Senior Cybersecurity – Third Party Risk Management

Job Description:
Role: Senior – Third Party Risk Management (TPRM)
About the Company:
Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won't just imagine the future-you'll create it.

About the Job:
The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities:

• Conduct Cybersecurity Assessments:

• Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices.

• Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation.

• Risk Analysis and Reporting:

• Analyze assessment results to determine the level of risk associated with each third-party relationship.

• Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team.

• Vendor Onboarding and Monitoring:

• Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR).

• Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks.

• Collaboration and Communication:

• Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management.

• Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner.

• Policy and Procedure Development:

• Contribute to the development and enhancement of TPRM policies, procedures, and guidelines.

• Stay up-to-date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program.

• Training and Awareness:

• Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements.

Experience Level:
12+ years.

Location:
Hyderabad / Bengaluru

Required skills:

• 10 years minimum experience in third-party risk management / risk consulting / cyber security assessments.
• Demonstrated experience in third-party risk management and vendor security assessments.
• Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls).
• Good understanding of various third-party risk management frameworks and standards.
• Proficiency in using security assessment tools and methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences.
• Detail-oriented with strong organizational and project management skills.

Desirable skills:

• Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management.
• Prior experience with Telecom sector.
• Relevant certifications such as CISSP, CISM, CRISC, or CISA

Additional information (if any):
Need to be flexible to provide coverage in US morning hours.

Weekly Hours:
40

Time Type:
Regular

Location:
IND:KA:Bengaluru / Innovator Building, Itpb, Whitefield Rd - Adm: Intl Tech Park, Innovator Bldg

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.