ISO 27005 Lead Risk Manager — Information Security Risk Management

This intensive 3-day course is tailored for professionals aiming to lead and manage advanced Information Security Risk Management programs.

Anchored in the ISO/IEC 27005:2022 standard and aligned with ISO 31000 principles, it equips participants with the expertise to design, implement, and oversee Risk Management frameworks that support ISO/IEC 27001 compliance.

Led by experienced PECB-certified instructors, the training offers in-depth insights into Risk Management strategies, leadership responsibilities, and the integration of risk practices into broader business objectives. Participants will gain practical experience with globally recognized risk assessment methodologies, including OCTAVE, EBIOS, MEHARI, NIST, CRAMM, and Harmonized TRA—ensuring a well-rounded understanding of diverse risk approaches.

Upon successful completion of the course and exam, participants will earn the official PECB ISO/IEC 27005 Lead Risk Manager certification, validating their ability to lead Risk Management initiatives and apply best practices in complex, real-world environments.

Throughout this course, you'll learn to:

• Explain the Risk Management concepts and principles based on ISO/IEC 27005 and ISO 31000
• Establish, maintain, and continually improve an Information Security Risk Management framework based on the guidelines of ISO/IEC 27005 and best practices
• Apply Information Security Risk Management processes based on the guidelines of ISO/IEC 27005
• Plan and establish risk communication and consultation activities
• Record, report, monitor, and review the Information Security Risk Management process and framework

With Firebrand’s Lecture | Lab | Review methodology, you’ll certify at twice the speed of traditional training while gaining access to official courseware, expert instruction, and an immersive, distraction-free learning environment.

As part of the course, you’ll take the official ISO/IEC 27005 Lead Risk Manager exam, backed by the Firebrand Certification Guarantee for added confidence. Additionally, upon certification, you’ll earn a digital badge, enhancing your professional credibility in Information Security Risk Management.

Why choose Firebrand?

• Flexible Delivery Options: Choose between classroom-based training or virtual instructor-led sessions, with delivery options to suit your needs and schedule
• Comprehensive Certification Preparation: Covers the PECB exam topics with integrated study materials and practice exercises
• Interactive Learning: Includes workshops, case studies, and group discussions to apply concepts practically
• Experienced Instructors: Led by certified trainers with extensive industry experience

This training course is intended for:

• Managers or consultants involved in or responsible for Information Security in an organization
• Individuals responsible for managing Information Security risks, such as ISMS professionals and risk owners
• Members of Information Security teams, IT professionals, and privacy officers
• Individuals responsible for maintaining conformity with the Information Security requirements of ISO/IEC 27001 in an organization
• Project Managers, consultants, or expert advisers seeking to master the management of Information Security risks

• Introduction
• Standards and regulatory frameworks
• Fundamental concepts and principles of Information Security Risk Management
• Risk Management
• Context establishment
• Risk identification
• Risk Analysis
• Risk evaluation
• Risk treatment
• Information Security risk acceptance
• Information Security risk communication and consultation
• Information Security risk monitoring and review
• OCTAVE and MEHARI methodologies
• EBIOS method
• NIST Framework
• CRAMM and TRA methods
• Exam Preparation

At the end of this course, you'll sit the official PECB Certified ISO/IEC 27005 Lead Risk Manager examination, covered by the Firebrand Certification Guarantee.

• Duration: 180 minutes (3 hours)
• Format: Multiple-choice questions, open-book
• Number of Questions: 80
• Pass Score: 70%
• CPD points available: 31 CPD points available upon completion
• Digital Badge: PECB have partnered with Credly to offer you the chance of earning a digital badge upon completing your certification.

Competency domains covered during the examination include:

• Domain 1: Fundamental principles and concepts of Information Security Risk Management
• Domain 2: Implementation of an Information Security Risk Management program
• Domain 3: Information Security risk assessment
• Domain 4: Information Security risk treatment
• Domain 5: Information Security risk communication, monitoring, and improvement
• Domain 6: Information Security risk assessment methodologies

After successfully completing the exam, you can apply for your credential. You will receive a certificate once you meet the requirements related to the specified credential. 

The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of Risk Management and Information Security.

Exam and certification fees are included in the training price.

You’ll also receive the following as part of the course:

• A student manual containing over 450 pages of information and practical examples
• A participation certificate of 31 CPD (Continual Professional Development) credits

Seven reasons why you should sit your course with Firebrand Training

• Two training options. Choose between residential classroom-based and online courses
• You'll be certified fast. With us, you’ll be trained in record time
• Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
• Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
• You’ll learn more. A day with a traditional training provider generally runs 9am–5pm, with a nice long break for lunch. With Firebrand, you’ll get at least 12 hours/day of quality learning time with your instructor
• You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
• You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals

*For residential training only. Doesn't apply to online courses
**Some exceptions apply. Please refer to the Exam Track or speak with our experts