Sr Specialist Cybersecurity - Risk Assessment Testing and Enforcement

About the Job:

• The RATE (Risk Assessment Testing and Enforcement) team is part of Chief Security Office (CSO) and responsible for evaluating the products and solutions ATT uses for possible vulnerabilities and other issues (e.g., EOSL) on an ongoing basis and ensure compliance with the ATT policy requirements. The team works closely with the other CSO teams, ATS (ATT Technology Services) stakeholders, Technology Strategies Standards team, to ensure solutions and products are deployed only when they are secure, authorized and appropriately supported thereby adhering to Secure by design principles.

• Executing product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders.

• Supporting RATE (Risk Assessment Testing and Enforcement) leadership in reporting on trends identified and responses recommended.

• Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party application usage.

• Suggest ways to enhance the review process for better effectiveness and efficiency.

• Experience in IT General Controls (ITGC) and IT Application Controls (ITAC) testing and evaluation (Control Testing: Hands-on Experience)

• Familiarity with cloud security controls and best practices

• Experience and understanding of AI/ML working principles, including control testing and related risks

• Ability to interpret and act on assigned tasks

• Understanding of Third-Party Risk Management (TPRM) and Vendor Risk Management (VRM) processes, products, and services

• Familiarity with GDPR, ISO 27001, SOC 2, and related standards/frameworks and compliance requirements

• Certified Ethical Hacker (CEH) certification or equivalent skills

• Knowledge of vulnerabilities, threat identification, and remediation; ability to understand and analyze penetration test (Pentest) reports

• Working knowledge of PCI-DSS compliance and control requirements

Experience Level: 8+ years.

Location: Hyderabad / Bengaluru

Responsibilities Include:

• Executing third-party product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders.

• Partnering with RATE (Risk Assessment Testing and Enforcement) leadership to help them recommend and enforce approved Technology Standards for use across the enterprise.

• Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party product usage.

• Suggest ways to enhance the review process for better effectiveness and efficiency.

Required Skills:

• 8 years minimum experience in third-party risk management or risk consulting out of which, at least 6 years in assessing / testing of third-party applications security.

• Good understanding of various third-party risk management frameworks and standards.

• Good exposure to regulatory requirements in other industries.

• Awareness of known vulnerabilities, security features, and expected controls for leading ERPs like Oracle EBS, Fusion, Hyperion SAP etc., and / or other third-party applications like Salesforce, Workday etc.

• Proven project management skills

Desirable Skills:

• Bachelors or masters degree in computer science, Mathematics, Information Systems, Engineering, Commerce or Cyber Security.

• Prior experience with Telecom sector.

• ISACA, ISC2 or other relevant certifications.