hello@lighthousecybertech.com
Lagos, Nigeria LinkedIn
IT Governance · Risk · Compliance

In a world of cyber threats, be the organisation that is ready.

Lighthouse Cybertech helps businesses stay secure, stay compliant, and stay ahead — with expert IT Governance, Risk & Compliance services and the next generation of GRC professionals.

100% audit pass record 6 frameworks delivered at scale Fastest certification: 60 days
We implement and audit the frameworks that matter most
ISO 27001 PCI DSS NDPR / NDPA SOC 2 ISO 22301 ISO 20000 NIST CSF
GRC consultants collaborating in a meeting room
25+
Combined years
of GRC delivery
Why Lighthouse exists

Most organisations know they need to be secure. Very few know how to prove it.

Every year, businesses face growing pressure from three directions at once: regulators demanding compliance with data protection laws and industry standards, customers asking hard questions about how their data is protected, and attackers who do not stop because your policies are still being drafted.

The gap between where organisations are and where they need to be is not a technology gap. It is a governance gap — the absence of the right frameworks, the right processes, and the right people.

That is the gap Lighthouse Cybertech was built to close.
Explore Our Services
What we do

Two business lines. One standard of rigour.

From your first framework to your next generation of GRC talent — we cover the full picture.

GRC Consulting

We help organisations design, implement and certify governance, risk, and compliance programmes that satisfy regulators, impress auditors, and actually reduce risk — not just on paper, but in practice.

Frameworks ISO 27001 · PCI DSS · NDPR · SOC 2 · ISO 22301 · ISO 20000
Learn More →

Compliance Programme Management

Already certified? We help you stay that way. Our ongoing compliance support keeps your programme current, your controls operating, and your team audit-ready — without the annual scramble.

Includes Continuous monitoring · Quarterly reviews · Internal audit cycles
Learn More →

Lighthouse Academy — GRC Training

The industry needs more GRC professionals. We are building them. Structured, practical training for undergraduates and early-career professionals entering the IT GRC space, ready to be effective on the job.

Pathway Foundations · Implementation · Job readiness & launch
Explore the Academy →
Why Lighthouse

Our experience speaks for itself

We do not learn on your time. When there is a deadline, we meet it.

0+
Frameworks delivered at scale across Nigerian financial services & fintech
0
Days — our fastest multi-framework certification across three jurisdictions
0
Successful external framework audits in the last 2 years
0%
External audit pass rate — every client, every time. Zero exceptions.
Our consulting services

Secure. Compliant. Resilient.

Our consulting services cover the full lifecycle of information security governance — from building your first framework to maintaining certification across multiple standards simultaneously.

01

ISO 27001 — Information Security Management

The global standard for managing information security risk. We deliver end-to-end implementation and certification support, from scoping and gap analysis through Stage 1 and Stage 2 external audits.

  • ISMS scoping and risk treatment plan
  • Statement of Applicability & Annex A controls
  • Full policy suite, internal audit & management review
  • External certification audit coordination
Result: certification with zero critical findings at external audit — every time.
02

PCI DSS — Payment Card Industry Compliance

If your business processes, stores, or transmits cardholder data, PCI DSS is not optional. We implement both v3.2.1 and the current v4.0 framework across POS, API gateway and cloud environments.

  • CDE scoping and data flow mapping
  • Gap analysis against all 12 requirements
  • Network segmentation & pentest coordination
  • QSA liaison and ROC / SAQ support
03

NDPR / NDPA — Nigerian Data Protection

The NDPR and the Nigeria Data Protection Act 2023 impose clear obligations on every organisation processing the personal data of Nigerian citizens. Compliance is a legal requirement — and a business trust signal.

  • Personal data inventory & data flow mapping
  • Data Protection Impact Assessments (DPIAs)
  • Privacy policy, consent & data subject rights
  • NDPC filing, audit submission & DPO advisory
04

SOC 2 — Trust Services Compliance

The de facto security assurance standard for technology and SaaS companies. If you have enterprise clients — especially in the US or UK — they will ask for your SOC 2 report.

  • Type 1 & Type 2 readiness programmes
  • Evidence orchestration via GRC automation platforms
  • Dramatically reduced time to compliance
  • Auditor coordination through report issuance
05

ISO 22301 — Business Continuity & Resilience

The question is not whether your business will face disruption, but how quickly and completely it will recover. ISO 22301 makes resilience a measurable, auditable capability.

  • Business Impact Analysis (BIA)
  • Business Continuity & Disaster Recovery plans
  • Crisis management procedures
  • Tabletop simulation exercises
06

Ongoing Compliance Management

Certification is not a one-time event. Controls drift. Regulations change. Our retainer-based service keeps your programme current between audits — so you are always ready, not just on audit day.

  • Continuous control monitoring & KRI/KPI reporting
  • Quarterly risk reviews & treatment plan updates
  • Annual internal audit cycles
  • Regulatory change monitoring & advisory

Not sure where to start? We'll map it out — free.

Most organisations need more than one framework — and implementing them together is faster, cheaper, and more effective than doing them one at a time. Book a free 30-minute discovery call and we will map out exactly where you stand and what you need.

Book a Free Discovery Call
Industries we serve

Built for sectors where compliance is non-negotiable

Fintech & Digital Payments
Banking & Microfinance
Telecoms & Technology
E-commerce & Retail
Healthcare & Data-Sensitive Industries
SaaS & Cloud-Native Companies
Lighthouse Academy · For students & early-career professionals

Where GRC careers are built — before they begin.

Every year, thousands of graduates enter the Nigerian job market with technology degrees and no clear path into cybersecurity. At the same time, every organisation we work with is asking the same question: where do we find experienced GRC professionals?

The problem is not talent. Nigeria has extraordinary talent. The problem is a training gap — the space between what universities teach and what employers actually need on day one. Lighthouse Academy exists to close that gap.

Students learning GRC skills in a collaborative session
Stage 1

GRC Foundations

No prior experience required
  • Information security principles & the GRC function
  • Regulatory environments: NDPR, CBN IT Blueprint, PCI DSS
  • Risk assessment fundamentals
  • How frameworks are structured — ISO 27001 introduction
Stage 2

Framework Implementation

Move from understanding to doing
  • ISO 27001 implementation walkthrough
  • PCI DSS fundamentals for payment environments
  • NDPR/NDPA — data mapping, DPIAs, privacy-by-design
  • BCP & BIA methodology · hands-on GRC tools
Stage 3

Job Readiness & Launch

Your first 90 days, prepared
  • GRC CV & LinkedIn profile for maximum impact
  • Interview prep: cases & frameworks under pressure
  • Certification pathways: CISSP, Lead Implementer, CISM
  • Capstone: simulated ISO 27001 gap analysis

Final-Year Undergraduates

Completing a degree in Computer Science, Engineering, IT, or Business — and you want to enter GRC with real, demonstrable skills, not just a certificate.

Early-Career Professionals

Working in IT, audit, compliance, or risk — and you want to formalise your knowledge, move into a dedicated GRC role, or qualify at more senior levels.

Career Changers

Coming from banking, law, finance, or business — and you want to add the GRC technical layer that opens doors in security and compliance.

Next cohort opening soon

We enrol in cohorts so every student gets direct attention and mentoring. Join the waitlist to be the first to know when enrolment opens, receive early-bird pricing, and get a free pre-course resource pack.

Join the Waitlist
Our certifications & credentials

Founded by practitioners. Measured by outcomes.

More than 25 combined years building GRC functions from scratch — at banks, payment companies, fintechs, and telecommunications firms across Nigeria.

CISSP — (ISC)² ISO 27001 Lead Implementer ISO 22301 Lead Implementer & Lead Auditor ISO 20000 Lead Auditor AWS Certified Cloud Practitioner

Ready to protect your organisation — or build your career in GRC?

Whether you are a business looking to achieve certification, maintain compliance, or close a regulatory gap — or a student looking to build a career — we would like to hear from you.

Contact us

Talk to us.

Whether you have a compliance question, a certification deadline, or you just want to understand where your organisation stands — we are a conversation away.

Send us a message

Fill the form and a consultant will get back to you within one business day.

We respond to every enquiry. Your information is handled in line with the NDPR.

Contact details

Email hello@lighthousecybertech.com
Location Lagos, Nigeria

For Businesses & Organisations

  • Understand your compliance gap
  • Prepare for an upcoming certification audit
  • Ongoing compliance support & proposals

For Academy Enquiries

  • Join the next cohort or get curriculum details
  • Partner with us — universities & employers