Job Description

:

Role: Senior / Lead - Control Testing (Deep Dive Reviews)

-------------------------------------------------------------

About the Company:

----------------------

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you will not just imagine the future-you will create it.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

About the Job:

------------------

The Control Testing & Reporting (CTR) team is part of Chief Security Office (CSO) and responsible for testing information technology, information security, and application controls owned and operated by AT&T Technology Services (ATS) (which includes CSO). This role holder joins the CTR team as an expert individual contributor. This person,

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Is responsible for end-to-end execution of deep dive reviews focused on critical infrastructure & applications or transformation projects of AT&T.

----------------------------------------------------------------------------------------------------------------------------------------------------------

Leads analysis of complex information technology, security, and business issues and provides clear articulation of risk to AT&T's critical assets (devices, networks, applications & data), and customers.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Leads and drives strategic technology risk management program related activities with a focus on innovation and automation.

-------------------------------------------------------------------------------------------------------------------------------

Understands and stays up to date with telecom industry trends in technology risk management. Brings expert knowledge in various tools, processes and telecom industry best practices used in technology risk management to AT&T and supports the Technology Risk Management Framework (TRMF) build out.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Experience Level:

12+ years.

-------------------------------------

Location:

Hyderabad / Bengaluru

---------------------------------------

Responsibilities include:

-----------------------------

Collaborating with ATS and business leadership to gather review requirements and understand engagement objectives.

----------------------------------------------------------------------------------------------------------------------

Conducting comprehensive technology risk reviews such as Targeted, pre-implementation, post-remediation, and strategic project reviews basis the engagement needs.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Contributing to the design and enhancement of the Risk and Controls Matrix, supporting robust risk identification and mitigation.

-------------------------------------------------------------------------------------------------------------------------------------

Assessing IT General Controls (ITGCs), IT Application Controls (ITACs), business process controls, and system interfaces for design adequacy and operating effectiveness.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Identifying technology risks and control gaps, providing practical recommendations for remediation and improvement, including those related to telecom network resilience, lawful intercept, and critical service continuity.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Defining and executing test procedures to evaluate the design and operational effectiveness of controls.

------------------------------------------------------------------------------------------------------------

Reviewing remediation efforts and validate the implementation of recommended actions.

-----------------------------------------------------------------------------------------

Preparing clear and concise reports summarizing findings, risk implications, and proposed solutions.

--------------------------------------------------------------------------------------------------------

Supporting risk assessments for strategic initiatives, including network / technology transformations large-scale OSS/BSS upgrades, and telecom M&A activity.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Staying current with emerging technology risks, regulatory requirements, and industry best practices.

---------------------------------------------------------------------------------------------------------

Required skills:

--------------------

Minimum 12 (Senior) / 15 (Lead) years of experience in technology risk management or consulting, including at least 10 years in the design or testing of controls for critical IT infrastructure and applications, preferably with a focus on telecom network and application security.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Demonstrated experience in IT audits and cyber security assessments including telecom-specific compliance frameworks.

--------------------------------------------------------------------------------------------------------------------------

Comprehensive understanding of risk management frameworks (COBIT, NIST, ISO 27001, etc.), with a track record of applying and integrating these frameworks to meet telecom-specific regulations like FCC, CPNI, and PCI DSS.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Working knowledge of regulatory and compliance requirements (SOX, PCI DSS, CCPA etc.).

------------------------------------------------------------------------------------------

Proficiency in ITGC and ITAC, including user access, change management, data integrity, and system interfaces.

------------------------------------------------------------------------------------------------------------------

Demonstrated expertise in implementing and/or evaluating business process controls and/or conducting risk assessments in telecom-specific IT environments such as billing, plan management, customer acquisition, provisioning, mediation, network management platforms.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Proven experience supporting risk assessments for strategic initiatives, including network or technology transformations, large-scale upgrades, and mergers & acquisitions (M&A) within the telecommunications sector.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Familiarity with system implementation, integration, and post-remediation review practices.

------------------------------------------------------------------------------------------------

Excellent analytical and problem-solving skills.

-----------------------------------------------------

Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences.

-------------------------------------------------------------------------------------------------------------------------------------------------------

Detail-oriented with strong organizational and project management skills.

------------------------------------------------------------------------------

Desirable skills:

---------------------

Bachelor's degree in computer science, Mathematics, Information Systems, Engineering or Cyber Security.

-----------------------------------------------------------------------------------------------------------

Prior experience with Telecom sector

----------------------------------------

ISACA, ISC2 or other relevant certifications.

-------------------------------------------------

The candidate should be comfortable driving people change and have a track record of successfully navigating organizational changes.

----------------------------------------------------------------------------------------------------------------------------------------

Demonstrated expertise in creating organization level control testing programs, working effectively with a broad group of stakeholders.

-------------------------------------------------------------------------------------------------------------------------------------------

Flexible and creative thinker with strong execution skills, generates out-of-the-box solutions, manages ambiguity, anticipates the impact of decisions/initiatives and able to move seamlessly from high level concepts to details.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Additional information (if any):

Need to be flexible to provide coverage in US morning hours.

-----------------------------------------------------------------------------------------------------

Weekly Hours:

40

Time Type:

Regular

Location:

IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City
It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.