Job Description:

Role: Senior Associate – Third Party Product Security Testing & Certification (TPPST&C)

About the Company:

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

About the Job:

The Third-Party Product Security Testing & Certification (TPPST&C) team is part of Chief Security Office (CSO) and responsible for vetting the third-party products AT&T uses for possible vulnerabilities and other issues (e.g., EOSL) on an ongoing basis. They work closely with the Technology Strategies & Standards team, which is part of AT&T Technology Services (ATS) to ensure third-party products are deployed only when they are secure, authorized and appropriately supported. This person reports to the Head, TPPST&C and

• Reviews the third-party product usage requests as per the defined process and identifies risks to the company.
• Identifies appropriate risk treatment for each product / version / instance based on guidance provided and / or patterns identified.
• Supports other senior team members in correlation of published vulnerabilities and risk events (e.g., cyber incidents) against company’s third-party product portfolio to identify risk to the company.
• Works with other team members to identify opportunities to align / rationalize processes for better efficiency and effectiveness.

Experience Level: 3+ years.

Location: Hyderabad / Bengaluru

Responsibilities Include:

• Executing third-party product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders.
• Supporting TPPS&C leadership in reporting on trends identified and responses recommended.
• Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party application usage.
• Suggest ways to enhance the review process for better effectiveness and efficiency.

Required skills:

• 3 years minimum experience in third-party risk management / risk consulting / assessing third-party applications security.
• Good understanding of various third-party risk management frameworks and standards.
• Good exposure to regulatory requirements in other industries.
• Proven project management skills.

Desirable skills:

• Bachelor's or master's degree in computer science, Mathematics, Information Systems, Engineering, Commerce or Cyber Security.
• Prior experience with Telecom sector.
• Awareness of known vulnerabilities, security features, and expected controls for leading ERPs like Oracle EBS, Fusion, Hyperion SAP etc., and / or other third-party applications like Salesforce, Workday etc.
• ISACA, ISC2 or other relevant certifications.

Additional information (if any): Need to be flexible to provide coverage in US morning hours.

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.