Job Description:

Role: Associate Director – Third Party Product Security Testing & Certification (TPPST&C)

About the Company:

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

About the Job:

The Third-Party Product Security Testing & Certification (TPPST&C) team is part of Chief Security Office (CSO) and responsible for vetting the third-party products AT&T uses for possible vulnerabilities and other issues (e.g., EOSL) on an ongoing basis. They work closely with the Technology Strategies & Standards team, which is part of AT&T Technology Services (ATS) to ensure third-party products are deployed only when they are secure, authorized and appropriately supported. This person,

• Responsible for enhancing the existing product security testing & certification process to make it efficient and effective in identifying risks to the company, recording them, appropriately escalating, and following-up to ensure agreed upon risk treatment (reduction / avoidance / transfer) is completed.
• Leads review of
  • Third-party product usage requests to ensure that they are evaluated as per the defined process and risks to the company are highlighted for appropriate treatment.
  • Published vulnerabilities and risk events (e.g., cyber incidents) against company’s third-party product portfolio to identify risk to the company and report to senior leadership.
• Works with other teams in the third-party risk management space to identify opportunities to align / rationalize processes for better efficiency and effectiveness.
• Understands and stays up to date with industry trends in third-party risk management. Brings expert knowledge in various tools, processes and industry best practices used in third-party risk management to AT&T and supports the strengthening of third-party risk management.

Experience Level: 15+ years.

Location: Hyderabad / Bengaluru

Responsibilities Include:

• Partnering with TSS leadership to help them publish and enforce approved Technology Standards for use across the enterprise.
• Leading the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party application usage.
• Leading the execution of the third-party product assessments, identifying issues that needs appropriate treatment, and reporting them to the senior ATS stakeholders.
• Find ways to enhance the review process for better effectiveness and efficiency.

Required skills:

• 15 years minimum experience in third-party risk management or risk consulting with at least 8 years in assessing / testing of third-party applications security.
• At least 8 years of experience in managing teams focused on vendor risk management, COTS product assessments, and risk mitigation or other related areas.

• Expert understanding of various third-party risk management frameworks and standards. Strong exposure to regulatory requirements in multiple industries.
• Good understanding of known vulnerabilities, security features, and expected controls for leading ERPs like Oracle EBS, Fusion, Hyperion SAP etc., and / or other third-party applications like Salesforce, Workday etc.
• Proven project management skills and experience
• ISACA, ISC2 or other relevant certifications.

Desirable skills:

• Bachelors or Masters degree in Computer Science, Mathematics, Information Systems, Engineering, Commerce or Cyber Security.
• The candidate should be comfortable guiding people through change and have a track record of successfully navigating organizational changes.
• Demonstrated expertise in creating organization level third-party product testing or vendor risk assessment programs, working effectively with a broad group of stakeholders.
• Flexible and creative thinker with strong execution skills, generates out-of-the-box solutions, manages ambiguity, anticipates the impact of decisions/initiatives and able to move seamlessly from high level concepts to details.

Additional information (if any): Need to be flexible to provide coverage in US morning hours.

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.