Job Description:

About the Job:

The Cybersecurity Risk Management team is part of Chief Security Office (CSO) and responsible for managing multiple teams that facilitate external audits, internal audits, analyze policy exceptions, conduct risk assessments, and run enforceable governance across processes. They work closely with the AT&T Technology Services (ATS) teams and Technology Risk Management (TRM) teams and other CSO teams to ensure the effective and efficient GRC processes. Below are the key responsibilities of the Specialist – Audit Management (ISO 27001) position:

• Develop and maintain audit plans to ensure all activities supporting the annual internal and external ISO 27001 audits are identified, assigned, and completed in a timely manner. 
• Ensure end to end audit process documentation and process flows of the internal and external audit processes are created, reviewed, updated, and maintained.
• Ensure the audit scope, objectives, and deliverables are documented and managed.
• Create and facilitate and annual internal Control Owner Assertion (COA) process making sure the COA is completed in a timely manner, at least 6 weeks before the kick-off of the internal audit cycle.
• Ensure the audit kick-off presentations are created to include the audit timeline, communication protocols, and expectations to help facilitate successful audits.
• Ensure the audit kick-off presentations are finalized 2 weeks before the audit kick-off meetings are scheduled to be conducted. 
• Schedule and conduct the audit kickoff meetings. 
• Prior to conducting the external audit kick-off, work with the external auditors to make sure the audit requests are clearly documented, and the audit request templates are completed prior to the audit kick-off meeting.
• Coordinate and schedule interviews and walkthroughs between the external auditors and the internal Data and Control Owners to review processes in scope for the audit. 
• Respond to the external auditor inquiries, clarification requests, and follow-ups throughout the audit process.
• Respond to the internal Data and Control Owners inquiries, clarification requests, and follow-ups throughout the audit process.
• Coordinate and schedule the onsite and remote fieldwork meetings between the external auditors and internal Data Owners ensuring the external auditors have proper access and support.
• Review preliminary audit findings and reports from the external auditors and work with the appropriate Data and Control Owners to address identified issues.
• Ensure the confidentiality and integrity of sensitive information obtained as a result of preparing for and participating in the audits.
• Track and manage action items resulting from internal and external audit findings, driving timely remediation and validation that all reported items have been addressed in a timely manner.
• Help create and support an environment of continuous improvement.
• Educate staff on audit processes, requirements, and compliance best practices.
• Facilitate training for internal Data Owners to drive process improvements.
• Prepare weekly and monthly status reporting providing details of outstanding audit items and overall status of each audit.
• Schedule and conduct weekly status meetings to review the status of the audit and outstanding items and facilitate working sessions to help address open audit issues.
• Perform research and analysis for various audit topics to gain insights and make recommendations to properly address in scope issues.
• Create postmortem presentations identifying issues encountered during the audit that must be addressed to ensure we are compliant with all applicable requirements.  Ensure the appropriate Data and Control Owners have visibility to the postmortem issues and they provide remediation plans to address all open issues.

Experience Level: 5+ years.

Location: Hyderabad / Bengaluru

Required skills:

• 3 years minimum experience in conducting IT audits, Risk assessments, information security compliance, or IT security operations.
• A minimum of 2 years’ experience leading ISO 27001, SOC, or PCI audits preferred.

• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
• Excellent project management, organizational, and communication skills.

Desirable skills:

• Prior experience with Telecom sector.
• Relevant certifications such as ISO 27001 Lead Auditor/Implementer, CISSP, CISM, CRISC, or CISA

Additional information (if any): Need to be flexible to provide coverage in US morning hours.

Weekly Hours:

40

Time Type:

Regular

Location:

IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.

Job ID R-83391 Date posted 09/23/2025