plus UKAS, IAS, and COFRAC. Your PECB credential is internationally recognised and accepted on resumes, tender responses, and procurement panels worldwide. Verify credentials through the official PECB partner directory.

Aegentra Academy courses are delivered by active practitioners — the same senior engineers who run ISO 27001 readiness and GRC engagements and Microsoft 365 hardening for Australian SMBs. Tax invoices with GST and ABN are issued automatically at checkout. Multi-seat team pricing is available — email Academy@aegentra.com.au for an enterprise quote. Professionals across Melbourne, Sydney, Brisbane, Perth, Adelaide, Canberra, and New Zealand enrol online.

Where ISO 27001 lands in Australia

ISO 27001 is the de facto security qualifier for Australian procurement. Defence-industry suppliers building toward Defence Industry Security Program (DISP) membership, Commonwealth and state tenders referencing the Protective Security Policy Framework (PSPF) at Maturity Level 2 and above, APRA-regulated banks, insurers, and super funds evidencing CPS 234, and operators captured by the Security of Critical Infrastructure (SOCI) Act all lean on ISO 27001 as the implementation template. It maps cleanly onto the ACSC Essential Eight — the Essential Eight tells you what to do, ISO 27001 tells you how to run the system that decides what to do.

Employers hiring GRC analysts, internal auditors, ISMS coordinators, and security-cleared compliance staff across Melbourne, Sydney, Brisbane, Canberra, Perth, and Adelaide list ISO 27001 credentials as expected. The PECB credential earned here is the internationally recognised, ANAB-accredited qualification those roles ask for.

Who teaches this course

The self-paced eLearning for the ISO 27001 Lead Auditor course is delivered by the following PECB-certified master trainers. Online-live and in-person cohorts in Melbourne and Sydney are led by Aegentra's own NV1-cleared, ISO 27001-certified instructors.

Carl Carpenter — Cybersecurity Professional & Penetration Tester

ISO/IEC 27001 Senior Lead Auditor, CISA, CISM, PCI-QSA. A highly experienced cybersecurity professional and penetration tester with deep expertise across regulated environments — CMMC, HIPAA, PCI, FFIEC, CCPA, and GDPR. A certified auditor and instructor holding ISO/IEC 27001 Senior Lead Auditor, CISA, CISM, and PCI-QSA, and a Cisco, Microsoft, CompTIA, and PECB-certified specialist.

Graeme Parker — Cybersecurity & Information Security Expert

PECB Certified Trainer, ISO 27001, ISO 22301, ISO 42001. A Security, Technology, Risk, and Compliance professional with vast experience across private and public sector roles spanning financial services, government, manufacturing, healthcare, and retail. A certified PECB trainer delivering ISO/IEC 27001, ISO 22301, ISO/IEC 42001, CISSP, CISM, and CISA courses globally across the UK, USA, Canada, and Europe.

Nathalie Claes — Security Governance Expert & Management Consultant

CISO-as-a-Service, Compliance & Risk, DPO. A Security Governance expert and management consultant with over a decade of international experience leading complex security projects. She delivers CISO-as-a-service, senior compliance and risk management, and DPO services, and coaches organisations through growth and restructuring to build resilient, future-ready teams.

For the full certification landscape — process, costs, timelines, and how this course fits into a wider readiness program — read the ISO 27001 Certification Australia: A Complete Guide (2026).

ISO 27001 Lead Auditor — Frequently Asked Questions

What does the PECB ISO 27001 Lead Auditor course cover?

Six modules covering the foundations of auditing under ISO 19011, audit planning and resource allocation, the on-site audit programme (opening meeting, evidence gathering, document review), nonconformity classification and finding-writing, the stage 1 / stage 2 / surveillance / recertification audit cycle, and certification-body practice. Total effort is 30-40 hours of self-paced study.

Do I need Lead Implementer before taking Lead Auditor?

No. Lead Auditor is a self-contained credential. That said, many practitioners take Lead Implementer first because the build-side knowledge makes them sharper auditors — you can see when a control is evidenced only on paper. The opposite progression (Auditor → Implementer) is also common for ex-certification-body staff moving into implementation roles.

How is the Lead Auditor exam structured?

Three hours, open-book, mixed multiple-choice and scenario-based questions across seven competency domains. Pass mark is 70%. The credential awarded depends on attested professional audit experience — Provisional Auditor (no experience), Auditor (2 years), Lead Auditor (5 years with 300 hours leading audits), or Senior Lead Auditor (10 years).

What makes the Aegentra Lead Auditor course different?

Every authorised PECB Lead Auditor course leads to the same credential — the certificate is identical wherever you buy it. The differences are price, format, and who is teaching. Aegentra delivers Lead Auditor at $849 AUD (self-study) or $928 AUD (eLearning) with the exam voucher and one free resit included. The material and Australian-context audit references are drawn from the practice of NV1-cleared security engineers who run real assurance and readiness programs across Sydney and Melbourne.

Can I become a third-party certification-body lead auditor with this credential?

Yes — Lead Auditor is the personnel-competency credential certification bodies look for. Certification bodies will still run their own onboarding programme (witness audits, internal calibration, code of conduct), but PECB Lead Auditor (or the equivalent IRCA credential) satisfies the certification-body-personnel competency requirement of ISO/IEC 17021-1.

What is the difference between Lead Auditor and Lead Implementer?

Lead Implementer is the build-side credential — designing and operating an ISMS from a blank sheet of paper. Lead Auditor is the verification-side credential — planning, conducting, and reporting on audits against ISO 27001. The two are deliberately separate skill sets governed by different competency frameworks. Many practitioners hold both; few do them in the same year.

Does Lead Auditor cover first-, second-, and third-party audits?

Yes. The course explicitly covers all three audit types — first-party (internal audits inside your own organisation), second-party (supplier and contractor audits), and third-party (certification-body audits leading to issuance of an ISO 27001 certificate). The credential qualifies you for all three contexts, subject to attested professional experience.

Will Lead Auditor help me work on JAS-ANZ accredited audits?

Yes. JAS-ANZ accreditation requires certification bodies to staff audit teams with appropriately competent auditors per ISO/IEC 17021-1. PECB Lead Auditor is one of the two globally recognised credentials that meet this competency requirement (IRCA is the other). Holding Lead Auditor is the standard entry credential for an Australian certification-body assessment team.

Is the exam included in the $849 AUD price?

Yes. The official PECB Lead Auditor exam voucher plus two exam attempts (initial sit plus one free resit if you do not pass first time) are included. There is no separate exam fee.

How long does the Lead Auditor course take?

Typical effort is 30-40 hours of self-paced study spread over four to six weeks. You have 12 months of myPECB access so the pace is yours. Most working professionals complete it in 6-8 weeks of evenings; a focused full-time week is also feasible.

What CPD credits do I earn?

PECB awards 31 CPD credits on completion of the ISO 27001 Lead Auditor course. These count toward CPD requirements at ISACA, (ISC)², IIA, AISA, and other professional bodies on submission, and toward maintenance of other PECB credentials.

Does Lead Auditor expire?

The certification level requires ongoing CPD credits to maintain (typically 20 per year via the PECB CPD scheme). Active lead-auditor practice (hours leading audits) is also tracked at the higher credential levels. PECB notifies you ahead of the renewal window.

Can I deliver internal audits using this credential alone?

Yes. Lead Auditor qualifies you to plan and conduct internal audits inside your own organisation, regardless of attested external experience. The internal audit programme is one of the most common starting points for Lead-Auditor-credentialled practitioners.

Can my employer pay or reimburse?

Yes. Either complete checkout yourself and forward the Stripe tax invoice for reimbursement, or write to Academy@aegentra.com.au and we will issue an invoice direct to your organisation with payment terms. Groups of five or more receive a discount.

When can I start the course?

Immediately after payment. The Academy team confirms your seat with PECB and you receive login details by email — usually within one business day.

How long do I have access to the course?

You have 12 months of access from enrolment. That window covers the course material, the official PECB exam, and one free resit if you need it.

What if I fail the exam?

One PECB-issued resit is included in your enrolment at no extra cost. Most learners who use the included study materials and sit the resit within 30 days pass on their second attempt.

Can my employer be invoiced directly?

Yes. Either complete the checkout yourself and forward the Stripe tax invoice to your employer for reimbursement, or write to Academy@aegentra.com.au and we will issue an invoice to your organisation with payment terms.

Is the credential recognised internationally?

Yes. PECB is an accredited certification body recognised globally. The credential is the same one issued through any authorised PECB training partner — recognised by employers, audit bodies, and government tenders worldwide.

Do you offer group bookings for teams?

Yes. Groups of five or more receive a discount and can be enrolled with a single invoice. Write to Academy@aegentra.com.au with the course, number of seats, and start window.

What is your refund policy?

All enrolments are non-refundable. Once payment is confirmed your PECB seat is provisioned and the course materials become available, so refunds cannot be issued. Please review the course details carefully before purchase, and email Academy@aegentra.com.au if you have questions before enrolling.