Job Description:

Role: Senior Specialist – Third Party Product Security Testing & Certification (TPPST&C)

About the Company:

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

About the Job:

The Third-Party Product Security Testing & Certification (TPPST&C) team is part of Chief Security Office (CSO) and responsible for vetting the third-party products AT&T uses for possible vulnerabilities and other issues (e.g., EOSL) on an ongoing basis. They work closely with the Technology Strategies & Standards team, which is part of AT&T Technology Services (ATS) to ensure third-party products are deployed only when they are secure, authorized and appropriately supported. This person reports to the Head, TPPST&C and

• Reviews and approves the third-party product usage requests as per the defined process and identifies risks to the company along with appropriate risk treatment for each product / version / instance.
• Supports correlation of published vulnerabilities and risk events (e.g., cyber incidents) against company’s third-party product portfolio to identify risk to the company and help report to senior leadership.
• Works with other teams in the third-party risk management space to identify opportunities to align / rationalize processes for better efficiency and effectiveness.
• Continuously enhances her knowledge around industry trends in third-party risk management.

Experience Level: 8+ years.

Location: Hyderabad / Bengaluru

Responsibilities Include:

• Executing third-party product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders.
• Partnering with TPPS&C leadership to help them recommend and enforce approved Technology Standards for use across the enterprise.
• Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party application usage.
• Suggest ways to enhance the review process for better effectiveness and efficiency.

Required skills:

• 8 years minimum experience in third-party risk management or risk consulting out of which, 5 years in assessing / testing of third-party applications security.

• Very good understanding of various third-party risk management frameworks and standards.
• Good exposure to regulatory requirements in other industries.
• Exposure to known vulnerabilities, security features, and expected controls for leading ERPs like Oracle EBS, Fusion, Hyperion SAP etc., and / or other third-party applications like Salesforce, Workday etc.
• Proven project management skills

Desirable skills:

• Bachelor's or master's degree in computer science, Mathematics, Information Systems, Engineering, Commerce or Cyber Security.
• Prior experience with Telecom sector.
• ISACA, ISC2 or other relevant certifications.

Additional information (if any): Need to be flexible to provide coverage in US morning hours.

Weekly Hours:

40

Time Type:

Regular

Location:

IND:AP:Hyderabad / Atria Building, Plot 17 - Adm: Atria Building, Plot No 17

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities.

Job ID R-41982 Date posted 11/06/2024