Senior Cybersecurity & ISO 27001 Lead

Senior Cybersecurity & ISO 27001 Specialist (ISMS & Assurance) 

Location: Mauritius

Department: Cybersecurity Governance, Risk & Compliance (GRC) 

Company: Westzane Security Ltd 

About Westzane Security Ltd 

Westzane Security Ltd, a subsidiary of Westzane Holding Ltd, delivers nation-scale cybersecurity, compliance, and assurance solutions to governments, financial institutions, and defense-aligned organizations across the African Union. Our clients operate under strict regulatory, national security, and compliance mandates, where cybersecurity must be both technically sound and formally certified. We support organizations not only in securing their environments, but in achieving globally recognized cybersecurity certifications that withstand regulatory and audit scrutiny. As part of this mission, we are seeking a Senior Cybersecurity & ISO 27001 Lead to drive end-to-end ISMS implementation and certification, while also contributing as a senior cybersecurity authority. 

Role Positioning (Critical) 

This is not a pure compliance or documentation role. This role exists to: 

• Make organizations ISO 27001 certified from zero to certification 
• Act as the primary ISMS authority for Westzane and its clients 
• Bridge technical security controls with regulatory and audit requirements 
• Operate confidently with government agencies, regulators, and certification bodies 

The role is intentionally dual-purpose: 

• Primary: ISO 27001 / ISMS leadership 
• Secondary: Cybersecurity governance, risk, and control validation 

Role Overview 

The Senior Cybersecurity & ISO 27001 Lead will own the design, implementation, certification, and ongoing management of Information Security Management Systems (ISMS) for Westzane Security Ltd and its government and enterprise clients. 

You will lead organizations through the full ISO 27001 lifecycle—from gap assessment and risk treatment to internal audits, external audits, and surveillance cycles—while ensuring that security controls are technically real, not theoretical. 

This role is highly client-facing and requires prior experience working with government bodies, regulators, or highly regulated enterprises. 

Key Responsibilities 

1. ISO 27001 / ISMS Leadership (Primary Responsibility) 

• Lead end-to-end ISO/IEC 27001 implementation for clients and internal environments. 
• Conduct ISO 27001 gap assessments, readiness assessments, and risk assessments. 
• Define and implement:  
• ISMS scope and boundaries 
• Risk assessment and treatment methodologies 
• Statement of Applicability (SoA) 
• Policies, procedures, and control frameworks 
• Prepare organizations for Stage 1 and Stage 2 certification audits. 
• Act as the primary point of contact with certification bodies and auditors. 
• Manage surveillance audits, re-certification cycles, and continual improvement programs. 

2. Cybersecurity Governance & Control Validation 

• Map ISO 27001 controls to:  
• NIST CSF 
• SOC 2 
• PCI DSS 
• GDPR 
• Validate the technical effectiveness of implemented controls (not just documentation). 
• Work closely with Security Engineers and Analysts to ensure:  
• Controls are technically implemented 
• Evidence is audit-ready and regulator-grade 
• Support secure policy development across:  
• Network security 
• Access control 
• Incident response 
• Asset management 
• Supplier and third-party risk 

3. Government & Regulated Client Engagements 

• Deliver ISO and cybersecurity assurance programs for:  
• Government agencies 
• Regulators 
• Financial institutions 
• State-owned and critical infrastructure organizations 
• Operate within strict compliance, confidentiality, and audit requirements. 
• Translate regulatory expectations into practical, implementable security controls. 

4. Internal Audit & Risk Management 

• Design and execute internal ISMS audits. 
• Lead management reviews, risk committee sessions, and corrective action tracking. 
• Define KPIs, KRIs, and continuous improvement metrics. 
• Support incident reviews from an ISMS and compliance perspective. 

5. Advisory & Leadership Responsibilities 

• Act as the ISO 27001 Subject Matter Expert (SME) across Westzane. 
• Advise leadership on cyber risk, compliance posture, and certification strategy. 
• Mentor junior GRC and compliance analysts. 
• Support proposals, RFPs, and client assurance discussions. 

Required Qualifications 

Experience 

• 8–12 years of experience in Cybersecurity, GRC, or Information Security Management. 
• Proven track record of leading organizations to ISO/IEC 27001 certification (mandatory). 
• Prior experience working with:  
• Government agencies, or 
• Regulators, or 
• Highly regulated enterprise clients (financial, telecom, defense). 
• Experience handling external auditors and certification bodies independently. 

Education 

• Bachelor’s or Master’s degree in Cybersecurity, Information Security, IT, or related fields. 

Certifications (Mandatory / Strongly Preferred) 

• ISO/IEC 27001 Lead Implementer (mandatory) 
• ISO/IEC 27001 Lead Auditor (strong advantage) 
• Additional certifications preferred:  
• CISSP / CISM 
• CRISC 
• ISO 22301 (BCMS) 

Technical & Governance Skills 

• Deep understanding of ISO 27001 Annex A controls 
• Risk assessment and treatment methodologies 
• Policy and procedure development 
• Internal and external audit management 
• Evidence collection and audit defense 
• Familiarity with security tooling and controls (SIEM, IAM, IR, asset management) 

Soft Skills 

• High credibility with auditors, regulators, and senior leadership. 
• Strong documentation and presentation skills. 
• Ability to balance compliance requirements with operational realities. 
• High ownership, independence, and integrity. 

What We Offer 

• Senior compensation with relocation support to Mauritius. 
• Ownership of ISO certification programs for government and sovereign clients. 
• Authority to define ISMS and compliance standards across engagements. 
• Long-term growth into Chief Information Security Officer (CISO – GRC), Principal GRC Architect, or Assurance Director roles. 
• Exposure to international government and regulated environments. 

Join Westzane Security Ltd 

This role is for professionals who have personally taken organizations through ISO 27001 certification, understand both security controls and audit realities, and can operate confidently in government and regulated environments.  If you are capable of making organizations measurably secure and formally certified, Westzane Security Ltd wants you.