Skip to main content

How to become a certified ISO 27001 Lead Implementer in Australia

By the Aegentra Security Team — NV1-cleared ISO 27001 practitioners · Published 7 July 2026

People searching this mean one of two different things — certifying their company, or certifying themselves. This guide covers the second: earning the individual PECB Lead Implementer credential, the exact experience and ISMS project hours each tier needs, the exam, the cost, and the jobs it opens in Australia.

To become a PECB Certified ISO 27001 Lead Implementer you complete the Lead Implementer training, pass the PECB exam, then hold five years of professional experience (two in information security) and 300 hours of ISMS project activity. Lower tiers need less — the Provisional credential needs only the exam. Aegentra Academy runs the official course online and in Melbourne, Sydney & across Australia for $849 AUD + GST, with the exam voucher and a free 12-month resit included.

Certifying your company vs certifying yourself

These are two different things. Certifying your company means building an Information Security Management System (ISMS) and passing a Stage 1 and Stage 2 audit by a JAS-ANZ-accredited body — the outcome is an organisational certificate (covered in our ISO 27001 certification guide). Certifying yourself means earning an individual professional credential — PECB Certified ISO 27001 Lead Implementer — that proves you personally can plan and run an ISMS. This guide is about certifying yourself.

What an ISO 27001 Lead Implementer does

A Lead Implementer builds and runs the ISMS — defining scope, running the risk assessment, producing the Statement of Applicability, implementing the Annex A controls, writing policies, training staff, and steering the organisation through internal audit and management review up to the certification audit. It is the person who gets an organisation audit-ready, not the person who audits it (that is the Lead Auditor).

The step-by-step pathway

  1. Build the foundations (optional). If ISO 27001 is new to you, start with the ISO 27001 Foundation course.
  2. Take the Lead Implementer course. The official PECB course teaches you to plan, deploy, and run an ISMS end to end.
  3. Pass the PECB exam. A scenario-based exam — pass it and you earn the Provisional Implementer credential immediately, with no experience required.
  4. Log your experience and project hours. Upgrade to higher tiers as you accumulate professional experience and hours on real ISMS projects.
  5. Sign the Code of Ethics and get credentialed. Every tier requires signing the PECB Code of Ethics; PECB verifies your application and issues a verifiable digital credential.

Credential tiers and the experience each requires

All four tiers sit the same PECB exam. What separates them is the experience and hours of hands-on ISMS work you can evidence.

Credential tierTotal experienceIn information securityISMS project hours
Provisional ImplementerNone0
Implementer2 years1 year200
Lead Implementer5 years2 years300
Senior Lead Implementer10 years7 years1,000

Requirements are set by PECB — see the official ISO/IEC 27001 Lead Implementer credential page.

The ISMS experience that counts

Project-activity hours mean hands-on ISMS work: running a risk assessment, drafting the Statement of Applicability, implementing and documenting Annex A controls, writing policies, preparing evidence, conducting an internal audit, and supporting a certification audit. If you work in GRC, compliance, or IT security, you are already banking these hours — you just need to log them.

Jobs and indicative salaries in Australia

The Lead Implementer credential maps onto some of the best-paid roles in Australian tech. Ranges below are indicative AUD base salaries drawn from public Australian salary guides — a guide to the market, not a quote.

RoleIndicative AUD base
GRC / Security Analyst$95k–$130k
ISO 27001 Consultant / Lead Implementer$120k–$170k
Compliance / Risk Manager$130k–$175k
Information Security Manager (ISMS owner)$140k–$190k
vCISO / Head of Security$180k–$260k

Why demand is rising in Australia

ISO 27001 is now the default security qualifier in Australian procurement. More than 70,000 organisations worldwide hold the standard (ISO Survey), and Australian demand is driven by the ASD Essential Eight, APRA CPS 234, the SOCI Act, and enterprise and government procurement that asks suppliers for an ISO 27001 certified ISMS. Every one of those creates demand for people who can build the ISMS — exactly what the Lead Implementer credential proves.

Frequently asked questions

What is the difference between certifying my company and certifying myself?

They are two separate things. Certifying your company means building an Information Security Management System (ISMS) and passing a Stage 1 and Stage 2 audit by a JAS-ANZ-accredited certification body — the outcome is an organisational ISO 27001 certificate. Certifying yourself means earning an individual professional credential (PECB Lead Implementer) that proves you personally can do the work.

Do I need experience to become an ISO 27001 Lead Implementer?

Not to start. If you pass the exam you earn the Provisional Implementer credential with no experience required. The Lead Implementer tier specifically requires five years of professional experience (two in information security) plus 300 hours of ISMS project activity, which you accumulate over time while working.

How many hours of experience do I need?

It depends on the tier: Implementer needs 200 hours of ISMS project activity, Lead Implementer needs 300 hours, and Senior Lead Implementer needs 1,000 hours. Project activity means hands-on ISMS work — risk assessment, Statement of Applicability, implementing Annex A controls, internal audit, and supporting a certification audit.

Do I need the Foundation course first?

No, it is not mandatory — you can enrol directly in the Lead Implementer course. But if ISO 27001 is new to you, the Foundation course makes the Lead Implementer material much easier to absorb.

How much does it cost and how long does it take?

Aegentra Academy runs the official PECB Lead Implementer course for $849 AUD + GST, including the exam voucher and one free resit within 12 months. It is self-paced online (typically 30 to 40 hours of study) or instructor-led, and you can be exam-ready in a few weeks.

Is the PECB credential internationally recognised?

Yes. PECB is accredited by ANAB (the ANSI National Accreditation Board) under ANSI/ASTM E2659-18, so the credential is recognised on resumes, tenders, and procurement panels worldwide.

Ready to start? Aegentra Academy runs the official PECB ISO 27001 Lead Implementer course for $849 AUD + GST, exam voucher and free resit included. More field notes are on the Aegentra Insights hub.