AT&T Principal-Technology Security- Compliance in Chicago, Illinois
Overall Purpose : This is a Compliance position reporting into the Chief Security office. This career step requires expert level experience. This position is supporting BUs for the defined Compliance functions including: Regulatory Compliance, Cloud Compliance, Audit Management, Proactive Compliance, Periodic Assessments & Validation, Issue Trending / Remediation / Tracking & Reporting, and overall Compliance to Policies, Standards, & Baselines (Gap Remediation). Increased responsibilities also include an expanded team requiring management, cross-training, and development. This role will engage broadly across business and information technology functions to ensure effective awareness, planning, and execution on security & compliance-related concepts, projects, initiatives, and requirements.
Responsible for review and analysis of policy, compliance, and security requirements, works with senior team members to develop integrated plans to protect corporate assets and information technology, and administers security systems to support daily security operations. Assess overall security risk of systems, prioritizes and leads activities to lower AT&Ts overall security risk posture.
Key Roles and Responsibilities: Responsible for leading, coordinating and executing strategies related to compliance to help AT&T meet objectives including safeguarding assets against fraud risk and complying with external regulations (e.g. Sarbanes-Oxley (SOX), PCI, Accessibility, SSAE 18, etc.). Validates processes are working end-to-end, identifying risk areas and risk treatments & mitigation, as well as leading internal compliance assessments to understand and determine potential impact to regulatory and non-regulatory compliance components. Responsible for functions centered on effective implementation of all the elements of a compliance program: compliance with applicable laws, rules, and regulations, internal policies and procedures; accepted business practices, ethical standards, and contractual obligations. Daily collaboration across all levels and BUs including Technology, HR, Legal, Finance, Production, Internal Audit, External Audit, SOX PMO, Privacy, Governance, Risk, BISOs, & Engineering.
Includes researching, recommending, documenting, and coordinating implementation of changes to policies, procedures, facilities, and systems to enhance security as well as developing and delivering corporate security awareness training for users and technical security training for system administrators. Facilitates compliance with company security policies, practices and legal requirements. May provide support to non-management employees, including coaching, on-the-job and formal training, reference materials, procedures and system documentation. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information. May interface with other stakeholders including vendors, application development and technical support staff, and clients. May provide inventory and asset management resources to security operation, including administrative supplies, security specific resources such as SecurID cards or cryptographic key management, and specialized security software. May perform some Cyber Security duties.
This critical position providing strategic and tactical support for all of AT&T regardless of business unit. The position requires regulatory (SOX, PCI, SSAE18, HIPAA, NIST, COBIT, ISO 27001/27002) and technical knowledge (application, network, operating systems, databases, tools, public and private cloud, etc.). The candidate must exhibit a high degree of thought leadership capabilities and be able to partner with clients to deliver best in class compliance and security requirements, architecture and design, research/strategy/planning, risk analysis and remediation and/or mitigation for complex platforms and services. The candidate must have strong communications skills to successfully oversee technical work activities of the team to deliver results. The candidate should have strong experience providing senior leadership briefings and preparing associated content.
This position focuses on validating that processes are working end-to-end, identifying risk areas and risk treatment/mitigation, as well as leading internal compliance assessments to understand and determine potential impact to regulatory compliance components. You identify areas of improvement and non-compliance which may result in the need to lead process changes and/or control redesigns. The Compliance Principal will drive various initiatives to completion and assist in managing and growing an effective Compliance Program globally. You will be responsible for a variety of functions centered on effective implementation of all the elements of a compliance program (project): compliance with applicable laws, rules, and regulations, internal policies and procedures; accepted business practices, ethical standards, and contractual obligations. You will act as an Information Security subject-matter-expert to support and assist with providing guidance to Senior Management on information and cyber security and/or compliance issues.
Regulatory & Advisory Compliance: 50% - Interfacing with business units across ATT to guide and assist asset owners to meet policy (non-regulatory) and regulatory compliance (SOX, PCI, etc.) requirements (inclusive of internal issues log tracking).
Audit Management: 20% - Managing and aligning technology focused audits including pre-audit prep, interim audit management, and post audit remediation (inclusive of tracking, reporting, and trending).
Proactive Compliance: 15% - Accountable for driving proactive compliance through day to day advisory services. Partnering with Stakeholders to redesign critical processes & special projects.
Periodic Assessments & Validation: 15% Perform periodic Compliance assessments (control design and SDLC application assessments) for new implementations, major upgrades, migrations to the cloud and other application change initiatives. Level of detailed assessment is dependent upon risk (data classification, and risk calculator).
CISA preferred (or CISSP, CISM or other equivalent).
Knowledge of / experience within the media industry required.
Will develop processes for evaluating compliance with internal policies, standards and baselines, industry standards (e.g., ISO27001, NIST), and regulatory requirements such as SOX, PCI, GDPR, and CCPA.
Will own program management of key initiatives such as SOX / PCI, including planning and scoping, execution of assessments, final reporting, and remediation of non-compliant areas.
Will be the resident expert for compliance monitoring, identifying gaps in the design or operating effectiveness of control points.
Stay abreast of existing and upcoming regulatory legislation in order to assess potential impact on the WM programs.
Drive process improvements and control implementation across business functions, including resolution of assessment findings and independent initiatives.
Assist in the implementation of the Company GRC system, policies, standards, and processes.
Responsible for end to end programs, such as leading targeted compliance audits and reviews, communicating results and recommendations in clear and concise written reports; and collaborate with management to ensure corrective actions are implemented effectively.
Validate system requirements, flows, and written procedures through testing and observations, and to ensure regulatory compliance operating procedures and controls
Have a diverse technical background, professional security credentials, demonstrated effectiveness in management and leadership, effective business acumen, excellent written and verbal communication skills, and exceptional interpersonal skills.
Proven experience executing strategies related to compliance
Expert knowledge in Access Management, Active Directory Consolidations, Compliance Policy Changes & Enhancements, etc.
Highly effective communicator
Technical knowledge of applications, network, operating systems, databases, tools, public and private cloud, etc.
Demonstrated experience in thought leadership and root cause analysis,
Working knowledge with the Payment Card Industry (PCI) standard
Experience in documenting, designing and testing internal controls
Ability to work in a fast paced or rapidly growing organizations
Ability to learn quickly, work independently, and maintain professional skepticism
Strong project management/organizational and planning skills; ability to manage multiple projects simultaneously and prioritize tasks to meet project deadlines
Job Contribution: Expert level technical professional. Advisor on technical knowledge and ATT technologies.
Education: Bachelor of Science degree in the field of Computers, Engineering, or Mathematics preferred.
Experience: Typically requires 8-10+ years’ experience. Technical Career Pathway (TCP) role.
Principal Functional Skills / Competencies associated with this Title:
Finance and Accounting
Identity and Access Management
Information Security Architecture
Information Security Management
Investigative Information Security Technologies
IT Service Continuity Management
Network and Internet Security
Software Security Assurance
Note: Additional skills / competencies may be added to this specific requisition. During the application process, you will be asked to provide your proficiency and experience with all the skills / competencies associated with the requisition.
Click here to view this job description in Career Intelligence. (http://careerintelligence.web.att.com/cip/view/main.html#!/jobProfile/49090204)
Job Code - 49090204
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.