Senior Cybersecurity & ISO 27001 Lead

Location: Mauritius (Hiring from India)

Department: Cybersecurity Governance, Risk & Compliance (GRC)

Company: Westzane Security Ltd

Westzane Security Ltd, a subsidiary of Westzane Holding Ltd, delivers nation-scale cybersecurity, compliance, and assurance solutions to governments, financial institutions, and defense-aligned organizations across the African Union.

Our clients operate under strict regulatory, national security, and compliance mandates, where cybersecurity must be both technically sound and formally certified. We support organizations not only in securing their environments, but in achieving globally recognized cybersecurity certifications that withstand regulatory and audit scrutiny.

As part of this mission, we are seeking a Senior Cybersecurity & ISO 27001 Lead to drive end-to-end ISMS implementation and certification, while also contributing as a senior cybersecurity authority.

This is not a pure compliance or documentation role.

This role exists to:

·      Make organizations ISO 27001 certified from zero to certification

·      Act as the primary ISMS authority for Westzane and its clients

·      Bridge technical security controls with regulatory and audit requirements

·      Operate confidently with government agencies, regulators, and certification bodies

The role is intentionally dual-purpose:

·      Primary: ISO 27001 / ISMS leadership

·      Secondary: Cybersecurity governance, risk, and control validation

The Senior Cybersecurity & ISO 27001 Lead will own the design, implementation, certification, and ongoing management of Information Security Management Systems (ISMS) for Westzane Security Ltd and its government and enterprise clients.

You will lead organizations through the full ISO 27001 lifecycle—from gap assessment and risk treatment to internal audits, external audits, and surveillance cycles—while ensuring that security controls are technically real, not theoretical.

This role is highly client-facing and requires prior experience working with government bodies, regulators, or highly regulated enterprises.

·      Lead end-to-end ISO/IEC 27001 implementation for clients and internal environments.

·      Conduct ISO 27001 gap assessments, readiness assessments, and risk assessments.

·      Define and implement:

o  ISMS scope and boundaries

o  Risk assessment and treatment methodologies

o  Statement of Applicability (SoA)

o  Policies, procedures, and control frameworks

·      Prepare organizations for Stage 1 and Stage 2 certification audits.

·      Act as the primary point of contact with certification bodies and auditors.

·      Manage surveillance audits, re-certification cycles, and continual improvement programs.

·      Map ISO 27001 controls to:

o  NIST CSF

o  SOC 2

o  PCI DSS

o  GDPR

·      Validate the technical effectiveness of implemented controls (not just documentation).

·      Work closely with Security Engineers and Analysts to ensure:

o  Controls are technically implemented

o  Evidence is audit-ready and regulator-grade

·      Support secure policy development across:

o  Network security

o  Access control

o  Incident response

o  Asset management

o  Supplier and third-party risk

·      Deliver ISO and cybersecurity assurance programs for:

o  Government agencies

o  Regulators

o  Financial institutions

o  State-owned and critical infrastructure organizations

·      Operate within strict compliance, confidentiality, and audit requirements.

·      Translate regulatory expectations into practical, implementable security controls.

·      Design and execute internal ISMS audits.

·      Lead management reviews, risk committee sessions, and corrective action tracking.

·      Define KPIs, KRIs, and continuous improvement metrics.

·      Support incident reviews from an ISMS and compliance perspective.

·      Act as the ISO 27001 Subject Matter Expert (SME) across Westzane.

·      Advise leadership on cyber risk, compliance posture, and certification strategy.

·      Mentor junior GRC and compliance analysts.

·      Support proposals, RFPs, and client assurance discussions.

·      8–12 years of experience in Cybersecurity, GRC, or Information Security Management.

·      Proven track record of leading organizations to ISO/IEC 27001 certification (mandatory).

·      Prior experience working with:

o  Government agencies, or

o  Regulators, or

o  Highly regulated enterprise clients (financial, telecom, defense).

·      Experience handling external auditors and certification bodies independently.

·      Bachelor’s or Master’s degree in Cybersecurity, Information Security, IT, or related fields.

·      ISO/IEC 27001 Lead Implementer (mandatory)

·      ISO/IEC 27001 Lead Auditor (strong advantage)

·      Additional certifications preferred:

o  CISSP / CISM

o  CRISC

o  ISO 22301 (BCMS)

·      Deep understanding of ISO 27001 Annex A controls

·      Risk assessment and treatment methodologies

·      Policy and procedure development

·      Internal and external audit management

·      Evidence collection and audit defense

·      Familiarity with security tooling and controls (SIEM, IAM, IR, asset management)

·      High credibility with auditors, regulators, and senior leadership.

·      Strong documentation and presentation skills.

·      Ability to balance compliance requirements with operational realities.

·      High ownership, independence, and integrity.

·      Senior compensation with relocation support to Mauritius.

·      Ownership of ISO certification programs for government and sovereign clients.

·      Authority to define ISMS and compliance standards across engagements.

·      Long-term growth into Chief Information Security Officer (CISO – GRC), Principal GRC Architect, orAssurance Director roles.

·      Exposure to international government and regulated environments.

This role is for professionals who have personally taken organizations through ISO 27001 certification, understand both security controls and audit realities, and can operate confidently in government and regulated environments.

If you are capable of making organizations measurably secure and formally certified, Westzane Security Ltd wants you.