• Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

About the Job:

• The RATE (Risk Assessment Testing and Enforcement) team is part of Chief Security Office (CSO) and responsible for evaluating the products and solutions AT&T uses for possible vulnerabilities and other issues (e.g., EOSL) on an ongoing basis and ensure compliance with the AT&T policy requirements. The team works closely with the other CSO teams, ATS (AT&T Technology Services) stakeholders, Technology Strategies & Standards team, to ensure solutions and products are deployed only when they are secure, authorized and appropriately supported thereby adhering to Secure by design principles. 

• Executing product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders.

• Supporting RATE (Risk Assessment Testing and Enforcement) leadership in reporting on trends identified and responses recommended.

• Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party application usage.

• Suggest ways to enhance the review process for better effectiveness and efficiency. 

• Experience in IT General Controls (ITGC) and IT Application Controls (ITAC) testing and evaluation (Control Testing: Hands-on Experience)

• Familiarity with cloud security controls and best practices

• Experience and understanding of AI/ML working principles, including control testing and related risks

• Ability to interpret and act on assigned tasks

• Understanding of Third-Party Risk Management (TPRM) and Vendor Risk Management (VRM) processes, products, and services

• Familiarity with GDPR, ISO 27001, SOC 2, and related standards/frameworks and compliance requirements

• Certified Ethical Hacker (CEH) certification or equivalent skills

• Knowledge of vulnerabilities, threat identification, and remediation; ability to understand and analyze penetration test (Pentest) reports

• Working knowledge of PCI-DSS compliance and control requirements

Experience Level: 3+ years.

Location: Hyderabad / Bengaluru

Responsibilities Include:

• Executing third-party product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders.

• Partnering with RATE (Risk Assessment Testing and Enforcement) leadership to help them recommend and enforce approved Technology Standards for use across the enterprise.

• Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party product usage.

• Suggest ways to enhance the review process for better effectiveness and efficiency.

Required Skills:

• 3 years minimum experience in third-party risk management or risk consulting out of which, at least 3 years in assessing / testing of third-party applications security.

• Good understanding of various third-party risk management frameworks and standards.

• Good exposure to regulatory requirements in other industries.

• Awareness of known vulnerabilities, security features, and expected controls for leading ERPs like Oracle EBS, Fusion, Hyperion SAP etc., and / or other third-party applications like Salesforce, Workday etc.

• Proven project management skills

Desirable Skills:

• Bachelor's or master's degree in computer science, Mathematics, Information Systems, Engineering, Commerce or Cyber Security.

• Prior experience with Telecom sector.

• ISACA, ISC2 or other relevant certifications.

Additional Information: Need to be flexible to provide coverage in US morning hours.

#CyberSecurity