ISO 27001 jobs – who, what, and where

With ISO 2700 being acknowledged as the de facto global information security management standard, it’s not surprising that ISO 27001 certificates are the key to building a successful career in information security management. Annual salaries for cybersecurity jobs in the US requiring ISO 27001 qualifications start at $70,000 and rise to $120,000.

So how many IT jobs are we talking about?

This morning (March 31), I logged into LinkedIn Jobs and typed the obvious search terms ‘ISO 27001’ and ‘United States’. The results displayed 1,084 open positions, with 986 of these being posted in the last month alone. Even assuming that some of these jobs remain unfilled, this could indicate that over 11,000 new jobs that need ISO 27001 qualification may be posted over a 12-month period!

Who needs these people?

The great thing about job postings on LinkedIn is that the positions are usually listed by the companies themselves. You can see that Microsoft, Amazon, Salesforce, Qualcomm, Bose, and McKinsey all require ISO 27001-certified staff immediately.

What are these roles?

While the dominant role advertised is that of information security manager, it’s very interesting to see vacancies in data center operations, product management, VP marketing, sales management, and business analysis.

Where are these firms?

Companies on the east and west coasts are more commonly advertising these roles, and this is consistent with the focus on cybersecurity and its management in the industry sectors that thrive in these areas:

  1. IT technology and services
  2. Financial services (banks/insurance)
  3. Healthcare
  4. Marketing/data processing
  5. Law firms
  6. Telco and Internet service providers

New York has a special need

In the New York area, as financial services organizations come to terms with the complex and demanding requirements of the new NYDFS cybersecurity regulation, it is becoming clear that there is an urgent need to recruit and train specialist information security staff. Implementing an information security management system that complies with ISO 27001 is a foolproof way of complying with the Regulation and ensuring a firm fully mitigates the risks associated with cyber crime.

How can you get started?

The quickest and most effective way to get started on implementing ISO 27001 or becoming an ISO 27001 specialist is to attend the ISO27001 Certified ISMS Foundation and Lead Implementer Combination Online training course.

Designed for those based in the USA, and delivered online by ISO 27001 experts, this four-day training session provides a complete introduction to the requirements of ISO 27001, and covers all of the activities required to plan, implement, and maintain an ISO 27001-compliant information security management system. It also provides the opportunity for attendees who pass the included examination to obtain their first industry-recognized ISO 27001 qualification.


Receive a complimentary ISO 27001 book set with purchase of the ISO27001 Foundation and Lead Implementer Combination Online Course. Simply enter the code 4JulyISOCombo at checkout.