Senior Cybersecurity - Policy Exception Management

About the Job:

The CSO (Chief Security Office) Policy Compliance Management (PCM) team is responsible for managing the submission of Exception Requests and assessing their associated cybersecurity risks. This team oversees the exception requests submission process to ensure that non-compliance with AT&T Security Policy and Standards is appropriately documented and reviewed in addition to assisting with Business Unit s documentation of the risk, including its assessment and mitigation and coordinates the approval of the risk response strategy by both the Chief Security Office (CSO) and the Business Unit. Key responsibilities of the role include:

• Prepare, review, and validate exception requests to cybersecurity policies, ensuring complete and accurate information is submitted.
• Maintain comprehensive and accurate records of all policy exceptions, justifications, risk assessments, approvals, and mitigation actions.
• Facilitate the exception management workflow, ensuring alignment with established governance, risk thresholds, and escalation procedures for high-risk exceptions.
• Continuously monitor active exceptions for compliance with mitigation measures and ensure timely follow-up and closure.
• Support the exception extension requests as appropriate.
• Generate regular reports and dashboards on exception status, risk exposure, and mitigation progress for cybersecurity leadership and audit purposes.
• Identify trends and recurring exception types, providing feedback to cybersecurity policy owners to inform policy updates and strengthen controls.
• Provide documentation and evidence for internal and external audits related to cybersecurity policy exceptions.
• Support awareness initiatives and training on the cybersecurity policy exception process and the importance of policy adherence.

Relevant Experience: 8 years

Location: Hyderabad / Bengaluru

Required skills:

• 8 years of minimum experience in cybersecurity policy exception management process.
• Experience using ServiceNow for policy exceptions is a must.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
• Excellent project management, documentation, organizational, and communication skills
• Ability to manage multiple priorities and interact with technical and non-technical stakeholders.

Desirable skills:

• Prior experience with Telecom sector.

• (Preferred) CISSP, CISM, CRISC, CISA, or similar cybersecurity/risk management certifications.

Additional information (if any): Need to be flexible to provide coverage in US morning hours.