Role Overview We are seeking a highly experienced Information Security Manager to lead a team of (Senior) Security Engineers and (Senior) Information Security Analysts. This role oversees both technical cybersecurity services (offensive security, SOC/monitoring, vulner...

Role Overview

We are seeking a highly experienced Information Security Manager to lead a team of (Senior) Security Engineers and (Senior) Information Security Analysts. This role oversees both technical cybersecurity services (offensive security, SOC/monitoring, vulnerability management) and GRC/audit functions.

Key Responsibilities

1. Team Leadership & People Management

• Managed combined the local security Team in Mauritius
• Participate in hiring, onboarding, skills development, and succession planning.
• Manage performance evaluations, and workload distribution.
• Foster a culture of continuous improvement, innovation, and accountability.

2. Cybersecurity Program Management (Technical & GRC)

Lead and continuously improve major cybersecurity service lines, including:

Technical Security Programs 

• Offensive security services: penetration tests, Red/Purple Team exercises, configuration/hardening reviews.
• Vulnerability Management (full lifecycle): scanning, prioritization, remediation tracking, dashboards.
• Incident Response Oversight
• Endpoint & cloud monitoring: CrowdStrike, Microsoft EDR, NDR platforms, cloud security (e.g., Wiz).
• External attack surface monitoring (Shodan, BitSight, SecurityScorecard).

GRC, Compliance & Audit Programs 

• Governance, Risk & Compliance (ISO 27x, NIST, DORA, PCI-DSS).
• Implementation and continuous improvement of ISMS, BCMS, PIMS.
• Oversight of internal/external audits, certification programs, customer audits.
• Policy, standards, and SOP lifecycle management.
• Vendor Risk Management and customer due-diligence questionnaire oversight.

3. Service Delivery & Client Engagement

• Act as primary escalation point for technical, operational, risk, or compliance matters.
• Oversee end-to-end delivery of:
  • Penetration test reports
  • Security assessments & maturity evaluations
  • Vulnerability reports & dashboards
  • Incident reports & threat analysis
  • GRC deliverables (KPIs/KRIs, risk reports, policy packs, audit documentation)
• Participate in executive-level presentations and security advisory sessions.
• Ensure service SLAs, KPIs, and quality standards are consistently met.

4. Security Strategy, Roadmap & Architecture

• Maintain the multi-year cybersecurity roadmap covering both technical and GRC domains.
• Evaluate and select cybersecurity tools, platforms, and services.
• Define KPIs, KRIs, operational benchmarks, and maturity targets.
• Contribute to ELCA’s global security architecture and governance recommendations.

5. Compliance, Risk & Audit Management

• Oversee and maintain adherence to ISO 27x standards
• Coordinate internal audits, external certification audits, and customer audit programs.
• Ensure the risk management framework is continuously updated and aligned with evolving threats and regulatory needs.

6. Stakeholder & Cross Department Collaboration

• Work closely with global teams across: IT, Cloud, Networks, Architecture, Engineering, Project Teams, and Business units.
• Provide reporting line with clear risk, security, and compliance updates.
• Liaise with local & Swiss leadership and actively contribute to ensure alignment with strategic objectives.

Required Skills & Qualifications

• Degree in Cybersecurity, Computer Science, or related field.
• 8 -10 years experience in cybersecurity roles, including at least 3+ years in leadership.
• Strong experience across both technical cybersecurity and GRC/compliance domains.
• Required certifications: CISM and/or CISSP.
• Additional beneficial certifications:
  • PECB ISO 27001 Senior LI/LA, ISO 22301 Senior LI
• Strong understanding of offensive security, SOC operations, risk management, audit frameworks, and compliance requirements.
• Excellent communication, stakeholder management, conflict resolution, and decision-making skills.
• Proven experience managing multi-regional clients in a service-delivery model.
• Fluent in English and French (written and spoken).