Associate Director-Technology at AT&T in El Segundo, California

Job Description:

Overall Purpose: Supervises a target size team of 10 or more employees (with at least 4 level 2 employees) that are responsible for the development and/or delivery of IT-related work relative to the technical sub-families including Agile, Application Design and Programming, Business Support, Database, Systems Architecture and Engineering, Systems Technical Support, Technical Project Management, and Technology Security. Make suggestions and recommendations as to the hiring, firing, advancement, promotion, and other status changes for employees under their supervision.

Key Roles and Responsibilities: The incumbent interviews and selects employees, maintains proper staffing levels, allocates resources, supervises teams daily operations, productivity, identifies areas for improvement, develops action plans to improve performance, develops teams technical and managerial expertise through on-the-job and formal training opportunities, enforces Company policies, takes necessary disciplinary action, evaluates individual performance for annual performance review, merit increases, promotions and other employment status changes, and conducts long-range planning for the team. Responsible for budget management, and coordinating, evaluating, and partnering with technology vendors, outside consultants and internal dotted line resources as needed. Acts as main contact with other organizations to identify and quantify business issues associated with specific projects, develops and implements business strategy, and assists in setting strategic technical direction. May also manage complex enterprise-wide, multiple applications, or system development projects by working with clients to develop business cases, defining business and/or technical requirements, defining the projects scope and work schedules, estimating necessary resources, allocating capital and expense funding, and reconciling the actual expenses to estimates to keep the project within budget.

This position providing strategic and tactical support for all of WM and AT&T regardless of business unit. The position requires regulatory (SOX, PCI, SSAE18, HIPAA, NIST, COBIT, ISO 27001/27002) and technical knowledge (application, network, operating systems, databases, tools, public and private cloud, etc.). The candidate must exhibit a high degree of thought leadership capabilities and be able to partner with clients to deliver best in class compliance and security requirements, architecture and design, research/strategy/planning, risk analysis and remediation and/or mitigation for complex platforms and services. The candidate must have strong communications skills to successfully oversee technical work activities of the team to deliver results. The candidate should have strong experience providing senior leadership briefings and preparing associated content.

This position will primarily manage the team supporting the ATT PCI Program (8-10 reports) beginning in Q1 2021. They will be responsible for overseeing escalations, overall status and progress, and addressing questions as they arise related to the below assessment types which the team will be responsible for. The associate director will manage daily program operations, develop program policy/procedure, conduct program assessment and evaluation, manage day to day administration, and participate in strategic planning.

The role is responsible for overseeing the coordination and execution of strategies related to compliance to help the Company meet its objectives including safeguarding our assets against fraud risk and complying with external regulations. This team focuses on validating that processes are working end-to-end, identifying risk areas and risk treatment/mitigation, as well as participating in projects to understand and determine potential impact to regulatory compliance components. They identify areas of improvement and non-compliance which may result in process changes and/or coaching requests.

Responsibilities will include:

Regulatory & Advisory Compliance: 50% - Interfacing with business units across Warner Media and ATT to guide and assist asset owners to meet policy (non-regulatory) and regulatory compliance (SOX, PCI, etc.) requirements (inclusive of internal issues log tracking).’’ Resource must be able to assess and test controls for critical functions and processes, potential impacts to AT&T/WM, and help to build remediation plans to address areas of non-compliance. Additionally, must have ability to identify/contact responsible resources across all BUs and articulate/document issues for senior leadership.

Audit Management: 20% - Managing and aligning technology focused audits including pre-audit prep, interim audit management, and post audit remediation (inclusive of tracking, reporting, and trending). The position requires regulatory (SOX, PCI, SSAE18, HIPAA, NIST, COBIT, ISO 27001/27002) and technical knowledge (application, network, operating systems, databases, tools, public and private cloud, etc.). To assist with the audit process

Proactive Compliance: 15% - Accountable for driving proactive compliance through day to day advisory services. Partnering with Stakeholders to redesign critical processes & special projects. The role is responsible for overseeing the coordination and execution of strategies related to compliance to help the Company meet its objectives including safeguarding our assets against fraud risk and complying with external regulations

Periodic Assessments & Validation: 15% Perform periodic Compliance assessments (control design and SDLC application assessments) for new implementations, major upgrades, migrations to the cloud and other application change initiatives. Level of detailed assessment is dependent upon risk (data classification, and risk calculator). Act as an Information Security subject-matter-expert to support and assist with providing guidance to Senior Management on information and cyber security and/or compliance issues. Should have experience with various cloud platforms including AWS, Azure, Google, Salesforce, etc.

Training/Special Skills:

Knowledge of / experience within the media industry required.

Will develop processes for evaluating compliance with internal policies, standards and baselines, industry standards (e.g., ISO27001, NIST), and regulatory requirements such as SOX, PCI, GDPR, and CCPA.

Will own program management of key initiatives such as SOX / PCI, including planning and scoping, execution of assessments, final reporting, and remediation of non-compliant areas.

Will be the resident expert for compliance monitoring, identifying gaps in the design or operating effectiveness of control points.

Stay abreast of existing and upcoming regulatory legislation in order to assess potential impact on the WM compliance programs.

Drive process improvements and control implementation across business functions, including resolution of assessment findings and independent initiatives.

Assist in the implementation of the Company GRC system, policies, standards, and processes.

Responsible for end to end programs, such as leading targeted compliance audits and reviews, communicating results and recommendations in clear and concise written reports; and collaborate with management to ensure corrective actions are implemented effectively.

Validate system requirements, flows, and written procedures through testing and observations, and to ensure regulatory compliance operating procedures and controls are working as intended.

Education: Preferred Bachelor of Science degree in Computer Engineering, Computer Science, Applied Science, Electrical Engineering, or Math; Developer or Data Analytics nanodegree; or equivalent experience.

Experience: Typically requires 8-10 years experience.

Supervisory: Yes.

DESIRED QUALIFICATIONS: