Lead – Control Testing (Compliance Testing)

Job Description:

About the Company:

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you will not just imagine the future-you will create it.

About the Job:

The Control Assurance (CA) team is part of Chief Security Office (CSO) and responsible for testing information technology, information security, and application controls owned and operated by AT&T Technology Services (ATS) (which includes CSO). This person,

Is responsible for leading SOX Management testing for in-scope AT&T’s IT general controls.

Will independently test IT General Controls (ITGCs), Cloud security, Critical application security, and other information technology and information security controls necessary for regulatory compliance (e.g., SOX).

Will work and collaborate with our control owners, control operators and technology leadership to identify gaps in design and operating effectiveness of AT&T’s controls.

Understands and stays up to date with telecom industry trends in technology risk management. Brings expert knowledge in various tools, processes and telecom industry best practices used in technology risk management to AT&T and supports the Technology Risk Management Framework (TRMF) build out.

Experience Level: 12+ years.

Location: Hyderabad / Bengaluru

Responsibilities include:

Working with Control Assurance team leadership to understand the need for control testing, and support them with prioritizing & planning, annual test plan preparation activities.

Defining and executing test procedures to evaluate the design and operational effectiveness of controls.

Executing complex engagements assigned from the annual testing plan or other discrete engagements (test script preparation, walkthroughs, issue identification, obtaining stakeholder agreement, documentation and reporting them to senior ATS stakeholders) within the expected timelines and quality parameters, while working closely with external auditors, and other internal stakeholders where necessary, for better efficiency.

Providing analysis of complex information technology and security issues and provides clear articulation of risk to AT&T assets (devices, networks, applications & data), and customers. Also, supporting periodic articulation of risk to ATS’s objectives using the test results and open issues by the Reporting team.

Mentoring and supporting junior team members with advice and training.

Preparing clear and concise reports summarizing test results, findings, risk implications, and proposed solutions.

Staying current with emerging technology risks, regulatory requirements, and industry best practices.

Required skills:

Minimum 12 years’ experience in Technology Risk Management or Consulting or Assurance with at least 10 of those years in design or testing of controls in the areas of information technology and information security (SOX / ITGC / Critical application security / Cloud security)

Strong understanding of regulatory requirements like SOX, PCIDSS etc.

Strong documentation and effective articulation skills.

Excellent analytical and problem-solving skills.

Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences.

Detail-oriented with strong organizational and project management skills.

Desirable skills:

• Bachelor's degree in computer science, Mathematics, Information Systems, Engineering or Cyber Security.
• Prior experience with Telecom sector
• ISACA, ISC2 or other relevant certifications.
• The candidate should be comfortable driving people change and have a track record of successfully navigating organizational changes.
• Demonstrated expertise in creating organization level control testing programs, working effectively with a broad group of stakeholders.
• Flexible and creative thinker with strong execution skills, generates out-of-the-box solutions, manages ambiguity, anticipates the impact of decisions/initiatives and able to move seamlessly from high level concepts to details.

Additional information (if any): Need to be flexible to provide coverage in US morning hours.

Weekly Hours:

40

Time Type:

Regular

Location:

IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.