ISO/IEC 27005 Risk Manager
Build the skill to manage information security risk in line with ISO/IEC 27005. The methodology underpinning every ISMS and the foundation of the risk assessment required by ISO 27001, NIS2 and DORA.
Who is this course for?
- Consultants and analysts who carry out security risk assessments
- Security managers who need to justify their decisions on a risk basis
- Auditors and compliance professionals (NIS2, DORA, ISO 27001)
- Anyone who wants to master the risk assessment methodology underpinning every ISMS
What you'll gain
- The PECB Certified ISO/IEC 27005 Risk Manager credential, recognised internationally
- Command of the full risk management process: identify, analyse, evaluate and treat
- The ability to apply the methodology in ISO 27001, NIS2 and DORA projects
- The criteria to justify security decisions before management and auditors
Course programme
Day 1 · Fundamentals and framework of risk management
- Information security risk concepts; ISO/IEC 27005 and ISO 31000
- Establishing the context and risk criteria
- Relationship with the ISO/IEC 27001 ISMS
Day 2 · Risk identification, analysis and evaluation
- Identifying assets, threats and vulnerabilities
- Risk analysis and estimation; qualitative and quantitative approaches
- Risk evaluation and prioritisation
Day 3 · Treatment, acceptance and examination
- Risk treatment options and the treatment plan
- Risk acceptance, communication and monitoring
- Review and official "PECB Certified ISO/IEC 27005 Risk Manager" exam
Exam, credits & certification
Once you pass the exam, you can apply for the "PECB Certified ISO/IEC 27005 Risk Manager" credential. The exam includes 2 attempts: the first plus a free retake, usable within the following 12 months. Passing first time is no longer a source of pressure. CPD credits correspond to the course level according to PECB. The exam duration is indicative; ask me for the exact details when you enrol.
Your trainer

Ricardo Coronel Lemus
More than 20 years in cybersecurity and compliance, today a vCISO and GRC consultant with real clients in France, Spain and Mexico. This is a standard I teach as a PECB Certified Trainer, and I don't approach it theoretically: I apply it day to day with real clients — that's what I bring to my coaching and exam preparation.
Frequently asked questions
Do I need any prerequisites?
What language is the exam in?
What is the difference between Self-Study and Self-Study + Coaching?
What if I don't pass the exam?
What is this certification for?
Ready to get certified in ISO 27005?
Choose your option above and enrol online. A question or need some advice? Write to me or book a call.