Security and compliance

Answer:

First step is for you to decide which path you want to follow among these general fields: security management, security assurance (i.e., security audit), or technical security, and this last one has many sub fields (e.g., software development, security operation, etc.). Once you have decided this path there are many certifications available for each field (e.g., CISM for security management, CISA for security assurance, and CISSP for overall technical security).

Considering specifically ISO 27001 career you can follow:
- ISO 27001 Lead Implementer – this certification recognizes people who have competency in the ISO 27001 implementation process.
- ISO 27001 Lead Auditor – this certification recognizes people who have competency in auditing an ISMS against ISO 27001 requirements and want to become certification auditors (and with this provides more confidence to an organization for being certified).

These articles will provide you further explanation about ISO 27001 personal certifications:
- What does ISO 27001 Lead Implementer training look like? https://advisera.com/27001academy/blog/2016/11/28/what-does-iso-27001-lead-implementer-training-look-like/
- What does ISO 27001 Lead Auditor training look like? https://advisera.com/27001academy/blog/2016/08/29/what-does-iso-27001-lead-auditor-training-look-like/
- Lead Auditor Course vs. Lead Implementer Course – Which one to go for? https://advisera.com/27001academy/blog/2014/06/16/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for/

This material will also help you regarding ISO 27001 personal certifications:
- ISO 27001 Lead Auditor Course preparation training [free webinar on demand] https://advisera.com/training/iso-27001-lead-auditor-course/
For courses related to these certifications, please see:
- ISO 27001:2013 Lead auditor course https://advisera.com/training/iso-27001-lead-auditor-course/
- ISO 27001:2013 Lead implementer course https://advisera.com/training/iso-27001-lead-implementer-course/

Thank you for your detailed response.
What is the difference between ISO 27001:2013 Internal Auditor and ISO 27001 Lead Auditor

Answer:

ISO 27001 Internal Auditor is someone with competence to audit an ISMS against ISO 27001 so he/she can perform audits for his/her organization, while the ISO 27001 Lead Auditor is someone who has competency on auditing an ISMS against ISO 27001 requirements and is qualified to become a certification auditor (i.e., capable to work for a certification body).

These articles will provide you further explanation about personal certifications:
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
- ISO 27001 Internal Auditor training – Is it good for my career? https://advisera.com/27001academy/blog/2016/03/29/iso-27001-internal-auditor-training-is-it-good-for-my-career/

These materials will also help you regarding internal audit training:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- ISO 27001:2013 Internal Auditor Cour se https://advisera.com/training/iso-27001-internal-auditor-course/
- ISO 27001:2013 Lead Auditor Course https://advisera.com/training/iso-27001-lead-auditor-course/