Lead Cybersecurity

AT&T•Charlotte, NC

2d•Onsite

About The Position

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered. About the Company: Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it. About the Job: We are seeking a SOX Manage Access-Risk & Technology Lead, you will be a trusted partner to our cross-functional stakeholders, bringing deep process, technology risk, automated controls and IT general controls expertise, to help the company drive a scalable, well-designed control environment. This is a high-impact individual contributor role, you will be a trusted partner to our cross-functional stakeholders, bringing deep process, technology risk, automated controls and IT general controls expertise, to help the company drive a scalable, well-designed control environment. You’ll play a key role in the financial and technology risk assessment, readiness, control optimization, and change enablement for AT&T’s SOX program. What you'll bring Lead the identification, assessment, and mitigation of technology risks across the organization. Develop and maintain risk frameworks, policies, and procedures aligned with industry best practices. Develop and enforce Identity and Access Management (IAM) policies and procedures to ensure compliance with SOX requirements. Oversee the control environment for multiple IAM platforms (such as SailPoint, CyberArk, Active Directory, Azure AD), ensuring seamless integration with governance, risk, and compliance (GRC) tools and supporting the organization’s overall security and compliance objectives. Drive coordination and program management for initiatives impacting SOX scope, including new scope, technology process and control changes and optimization. Serve as an end-to-end process and IT control expert advising control and process owners on SOX requirements, risk assessment, control design, and optimization strategies. Participate in walkthroughs for high-risk areas and changes to help ensure readiness and control design effectiveness. Evaluate process and control changes, evaluate risk, business process transformations, advise on new initiatives for SOX impact, and provide clear, actionable recommendations Oversee the documentation of control narratives and perform control testing Collaborate with technical and business stakeholders to support the deficiency evaluation process including root cause analysis, impact assessment, management action plan development, remediation monitoring and validation. Oversee the development and execution of cybersecurity controls, including access management, vulnerability management, incident response, and data protection. Stay current on cyber threats, regulatory requirements, and control frameworks (e.g., NIST, ISO 27001). Partner with process owners and control owners to drive awareness and understanding of SOX requirements and protocols, control design requirements, and enterprise control strategy. Develop and review new and updated testing procedures to ensure control evidence and scope are sufficient and aligned with risk.

Requirements

8-10+ years of experience in internal audit, SOX compliance, risk advisory, or public accounting.
Bachelor’s or Master’s degree in a relevant discipline, such as Computer Science, Computer Engineering, Information Systems or equivalent experience preferred, but not required.
CISA, CRISC, CISSP, AWS Certified Cloud Practitioner or above, CPA, CIA preferred.
Deep knowledge of IAM principles and standards (e.g., NIST SP 800-53, ISO 27001, CIS Controls), with practical experience assessing and implementing IAM controls across a technology environment.
Strong understanding of technology risk, financial reporting risk, internal controls (automated and ITGC), and PCAOB requirements.
Hands-on experience with SOX readiness, automation, or transformation initiatives is required.
Working knowledge of information technology best practices and control frameworks.
Excellent interpersonal skills.
Demonstrated ability to influence cross-functionally and at all levels of management and effectively navigate the social dynamics of teams, groups, and organizations.
Proven leadership and process management skills, including the ability to think and lead multiple complex projects simultaneously.
High attention to detail and quality, balanced with the ability to see the big picture and identify areas for process simplification.
Excellent written and verbal communications, presentation, and influencing skills.
Superior ability to clearly articulate a point of view and adjust communication style and content to suit audience needs.
Ability to simplify complex concepts into clear and action-oriented communications and work through ambiguity, with confidence in making tough calls and leading through adversity with a sharp focus on driving the right outcomes.
Ability to proactively look ahead, anticipate questions, independently assess risk, think critically and creatively to achieve the best outcome, and elevate issues to the right level internally and externally to resolve.
Ability to lead, plan, execute and evaluate project activities to ensure completion of initiatives
Skill in mentoring, and performance management
Skill in using analytical software tools, data analysis methods and reporting techniques
Skill in using computer applications including MS Office and industry standards
Ability to communicate effectively in both oral and written form
Ability to work collaboratively and build relationships across teams and functions
Ability to work successfully as a member of a team and drive team execution
Ability to exercise sound judgement in making decisions
Ability to analyze, organize and prioritize work while meeting multiple deadlines
Proficiency in analyzing data, identifying trends and preparing reports.
Familiarity with cloud platforms (AWS, Azure, GCP) and their IAM solutions.
Deep understanding of IAM tools, IT Security Audits, and Cloud Engineering.
Experience in reviewing PAM solutions & designing controls around them.
Extensive experience with technologies such as SailPoint and CyberArk, documenting processes flows and designing SOX controls framework.
Product experience with SailPoint, CyberArk and Delinea
Strong understanding of SOX IT General Controls

Nice To Haves

CISA, CRISC, CISSP, AWS Certified Cloud Practitioner or above, CPA, CIA preferred.
Bachelor’s or Master’s degree in a relevant discipline, such as Computer Science, Computer Engineering, Information Systems or equivalent experience preferred, but not required.

Responsibilities

Lead the identification, assessment, and mitigation of technology risks across the organization.
Develop and maintain risk frameworks, policies, and procedures aligned with industry best practices.
Develop and enforce Identity and Access Management (IAM) policies and procedures to ensure compliance with SOX requirements.
Oversee the control environment for multiple IAM platforms (such as SailPoint, CyberArk, Active Directory, Azure AD), ensuring seamless integration with governance, risk, and compliance (GRC) tools and supporting the organization’s overall security and compliance objectives.
Drive coordination and program management for initiatives impacting SOX scope, including new scope, technology process and control changes and optimization.
Serve as an end-to-end process and IT control expert advising control and process owners on SOX requirements, risk assessment, control design, and optimization strategies.
Participate in walkthroughs for high-risk areas and changes to help ensure readiness and control design effectiveness.
Evaluate process and control changes, evaluate risk, business process transformations, advise on new initiatives for SOX impact, and provide clear, actionable recommendations
Oversee the documentation of control narratives and perform control testing
Collaborate with technical and business stakeholders to support the deficiency evaluation process including root cause analysis, impact assessment, management action plan development, remediation monitoring and validation.
Oversee the development and execution of cybersecurity controls, including access management, vulnerability management, incident response, and data protection.
Stay current on cyber threats, regulatory requirements, and control frameworks (e.g., NIST, ISO 27001).
Partner with process owners and control owners to drive awareness and understanding of SOX requirements and protocols, control design requirements, and enterprise control strategy.
Develop and review new and updated testing procedures to ensure control evidence and scope are sufficient and aligned with risk.

Benefits

Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected.
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.