Westzane Security Ltd, a subsidiary of Westzane Holding Ltd, delivers nation-scale cybersecurity, compliance, and assurance solutions to governments, financial institutions, and defense-aligned organizations across the African Union. Our clients operate under strict regulatory, national security, and compliance mandates, where cybersecurity must be both technically sound and formally certified. We support organizations not only in securing their environments, but in achieving globally recognized cybersecurity certifications that withstand regulatory and audit scrutiny. As part of this mission, we are seeking a Senior Cybersecurity & ISO 27001 Lead to drive end-to-end ISMS implementation and certification, while also contributing as a senior cybersecurity authority.
Role Positioning
This is not a pure compliance or documentation role. This role exists to:
- Make organizations ISO 27001 certified from zero to certification
- Act as the primary ISMS authority for Westzane and its clients
- Bridge technical security controls with regulatory and audit requirements
- Operate confidently with government agencies, regulators, and certification bodies
The role is intentionally dual-purpose:
- Primary: ISO 27001 / ISMS leadership
- Secondary: Cybersecurity governance, risk, and control validation
Role Overview
The Senior Cybersecurity & ISO 27001 Lead will own the design, implementation, certification, and ongoing management of Information Security Management Systems (ISMS) for Westzane Security Ltd and its government and enterprise clients.
You will lead organizations through the full ISO 27001 lifecycle—from gap assessment and risk treatment to internal audits, external audits, and surveillance cycles—while ensuring that security controls are technically real, not theoretical.
This role is highly client-facing and requires prior experience working with government bodies, regulators, or highly regulated enterprises.
Key Responsibilities
1. ISO 27001 / ISMS Leadership (Primary Responsibility)
- Lead end-to-end ISO/IEC 27001 implementation for clients and internal environments.
- Conduct ISO 27001 gap assessments, readiness assessments, and risk assessments.
- Define and implement:
ISMS scope and boundaries
Risk assessment and treatment methodologies
Statement of Applicability (SoA)
Policies, procedures, and control frameworks
- Prepare organizations for Stage 1 and Stage 2 certification audits.
- Act as the primary point of contact with certification bodies and auditors.
- Manage surveillance audits, re-certification cycles, and continual improvement programs.
2. Cybersecurity Governance & Control Validation
- Map ISO 27001 controls to:
NIST CSF
SOC 2
PCI DSS
GDPR
- Validate the technical effectiveness of implemented controls (not just documentation).
- Work closely with Security Engineers and Analysts to ensure:
Controls are technically implemented
Evidence is audit-ready and regulator-grade
- Support secure policy development across:
Network security
Access control
Incident response
Asset management
Supplier and third-party risk
3. Government & Regulated Client Engagements
- Deliver ISO and cybersecurity assurance programs for:
Government agencies
Regulators
Financial institutions
State-owned and critical infrastructure organizations
- Operate within strict compliance, confidentiality, and audit requirements.
- Translate regulatory expectations into practical, implementable security controls.
4. Internal Audit & Risk Management
- Design and execute internal ISMS audits.
- Lead management reviews, risk committee sessions, and corrective action tracking.
- Define KPIs, KRIs, and continuous improvement metrics.
- Support incident reviews from an ISMS and compliance perspective.
5. Advisory & Leadership Responsibilities
- Act as the ISO 27001 Subject Matter Expert (SME) across Westzane.
- Advise leadership on cyber risk, compliance posture, and certification strategy.
- Mentor junior GRC and compliance analysts.
- Support proposals, RFPs, and client assurance discussions.
Required Qualifications
Experience
- 8–12 years of experience in Cybersecurity, GRC, or Information Security Management.
- Proven track record of leading organizations to ISO/IEC 27001 certification (mandatory).
- Prior experience working with:
Government agencies, or
Regulators, or
Highly regulated enterprise clients (financial, telecom, defense).
- Experience handling external auditors and certification bodies independently.
Education
- Bachelor’s or Master’s degree in Cybersecurity, Information Security, IT, or related fields.
Certifications (Mandatory / Strongly Preferred)
- ISO/IEC 27001 Lead Implementer (mandatory)
- ISO/IEC 27001 Lead Auditor (strong advantage)
- Additional certifications preferred:
CISSP / CISM
CRISC
ISO 22301 (BCMS)
Technical & Governance Skills
- Deep understanding of ISO 27001 Annex A controls
- Risk assessment and treatment methodologies
- Policy and procedure development
- Internal and external audit management
- Evidence collection and audit defense
- Familiarity with security tooling and controls (SIEM, IAM, IR, asset management)
Soft Skills
- High credibility with auditors, regulators, and senior leadership.
- Strong documentation and presentation skills.
- Ability to balance compliance requirements with operational realities.
- High ownership, independence, and integrity.
What We Offer
- Senior compensation with relocation support to Mauritius.
- Ownership of ISO certification programs for government and sovereign clients.
- Authority to define ISMS and compliance standards across engagements.
- Long-term growth into Chief Information Security Officer (CISO – GRC), Principal GRC Architect, or Assurance Director roles.
- Exposure to international government and regulated environments.