Specialist Cybersecurity -Risk Management, ISO, SOC, PCI

Job Description : About the Job :

The Cybersecurity Risk Management team is part of Chief Security Office (CSO) and responsible for managing multiple teams that facilitate external audits, internal audits, analyze policy exceptions, conduct risk assessments, and run enforceable governance across processes. They work closely with the AT&T Technology Services (ATS) teams and Technology Risk Management (TRM) teams and other CSO teams to ensure the effective and efficient GRC processes. Below are the key responsibilities of the Specialist – Risk Management position :

• Develop and maintain a Risk Assessment schedule to ensure all activities supporting the annual Risk Assessment process are identified, assigned, and completed in a timely manner to be compliant with ISO 27001, SOC, and PCI risk requirements.
• Ensure end to end risk assessment process documentation and process flows of the Risk assessment and Risk reporting processes are created, reviewed, updated, and maintained.
• Ensure the Risk Assessment scope, objectives, and deliverables are documented and managed.
• Schedule and facilitate the annual Risk Assessment process, making sure the Risk Assessment is completed in a timely manner.
• Create and publish the monthly Risk Management report.
• Ensure the annual Risk Assessment presentation is created to include the timeline, communication protocols, and expectations to help facilitate the process.
• Ensure the kick-off presentation is finalized 2 weeks before the annual Risk Assessment kick-off meeting is scheduled to be conducted.
• Schedule and conduct the annual Risk Assessment kickoff meeting.
• Respond to the external auditor's risk related inquiries, clarification requests, and follow-ups.
• Ensure the confidentiality and integrity of sensitive information obtained as a result of facilitating the risk assessment process.
• Track and manage Risk Management related action items resulting from external audit findings, driving timely remediation and validating all reported items have been addressed in a timely manner.
• Help create and support an environment of continuous improvement.
• Educate staff on Risk Management processes, requirements, and compliance best practices.
• Facilitate training for internal Data Owners to drive process improvements.
• Create and publish monthly Vulnerability Management, ISO and SOC Audit reporting.
• Create and publish monthly ISO and SOC Audit Management reporting.
• Assist the Audit Management team with responsibilities as needed.

Experience Level : 5+ years.

Location : Hyderabad / Bengaluru

Required skills :

Desirable skills :

Additional information (if any) : Need to be flexible to provide coverage in US morning

Weekly Hours : 40

Time Type : Regular

Location : Hyderabad, India

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and / or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.

Skills Required

it security operations , Project Management, Soc, Iso 27001, nist, Microsoft Powerpoint, Risk Management