Role: Senior Associate – Third Party Risk Management (TPRM)
About the Company:
Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.
About the Job:
The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities:
Conduct Cybersecurity Assessments:
Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices.
Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation.
Risk Analysis and Reporting:
Analyze assessment results to determine the level of risk associated with each third-party relationship.
Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team.
Vendor Onboarding and Monitoring:
Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR).
Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks.
Collaboration and Communication:
Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management.
Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner.
Policy and Procedure Development:
Contribute to the development and enhancement of TPRM policies, procedures, and guidelines.
Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program.
Training and Awareness:
Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements.
Experience Level: 3+ years.
Location: Hyderabad / Bengaluru
Required skills:
3 years minimum experience in third-party risk management / risk consulting / cyber security assessments.
Demonstrated experience in third-party risk management and vendor security assessments.
Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
Good understanding of various third-party risk management frameworks and standards.
Proficiency in using security assessment tools and methodologies.
Excellent analytical and problem-solving skills.
Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
Detail-oriented with strong organizational and project management skills.
Desirable skills:
Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management.
Prior experience with Telecom sector.
Relevant certifications such as CISSP, CISM, CRISC, or CISA
Additional information (if any): Need to be flexible to provide coverage in US morning hours.
It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.
This one's for the grads and early careerists: Our leading internship and development program recruiters weigh in on how to prepare for and handle your interview.
Learn more
September 19, 2024ArticleCareer AdviceRelated Content
Go behind the scenes of our Fiber Sales team. An executive walks us through career growth, commission structure, and why a career with AT&T is more than just a job.
T&T’s India Development Centers (IDC) plays a pivotal role in AT&T’s connectivity strategy, and no one is better suited to speak to that importance more than Santosh Bijur, Vice President of the India Development Center
In our India Development Center (IDC), we’re building a talented technology team. By offering essential resources and the chance to work alongside industry leaders, our goal is to support the next generation of innovators in India.
Looking forward to staying in touch with you. We’ve always got a ton of awesome things going on and by connecting to our Talent Network, you will receive updates on #LifeAtATT, events, and opportunities.
Learn more
February 26, 2025
Benefits
Your needs? Met. Your wants? Considered. Take a look at our comprehensive benefits.
