Join AT&T and reimagine the communications and technologies that connect the world. Our Consumer Technology experience team is delivering innovative and reliable technology solutions to power differentiated, simplified customer experiences. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

As AT&T Technology Risk Director – Risk Identification and Assessment, you will be responsible for overseeing and assessing the enterprise’s technology risk control framework and leading key functions of the Technology Risk Program.  Increasing levels of regulatory requirements demand additional risk management rigor, and we must implement highly resilient, reliable, and effective solutions that meet and in some cases exceed performance standards found in other information rich industries.  You will provide leadership and support for Technology Risk initiatives across the business and advocate for best practices, while incorporating an independent oversight lens.  You will utilize risk-based management to integrate information and technology risk processes into the way AT&T operates.

Reporting to AT&T’s Vice President of Technology Risk, you will lead a team responsible for identifying, assessing, responding to, and monitoring Technology Risk. You will ensure that regulatory / risk policies and standards and their impact on business operations are understood and addressed consistently across AT&T, and that technology risks of new and existing technology facilities, as well as third party facilities, are assessed, monitored, and remediated as necessary. You will help to provide coverage for regulatory issues with our global technology partners and assist with regulatory exams, requests, and meetings.

• Lead the risk identification and assessment capabilities of the Technology Risk Program in support of compliance initiatives within respective business units / functions
• Establish, operationalize, and maintain the Technology Risk Program’s risk and controls framework
• Provide thought leadership on, as well as, manage the development of Technology Risk processes and frameworks and oversee the integration and implementation of proposed solutions
• Ensure IT risk assessment Standards and Policies are fit for purpose and are appropriate from a regulatory, risk and compliance perspective
• Provide expertise to business units around identification and assessment of technology emerging risks
• Work with applicable business, operational and IT organizations to help ensure that business and IT projects are appropriately assessed for IT risks
• Provide subject matter advice to technology and business leaders in support of Tech Risk compliance initiatives
• Support Tech Risk teams responsible for risk identification, assessment, and control evaluation
• Support efforts to improve the Technology Risk Program’s onboarding capabilities, with the goal of facilitating and streamlining Program adoption, and simplifying the process for business units to understand and comply with Program requirements/controls
• Periodically assess Technology Program capabilities and associated maturity levels to identify Program enhancement opportunities
• Develop strong relationships and interact with Senior Leadership, Business Unit Heads, Global Functions, Internal Audit, External Regulators, Legal and Compliance, Privacy, IT, and Offshore teams to coordinate activities
• Develop and deliver executive-level IT risk presentations to describe risk exposures and actions required
• Support Vice President of Technology Risk with escalation of high risk observations to executive leadership
• Support teams conducting risk and control assessments of new and existing business capabilities
• Represent AT&T’s interests to appropriate industry and standards forums and advise the Vice President of Technology Risk concerning topics and trends pertaining to information technology risks

• 7-10+ years of work experience in technology, operational risk management, or a related discipline at a global company
• Significant (7+ years) experience in multiple industry risk, control and governance disciplines (e.g. Enterprise Risk Management, Audit, Information Security, Regulatory Compliance)
• Experience designing, implementing, and sustaining programs that effectively identify and assess risk in the risk management lifecycle; including:
  • Technology risk and control identification
  • Risk and control register management
  • Technology maturity assessment
  • Inherent risk assessment
  • Technology control evaluation
  • Residual risk assessment
• Assessment experience must include evaluations of maturity, inherent risk, control environment through formal testing, and residual risk
• Demonstrated success in remediating self-identified, internal / external audit, and regulatory / compliance issues
• In-depth understanding of information technology and best practices across the industry as well as project management principles
• Extensive knowledge of information and technology risk management policies, methods, standards, tools, and processes (e.g. ISO, COSO, COBIT) as well as knowledge of compliance, legal, internal / external audit & regulatory requirements
• Ability to weigh business needs against risk concerns and effectively articulate issues to different audiences
• Strong expertise in the collaboration, facilitation and coordination of the mitigation of risks. Adept at navigating governance structures. Ability to manage and analyze data. Experience raising awareness of information and technology risk throughout an organization
• Understanding of metrics development and reporting. Strong problem solving and program execution skills. Ability to prioritize and drive difficult decisions among business partners.
• Ability to solve very complex risk issues that span legal, compliance and regulatory obligations across various lines of business and shared service areas of the company
• Strong client relationship management experience, communication, and influencing skills
• Strong interpersonal and oral/written communication skills, able to build relationships with people at all levels in all geographies. Experience developing and delivering presentations to all levels of management. Strong ability to develop, lead and manage a professional staff

Desired

• BS required and advanced degree preferred