GTPL Hathway Ltd. | ISP Security Audit Nodal Officer | ahmedabad

Job Description

Position Title: ISP Security Audit Nodal Officer

Location: Ahmedabad

Position Overview:

The ISP (Internet Service Provider) Security Audit Nodal Officer is responsible for managing and overseeing the security audit functions within the organization. This position involves ensuring that the ISP’s network infrastructure, data, and systems are secure and compliant with relevant cybersecurity standards, regulations, and industry best practices. The Nodal Officer will coordinate security audits, assess risks, identify vulnerabilities, and ensure the implementation of corrective actions to mitigate threats and safeguard the ISP’s services.

Key Responsibilities:

• Security Audit Coordination:

• Lead, plan, and manage security audits for ISP’s networks, infrastructure, applications, and information systems.
• Coordinate with internal teams and external auditors to ensure audit processes are executed according to security policies, standards, and regulatory requirements.
• Serve as the primary point of contact for all security audit-related matters, both internally and externally.

• Audit Planning and Implementation:

• Develop comprehensive security audit strategies and schedules, ensuring they align with business goals and compliance requirements.
• Ensure that security audits address all critical components, including data privacy, network security, and regulatory compliance.
• Oversee the preparation and implementation of audit plans, ensuring timely and thorough completion of all tasks.

• Compliance and Risk Management:

• Ensure ISP security practices and audit processes comply with national and international regulations, such as ISO 27001, NIST, GDPR, and other relevant cybersecurity standards.
• Monitor adherence to security policies and regulations, and ensure necessary steps are taken to address non-compliance or gaps.
• Identify security risks and vulnerabilities in ISP infrastructure and services, and recommend appropriate mitigations.

• Documentation and Reporting:

• Create and maintain detailed audit reports, highlighting findings, vulnerabilities, and areas of improvement.
• Prepare executive summaries of audit results and present findings to senior management, providing clear recommendations and action plans.
• Track audit findings and ensure that corrective actions are implemented promptly, with continuous monitoring of progress.

• Security Awareness and Training:

• Develop and deliver training programs to raise awareness about security risks and best practices across the ISP organization.
• Educate staff on the importance of adhering to security policies and help build a culture of proactive security within the company.

• Incident Response and Remediation:

• Actively participate in the response to and investigation of security incidents or breaches, providing support in identifying root causes and recommending corrective measures.
• Collaborate with incident response teams to ensure effective mitigation and recovery from security events.
• Ensure security controls are updated based on audit findings to prevent similar incidents in the future.

• Liaison with Regulatory Authorities:

• Maintain relationships with regulatory bodies and third-party auditors to ensure compliance with legal and industry requirements.
• Stay up-to-date with changes in relevant cybersecurity regulations and ensure that the ISP’s policies and audits align with the latest standards.

• Continuous Improvement:

• Regularly review and improve audit methodologies and tools to enhance the effectiveness of the security audit process.
• Stay current with the latest cybersecurity trends, threats, and best practices, integrating new approaches into ISP security auditing processes.
• Ensure ongoing improvements in ISP’s cybersecurity posture, leveraging insights from audits and industry developments.

• Vendor and Third-Party Security Management:

• Evaluate third-party vendors’ security practices through audits to ensure they meet the required security standards and compliance criteria.
• Oversee security assessments of outsourcing contracts and third-party service providers involved in ISP operations.

Required Skills and Qualifications:

• Educational Background:
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field.
• Professional certifications in cybersecurity (e.g., CISA, CISSP, CISM, ISO 27001 Lead Auditor) are highly desirable.
• Experience:
• At least 5 years of experience in information security auditing, risk management, or cybersecurity, preferably within the telecommunications or ISP industry.
• Hands-on experience with security auditing tools and methodologies, vulnerability assessments, and risk management practices.
• Experience working with regulatory bodies, compliance audits, and implementing industry security standards.
• Skills:
• Strong knowledge of security frameworks such as ISO 27001, NIST, GDPR, and others relevant to the ISP industry.
• Experience in evaluating and managing risks, identifying vulnerabilities, and recommending mitigation strategies.

Connect my team on 9081156881