Sr Specialist Cybersecurity

About the Job The Cybersecurity Risk Management team is part of Chief Security Office CSO and responsible for managing multiple teams that facilitate external audits internal audits analyze policy exceptions conduct risk assessments and run enforceable governance across processes They work closely with the AT T Technology Services ATS teams and Technology Risk Management TRM teams and other CSO teams to ensure the effective and efficient GRC processes Below are the key responsibilities of the Senior Specialist - Audit Management ISO 27001 position Develop and maintain audit plans to ensure all activities supporting the annual internal and external ISO 27001 audits are identified assigned and completed in a timely manner Ensure end to end audit process documentation and process flows of the internal and external audit processes are created reviewed updated and maintained Ensure the audit scope objectives and deliverables are documented and managed Create and facilitate and annual internal Control Owner Assertion COA process making sure the COA is completed in a timely manner at least 6 weeks before the kick-off of the internal audit cycle Ensure the audit kick-off presentations are created to include the audit timeline communication protocols and expectations to help facilitate successful audits Ensure the audit kick-off presentations are finalized 2 weeks before the audit kick-off meetings are scheduled to be conducted Schedule and conduct the audit kickoff meetings Prior to conducting the external audit kick-off work with the external auditors to make sure the audit requests are clearly documented and the audit request templates are completed prior to the audit kick-off meeting Coordinate and schedule interviews and walkthroughs between the external auditors and the internal Data and Control Owners to review processes in scope for the audit Respond to the external auditor inquiries clarification requests and follow-ups throughout the audit process Respond to the internal Data and Control Owners inquiries clarification requests and follow-ups throughout the audit process Coordinate and schedule the onsite and remote fieldwork meetings between the external auditors and internal Data Owners ensuring the external auditors have proper access and support Review preliminary audit findings and reports from the external auditors and work with the appropriate Data and Control Owners to address identified issues Ensure the confidentiality and integrity of sensitive information obtained as a result of preparing for and participating in the audits Track and manage action items resulting from internal and external audit findings driving timely remediation and validation that all reported items have been addressed in a timely manner Help create and support an environment of continuous improvement Educate staff on audit processes requirements and compliance best practices Facilitate training for internal Data Owners to drive process improvements Prepare weekly and monthly status reporting providing details of outstanding audit items and overall status of each audit Schedule and conduct weekly status meetings to review the status of the audit and outstanding items and facilitate working sessions to help address open audit issues Perform research and analysis for various audit topics to gain insights and make recommendations to properly address in scope issues Create postmortem presentations identifying issues encountered during the audit that must be addressed to ensure we are compliant with all applicable requirements Ensure the appropriate Data and Control Owners have visibility to the postmortem issues and they provide remediation plans to address all open issues Experience Level 8 years Location Hyderabad Bengaluru Required skills 6 years minimum experience in conducting IT audits Risk assessments information security compliance or IT security operations A minimum of 3 years experience leading ISO 27001 SOC or PCI audits preferred Strong understanding of cybersecurity frameworks and standards e g NIST ISO 27001 CIS Controls Excellent project management organizational and communication skills Desirable skills Prior experience with Telecom sector Relevant certifications such as ISO 27001 Lead Auditor Implementer CISSP CISM CRISC or CISA Additional information if any Need to be flexible to provide coverage in US morning hours Weekly Hours 40 Time Type Regular Location IND AP Hyderabad Argus Bldg 4f 5f Sattva Knowledge City- Adm Argus Building Sattva Knowledge City It is the policy of AT T to provide equal employment opportunity EEO to all persons regardless of age color national origin citizenship status physical or mental disability race religion creed gender sex sexual orientation gender identity and or expression genetic information marital status status with regard to public assistance veteran status or any other characteristic protected by federal state or local law In addition AT T will provide reasonable accommodations for qualified individuals with disabilities AT T is a fair chance employer and does not initiate a background check until an offer is made