Specialist Cybersecurity -Risk Management, ISO, SOC, PCI

Job Description:

About the Job:

The Cybersecurity Risk Management team is part of Chief Security Office (CSO) and responsible for managing multiple teams that facilitate external audits, internal audits, analyze policy exceptions, conduct risk assessments, and run enforceable governance across processes. They work closely with the AT&T Technology Services (ATS) teams and Technology Risk Management (TRM) teams and other CSO teams to ensure the effective and efficient GRC processes. Below are the key responsibilities of the Specialist – Risk Management position:

• Develop and maintain a Risk Assessment schedule to ensure all activities supporting the annual Risk Assessment process are identified, assigned, and completed in a timely manner to be compliant with ISO 27001, SOC, and PCI risk requirements.
• Ensure end to end risk assessment process documentation and process flows of the Risk assessment and Risk reporting processes are created, reviewed, updated, and maintained.
• Ensure the Risk Assessment scope, objectives, and deliverables are documented and managed.
• Schedule and facilitate the annual Risk Assessment process, making sure the Risk Assessment is completed in a timely manner.
• Create and publish the monthly Risk Management report.
• Ensure the annual Risk Assessment presentation is created to include the timeline, communication protocols, and expectations to help facilitate the process.
• Ensure the kick-off presentation is finalized 2 weeks before the annual Risk Assessment kick-off meeting is scheduled to be conducted.
• Schedule and conduct the annual Risk Assessment kickoff meeting.
• Respond to the external auditor’s risk related inquiries, clarification requests, and follow-ups.
• Ensure the confidentiality and integrity of sensitive information obtained as a result of facilitating the risk assessment process.
• Track and manage Risk Management related action items resulting from external audit findings, driving timely remediation and validating all reported items have been addressed in a timely manner.
• Help create and support an environment of continuous improvement.
• Educate staff on Risk Management processes, requirements, and compliance best practices.
• Facilitate training for internal Data Owners to drive process improvements.
• Create and publish monthly Vulnerability Management, ISO and SOC Audit reporting.
• Create and publish monthly ISO and SOC Audit Management reporting.
• Assist the Audit Management team with responsibilities as needed.

Experience Level: 5+ years.

Location: Hyderabad / Bengaluru

Required skills:

• 3 years minimum experience in conducting IT audits, Risk assessments, information security compliance, or IT security operations.
• A minimum of 2 years’ experience leading ISO 27001, SOC, or PCI audits preferred.

• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
• Advanced risk management, project management, time management, Microsoft PowerPoint, Excel, Outlook, and Word skills.

Desirable skills:

• Prior experience with Telecom sector.
• Relevant certifications such as ISO 27001 Lead Auditor/Implementer, CISSP, CISM, CRISC, or CISA

Additional information (if any): Need to be flexible to provide coverage in US morning

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.