Senior Information Security Officer for a Broadband co. based at Mumbai

Job Description:

Job Summary:

The Chief Information Security Officer (CISO) for the Internet Service Provider (ISP) industry is a senior executive responsible for safeguarding the organization's infrastructure, customer data, and networks against cyber threats. This role ensures the secure delivery of ISP services, compliance with telecom and cybersecurity regulations, and resilience against evolving threats to both internal systems and customer-facing services. The CISO collaborates with internal teams, external stakeholders, and government agencies to maintain trust, availability, and confidentiality.

Key Responsibilities:

1. Security Strategy and Leadership

• Design and execute a comprehensive information security strategy specific to ISP operations and services.
• Align security policies and procedures with organizational goals and industry regulations.
• Serve as the primary advisor to the leadership team on all security-related matters, including threats targeting ISP networks and infrastructure.

2. Network and Infrastructure Security

• Oversee the security of core ISP infrastructure, including routers, switches, DNS servers, and data centers.
• Implement robust measures to protect against Distributed Denial of Service (DDoS) attacks, malware propagation, and unauthorized access.
• Monitor and safeguard customer-facing systems, such as billing platforms and subscriber management systems.

3. Risk Management and Incident Response

• Conduct regular risk assessments and threat analyses specific to the ISP environment, including customer data security risks.
• Lead the response to cybersecurity incidents, including attacks on ISP infrastructure or customer networks.
• Develop and test business continuity and disaster recovery plans to ensure uninterrupted service delivery.

4. Governance and Compliance

• Ensure compliance with telecom and data protection regulations
• Maintain adherence to cybersecurity standards, such as ISO 27001, NIST, or industry-specific frameworks.
• Liaise with regulators, law enforcement, and government agencies to address security and compliance requirements.

5. Operational Security

• Oversee the deployment and management of security tools, including firewalls, Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM), and anti-DDoS solutions.
• Managing Security Operation Centre (SOC)
• Ensure secure software development and deployment processes for ISP applications and systems.
• Monitor ISP traffic for anomalies and suspicious activity, ensuring proactive detection and mitigation of threats.

6. Customer Data Privacy and Security

• Safeguard customer data by implementing strong encryption, secure storage, and access controls.
• Build trust by ensuring transparency in handling customer data and managing breaches responsibly.

7. Team Leadership and Training

• Build and lead a skilled cybersecurity team focused on ISP-specific security challenges.
• Provide training and resources for employees to enhance security awareness.
• Foster a culture of security-conscious decision-making across technical and non-technical teams.

8. Emerging Threats and Innovation

• Stay ahead of industry-specific threats, such as state-sponsored cyberattacks, telecom fraud, and emerging malware targeting ISPs.
• Evaluate and adopt innovative security solutions to protect against evolving attack vectors.
• Collaborate with global peers and organizations to share intelligence and best practices for securing ISP networks.

Desired Profile / Criteria / Skills :

Qualifications:

Education and Experience

• Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s preferred).
• 10+ years of experience in cybersecurity, with at least 5 years in a leadership role within a telecom, ISP, or network-intensive industry.

Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Ethical Hacker (CEH)
• Cisco Certified CyberOps Professional or equivalent network security certifications

Skills and Competencies

• Deep understanding of ISP network architecture, protocols (BGP, MPLS, DNS), and vulnerabilities.
• Expertise in DDoS mitigation, network monitoring, and threat intelligence platforms.
• Familiarity with telecom regulations and data protection laws.
• Strong leadership, communication, and stakeholder management skills.

Key Performance Indicators (KPIs):

• Reduction in the frequency and impact of cyberattacks (e.g., DDoS, ransomware).
• Uptime and availability of critical ISP services.
• Compliance with telecom and cybersecurity regulations.
• Customer trust metrics, such as reduced complaints related to data breaches or service security.