About the Job:
The Cybersecurity Risk Management team is part of Chief Security Office (CSO) and responsible for managing multiple teams that facilitate external audits, internal audits, analyze policy exceptions, conduct risk assessments, and run enforceable governance across processes. They work closely with the AT&T Technology Services (ATS) teams and Technology Risk Management (TRM) teams and other CSO teams to ensure the effective and efficient GRC processes. Below are the key responsibilities of the Specialist Audit Management (ISO 27001) position:
- Develop and maintain audit plans to ensure all activities supporting the annual internal and external ISO 27001 audits are identified, assigned, and completed in a timely manner.
- Ensure end to end audit process documentation and process flows of the internal and external audit processes are created, reviewed, updated, and maintained.
- Ensure the audit scope, objectives, and deliverables are documented and managed.
- Create and facilitate and annual internal Control Owner Assertion (COA) process making sure the COA is completed in a timely manner, at least 6 weeks before the kick-off of the internal audit cycle.
- Ensure the audit kick-off presentations are created to include the audit timeline, communication protocols, and expectations to help facilitate successful audits.
- Ensure the audit kick-off presentations are finalized 2 weeks before the audit kick-off meetings are scheduled to be conducted.
- Schedule and conduct the audit kickoff meetings.
- Prior to conducting the external audit kick-off, work with the external auditors to make sure the audit requests are clearly documented, and the audit request templates are completed prior to the audit kick-off meeting.
- Coordinate and schedule interviews and walkthroughs between the external auditors and the internal Data and Control Owners to review processes in scope for the audit.
- Respond to the external auditor inquiries, clarification requests, and follow-ups throughout the audit process.
- Respond to the internal Data and Control Owners inquiries, clarification requests, and follow-ups throughout the audit process.
- Coordinate and schedule the onsite and remote fieldwork meetings between the external auditors and internal Data Owners ensuring the external auditors have proper access and support.
- Review preliminary audit findings and reports from the external auditors and work with the appropriate Data and Control Owners to address identified issues.
- Ensure the confidentiality and integrity of sensitive information obtained as a result of preparing for and participating in the audits.
- Track and manage action items resulting from internal and external audit findings, driving timely remediation and validation that all reported items have been addressed in a timely manner.
- Help create and support an environment of continuous improvement.
- Educate staff on audit processes, requirements, and compliance best practices.
- Facilitate training for internal Data Owners to drive process improvements.
- Prepare weekly and monthly status reporting providing details of outstanding audit items and overall status of each audit.
- Schedule and conduct weekly status meetings to review the status of the audit and outstanding items and facilitate working sessions to help address open audit issues.
- Perform research and analysis for various audit topics to gain insights and make recommendations to properly address in scope issues.
- Create postmortem presentations identifying issues encountered during the audit that must be addressed to ensure we are compliant with all applicable requirements. Ensure the appropriate Data and Control Owners have visibility to the postmortem issues and they provide remediation plans to address all open issues.
Experience Level:
5+ years.
Location:
Hyderabad / Bengaluru
