Consultant Professional Services 2 ATC
The Governance, Risk and Compliance Security services of AT&T Consulting Solutions is looking for qualified persons to join its team of world-class security and information risk management professionals. This position will be focused on providing guidance around security and privacy regulatory and industry standard requirements to our portfolio of Fortune 500 clients, conducting security risk assessments, and working with the practice leadership to keep abreast of developments in the information security space from both a strategic and technical perspective.
Key job responsibilities will include:
Conduct information security assessments using industry accepted best practices and approaches to support enterprise business goals and objectives
Evaluate information security risk in context of business environment and industry requirements
Consult with clients on information security best practices and provide guidance on cost-effective strategies for implementation of security
Follow standard methodologies and develop new and innovative processes for delivering information security solutions
Focus on results and ability to work within tight timelines
Demonstrated ability to learn and apply critical thinking to a variety of situations
Design deliverable content to precisely reflect the engagement contract and client needs
Work with clients to help them understand where improvements could be made, and propose scenarios and solutions to address these areas of improvement
Build and nurture positive working relationships with clients with the intention to exceed client expectations
Required Qualifications
BA/BS in information technology, business administration, or related field preferred
3-5 years of experience in information risk management, security governance, program development, regulatory and controls experience
CISSP certification
CISM, CCSP, CIPP, CISA certification a plus
Solid understanding of the evolving security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices
Experience performing risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., HIPAA, HITRUST, HITECH, PCI DSS, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP, etc.)
Experience and firm understanding of the development and implementation of information security policies, standards and related procedures
Ability to provide risk-based recommendations based upon the size and complexity of the clients organization
Ability to educate clients of the risk implications associated with a particular business decision, and communicate the likelihood and impact of those decisions so clients can fully quantify those risks
Ability to translate complex technical information across all levels of the organization
Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors
Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction in a global, matrix-management environment
Strong business acumen and process-oriented thinking
Excellent presentation and issue resolution skills
Written communication skills for use in preparing formal documentation including deliverables, Statements of Work, proposals, white papers, and case studies
Verbal skills that include the ability to clearly articulate thoughts, be persuasive and to deliver presentation and training to all levels of management
Ability to interface with C-levels, as well as tactical implementers
Able to manage projects from inception to successful implementation
Strong investigative and analysis skills with the ability to handle confidential information
Ability to travel (~25% of time)
Keeps informed of advances in information security; self-motivator
Additional Qualifications
Consulting experience required
Privacy experience a plus
Understanding of cloud technologies and security is a plus
Understanding of available security tools and technologies
PCI DSS QSA a plus
AT&T will consider for employment qualified applicants in a manner consistent with the requirements of federal, state and local laws
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status