Information Security Manager

Role OverviewWe are seeking a highly experienced Information Security Manager to lead a team of (Senior) Security Engineers and (Senior) Information Security Analysts. This role oversees both technical cybersecurity services (offensive security, SOC/monitoring, vulnerability management) and GRC/audit functions.Key Responsibilities1. Team Leadership & People Management Managed combined the local security Team in Mauritius Participate in hiring, onboarding, skills development, and succession planning. Manage performance evaluations, and workload distribution. Foster a culture of continuous improvement, innovation, and accountability. 2. Cybersecurity Program Management (Technical & GRC)Lead and continuously improve major cybersecurity service lines, including:Technical Security Programs  Offensive security services: penetration tests, Red/Purple Team exercises, configuration/hardening reviews. Vulnerability Management (full lifecycle): scanning, prioritization, remediation tracking, dashboards. Incident Response Oversight Endpoint & cloud monitoring: CrowdStrike, Microsoft EDR, NDR platforms, cloud security (e.g., Wiz). External attack surface monitoring (Shodan, BitSight, SecurityScorecard). GRC, Compliance & Audit Programs  Governance, Risk & Compliance (ISO 27x, NIST, DORA, PCI-DSS). Implementation and continuous improvement of ISMS, BCMS, PIMS. Oversight of internal/external audits, certification programs, customer audits. Policy, standards, and SOP lifecycle management. Vendor Risk Management and customer due-diligence questionnaire oversight. 3. Service Delivery & Client Engagement Act as primary escalation point for technical, operational, risk, or compliance matters. Oversee end-to-end delivery of: Penetration test reports Security assessments & maturity evaluations Vulnerability reports & dashboards Incident reports & threat analysis GRC deliverables (KPIs/KRIs, risk reports, policy packs, audit documentation) Participate in executive-level presentations and security advisory sessions. Ensure service SLAs, KPIs, and quality standards are consistently met. 4. Security Strategy, Roadmap & Architecture Maintain the multi-year cybersecurity roadmap covering both technical and GRC domains. Evaluate and select cybersecurity tools, platforms, and services. Define KPIs, KRIs, operational benchmarks, and maturity targets. Contribute to ELCA’s global security architecture and governance recommendations. 5. Compliance, Risk & Audit Management Oversee and maintain adherence to ISO 27x standards Coordinate internal audits, external certification audits, and customer audit programs. Ensure the risk management framework is continuously updated and aligned with evolving threats and regulatory needs. 6. Stakeholder & Cross Department Collaboration Work closely with global teams across: IT, Cloud, Networks, Architecture, Engineering, Project Teams, and Business units. Provide reporting line with clear risk, security, and compliance updates. Liaise with local & Swiss leadership and actively contribute to ensure alignment with strategic objectives. Required Skills & Qualifications Degree in Cybersecurity, Computer Science, or related field. 8 -10 years experience in cybersecurity roles, including at least 3+ years in leadership. Strong experience across both technical cybersecurity and GRC/compliance domains. Required certifications: CISM and/or CISSP. Additional beneficial certifications: PECB ISO 27001 Senior LI/LA, ISO 22301 Senior LI Strong understanding of offensive security, SOC operations, risk management, audit frameworks, and compliance requirements. Excellent communication, stakeholder management, conflict resolution, and decision-making skills. Proven experience managing multi-regional clients in a service-delivery model. Fluent in English and French (written and spoken).