Third-Party Cyber Risk Manager
HumanaSalary not specified
Full Time
Mid-level (3 to 4 years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Telecommunications, CybersecurityIndustries
Requirements
- Experience in IT General Controls (ITGC) and IT Application Controls (ITAC) testing and evaluation (Control Testing: Hands-on Experience)
- Familiarity with cloud security controls and best practices
- Experience and understanding of AI/ML working principles, including control testing and related risks
- Ability to interpret and act on assigned tasks
- Understanding of Third-Party Risk Management (TPRM) and Vendor Risk Management (VRM) processes, products, and services
- Familiarity with GDPR, ISO 27001, SOC 2, and related standards/frameworks and compliance requirements
- Certified Ethical Hacker (CEH) certification or equivalent skills
- Knowledge of vulnerabilities, threat identification, and remediation; ability to understand and analyze penetration test (Pentest) reports
- Working knowledge of PCI-DSS compliance and control requirements
- 3 years minimum experience in third-party risk management or risk consulting out of which, at least 3 years in assessing / testing of third-party applications security
- Good understanding of various third-party risk management frameworks and standards
- Good exposure to regulatory requirements in other industries
- Awareness of known vulnerabilities, security features, and expected controls for leading ERPs like Oracle EBS, Fusion, Hyperion SAP etc., and / or other third-party applications like Salesforce, Workday etc
- Proven project management skills
- Experience Level: 3+ years
- Desirable: Bachelor's or master's degree in computer science, Mathematics, Information Systems, Engineering, Commerce or Cyber Security
- Desirable: Prior experience with Telecom sector
- Desirable: ISACA, ISC2 or other relevant certifications
Responsibilities
- Executing product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders
- Supporting RATE (Risk Assessment Testing and Enforcement) leadership in reporting on trends identified and responses recommended
- Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party application usage
- Suggest ways to enhance the review process for better effectiveness and efficiency
- Executing third-party product security assessments, identifying issues that needs appropriate risk treatment, and reporting them to the senior ATS stakeholders
- Partnering with RATE (Risk Assessment Testing and Enforcement) leadership to help them recommend and enforce approved Technology Standards for use across the enterprise
- Supporting the development / enhancement of processes / tooling that helps better identify / record / address the risks related to third-party product usage
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
What experience level is required for this Sr Associate Cybersecurity role?
The position requires 3+ years of experience.
Where is this position located?
The job is located in Hyderabad or Bengaluru.
What key skills and experiences are needed for this role?
Required skills include experience in IT General Controls (ITGC) and IT Application Controls (ITAC) testing, familiarity with cloud security controls, understanding of AI/ML principles and risks, knowledge of Third-Party Risk Management (TPRM), and familiarity with standards like GDPR, ISO 27001, and SOC 2. Certified Ethical Hacker (CEH) certification or equivalent, knowledge of vulnerabilities and pentest reports, and PCI-DSS compliance are also needed.
What does the RATE team do at AT&T?
The RATE team evaluates products and solutions for vulnerabilities and compliance, executes security assessments, identifies risks, and supports process enhancements to ensure secure deployments adhering to Secure by Design principles.
What makes a strong candidate for this cybersecurity position?
Strong candidates have hands-on experience in ITGC/ITAC control testing, cloud security, AI/ML risks, TPRM/VRM, compliance frameworks like ISO 27001 and PCI-DSS, and CEH certification, along with the ability to analyze pentest reports and suggest process improvements.
AT&T
Telecommunications services including wireless and broadband
About AT&T
AT&T provides telecommunications services, including wireless communications, broadband internet, and digital television, primarily in the United States. Its 5G network offers faster data speeds and more reliable connections, although availability can vary. The company caters to both individual consumers and businesses, offering various subscription plans that include options for unlimited data and bundled services that combine internet, TV, and phone. AT&T generates revenue mainly through subscription fees, device sales, and its streaming service, DIRECTV STREAM, which adds to its diverse offerings. In a competitive market, AT&T distinguishes itself with its extensive service range and strong brand presence.
Dallas, TexasHeadquarters
1876Year Founded
$43.3MTotal Funding
IPOCompany Stage
Consumer Software, EntertainmentIndustries
10,001+Employees
Benefits
Health Insurance
Dental Insurance
Vision Insurance
401(k) Retirement Plan
401(k) Company Match
Paid Vacation
Paid Sick Leave
Paid Holidays
Paid Parental Leave
Adoption Assistance
Disability Insurance
Life Insurance
Employee Assistance Programs
Wellness Program
Employee Discounts
Risks
The customer service guarantee may increase financial liabilities due to compensation for outages.
A recent data breach could damage AT&T's reputation and lead to customer churn.
Resistance to replacing landlines may impact customer retention and satisfaction.
Differentiation
AT&T offers a unique customer service guarantee, setting it apart from competitors.
The company is expanding its fiber network, enhancing broadband offerings in underserved areas.
AT&T's 'Phone-Advanced' device aligns with the trend of replacing traditional landlines.
Upsides
AT&T's fiber network expansion could provide a competitive edge in broadband services.
The new customer service guarantee may attract customers from competitors lacking similar assurances.
Collaboration with The Arc enhances AT&T's brand image through corporate social responsibility.
Related Jobs
RemoteRemoteSr. Product Designer, Assessments
Khan AcademySalary not specified
- Full Time
- Senior (5 to 8 years)
RemotePartner Diligence
ColumnSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Compliance Analyst
EarnestSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Penetration Tester
HumanaSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteStaff Product Manager - Vendor Risk Management
Vanta$221,000 - $260,000/year
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Enterprise Risk Management Specialist
Spring HealthSalary not specified
- Full Time
- Senior (5 to 8 years)