Senior Cybersecurity - Policy Exception Management

Job Description:

Role: Senior Cyber Security  – Policy Exception Management

About the Company:

At AT&T, we’re connecting the world through the latest tech, top-of-the-line communications and the best in entertainment. Our groundbreaking digital solutions provide intuitive and integrated experiences for millions of customers across online, retail and care channels. Join our mission to deliver compelling communication and entertainment experiences to customers around the world as we continue to evolve as a technology-powered, human-centered organization. As part of our team, you’ll transform the way we deliver a seamless customer experience with digital at the center of all you do. In our world, digital is much larger than just an eCommerce channel, we are transforming all channels to digitally perform as one team to create better customer experience.

About the Job:

The CSO (Chief Security Office) Policy Compliance Management (PCM) team is responsible for managing the submission of Exception Requests and assessing their associated cybersecurity risks. This team oversees the exception requests submission process to ensure that non-compliance with AT&T Security Policy and Standards is appropriately documented and reviewed in addition to assisting with Business Unit’s documentation of the risk, including its assessment and mitigation—and coordinates the approval of the risk response strategy by both the Chief Security Office (CSO) and the Business Unit. Key responsibilities of the role include:

• Prepare, review, and validate exception requests to cybersecurity policies, ensuring complete and accurate information is submitted.
• Maintain comprehensive and accurate records of all policy exceptions, justifications, risk assessments, approvals, and mitigation actions.
• Facilitate the exception management workflow, ensuring alignment with established governance, risk thresholds, and escalation procedures for high-risk exceptions.
• Continuously monitor active exceptions for compliance with mitigation measures and ensure timely follow-up and closure.
• Support the exception extension requests as appropriate.
• Generate regular reports and dashboards on exception status, risk exposure, and mitigation progress for cybersecurity leadership and audit purposes.
• Identify trends and recurring exception types, providing feedback to cybersecurity policy owners to inform policy updates and strengthen controls.
• Provide documentation and evidence for internal and external audits related to cybersecurity policy exceptions.
• Support awareness initiatives and training on the cybersecurity policy exception process and the importance of policy adherence.

Relevant Experience: 8 years

Location: Hyderabad / Bengaluru

Required skills:

• 8 years of minimum experience in cybersecurity policy exception management process.
• Experience using ServiceNow for policy exceptions is a must.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
• Excellent project management, documentation, organizational, and communication skills
• Ability to manage multiple priorities and interact with technical and non-technical stakeholders.

Desirable skills:

• Prior experience with Telecom sector.

• (Preferred) CISSP, CISM, CRISC, CISA, or similar cybersecurity/risk management certifications.

Additional information (if any): Need to be flexible to provide coverage in US morning hours.

Weekly Hours:

40

Time Type:

Regular

Location:

IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.