About the Job:
The Control Testing Reporting (CTR) team is part of Chief Security Office (CSO) and responsible for testing information technology, information security, and application controls owned and operated by ATT Technology Services (ATS) (which includes CSO). This role holder joins the CTR team as an expert individual contributor. This person,
- Is responsible for end-to-end execution of deep dive reviews focused on critical infrastructure applications or transformation projects of ATT.
- Leads analysis of complex information technology, security, and business issues and provides clear articulation of risk to ATT s critical assets (devices, networks, applications data), and customers.
- Leads and drives strategic technology risk management program related activities with a focus on innovation and automation.
- Understands and stays up to date with telecom industry trends in technology risk management. Brings expert knowledge in various tools, processes and telecom industry best practices used in technology risk management to ATT and supports the Technology Risk Management Framework (TRMF) build out.
Experience Level: 12+ years.
Location: Hyderabad / Bengaluru
Responsibilities include:
- Collaborating with ATS and business leadership to gather review requirements and understand engagement objectives.
- Conducting comprehensive technology risk reviews such as Targeted, pre-implementation, post-remediation, and strategic project reviews basis the engagement needs.
- Contributing to the design and enhancement of the Risk and Controls Matrix, supporting robust risk identification and mitigation.
- Assessing IT General Controls (ITGCs), IT Application Controls (ITACs), business process controls, and system interfaces for design adequacy and operating effectiveness.
- Identifying technology risks and control gaps, providing practical recommendations for remediation and improvement, including those related to telecom network resilience, lawful intercept, and critical service continuity.
- Defining and executing test procedures to evaluate the design and operational effectiveness of controls.
- Reviewing remediation efforts and validate the implementation of recommended actions.
- Preparing clear and concise reports summarizing findings, risk implications, and proposed solutions.
- Supporting risk assessments for strategic initiatives, including network / technology transformations large-scale OSS/BSS upgrades, and telecom MA activity.
- Staying current with emerging technology risks, regulatory requirements, and industry best practices.
Required skills:
- Minimum 12 (Senior) / 15 (Lead) years of experience in technology risk management or consulting, including at least 10 years in the design or testing of controls for critical IT infrastructure and applications, preferably with a focus on telecom network and application security.
- Demonstrated experience in IT audits and cyber security assessments including telecom-specific compliance frameworks.
- Comprehensive understanding of risk management frameworks (COBIT, NIST, ISO 27001, etc.), with a track record of applying and integrating these frameworks to meet telecom-specific regulations like FCC, CPNI, and PCI DSS.
- Working knowledge of regulatory and compliance requirements (SOX, PCI DSS, CCPA etc.).
- Proficiency in ITGC and ITAC, including user access, change management, data integrity, and system interfaces.
- Demonstrated expertise in implementing and/or evaluating business process controls and/or conducting risk assessments in telecom-specific IT environments such as billing, plan management, customer acquisition, provisioning, mediation, network management platforms.
- Proven experience supporting risk assessments for strategic initiatives, including network or technology transformations, large-scale upgrades, and mergers acquisitions (MA) within the telecommunications sector.
- Familiarity with system implementation, integration, and post-remediation review practices.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
- Detail-oriented with strong organizational and project management skills.
Desirable skills:
- Bachelors degree in computer science, Mathematics, Information Systems, Engineering or Cyber Security.
- Prior experience with Telecom sector
- ISACA, ISC2 or other relevant certifications.
- The candidate should be comfortable driving people change and have a track record of successfully navigating organizational changes.
- Demonstrated expertise in creating organization level control testing programs, working effectively with a broad group of stakeholders.
- Flexible and creative thinker with strong execution skills, generates out-of-the-box solutions, manages ambiguity, anticipates the impact of decisions/initiatives and able to move seamlessly from high level concepts to details.
