Overall Purpose: This career step requires expert level experience. Responsible for review and analysis of security requirements, works with senior team members to develop integrated plans to protect corporate assets and information technology, and administers security systems to support daily security operations. Assess overall security risk of systems, prioritizes and leads activities to lower AT&Ts overall security risk posture.

Key Roles and Responsibilities: Includes researching, recommending, documenting, and coordinating implementation of changes to policies, procedures, facilities, and systems to enhance security as well as developing and delivering corporate security awareness training for users and technical security training for system administrators. Facilitates compliance with company security policies, practices and legal requirements. May provide support to non-management employees, including coaching, on-the-job and formal training, reference materials, procedures and system documentation. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information. May interface with other stakeholders including vendors, application development and technical support staff, and clients. May provide inventory and asset management resources to security operation, including administrative supplies, security specific resources such as SecurID cards or cryptographic key management, and specialized security software. May perform some Cyber Security duties.

This critical position providing strategic and tactical support for all of WM and AT&T regardless of business unit. The position requires regulatory (SOX, PCI, SSAE18, HIPAA, NIST, COBIT, ISO 27001/27002) and technical knowledge (application, network, operating systems, databases, tools, public and private cloud, etc.). The candidate must exhibit a high degree of thought leadership capabilities and be able to partner with clients to deliver best in class compliance and security requirements, architecture and design, research/strategy/planning, risk analysis and remediation and/or mitigation for complex platforms and services. The candidate must have strong communications skills to successfully oversee technical work activities of the team to deliver results. The candidate should have strong experience providing senior leadership briefings and preparing associated content.

This position focuses on validating that processes are working end-to-end, identifying risk areas and risk treatment/mitigation, as well as leading internal compliance assessments to understand and determine potential impact to regulatory compliance components. You identify areas of improvement and non-compliance which may result in the need to lead process changes and/or control redesigns. The Compliance Principal will drive various initiatives to completion and assist in managing and growing an effective Compliance Program globally. You will be responsible for a variety of functions centered on effective implementation of allof the elements of a compliance program (project): compliance with applicable laws, rules, and regulations, internal policies and procedures; accepted business practices, ethical standards, and contractual obligations. You will act as an Information Security subject-matter-expert to support and assist with providing guidance to Senior Management on information and cyber security and/or compliance issues.

Responsibilities Include:

Regulatory & Advisory Compliance: 50% - Interfacing with business units across Warner Media and ATT to guide and assist asset owners to meet policy (non-regulatory) and regulatory compliance (SOX, PCI, etc.) requirements (inclusive of internal issues log tracking).

Audit Management: 20% - Managing and aligning technology focused audits including pre-audit prep, interim audit management, and post audit remediation (inclusive of tracking, reporting, and trending).

Proactive Compliance: 15% - Accountable for driving proactive compliance through day to day advisory services. Partnering with Stakeholders to redesign critical processes & special projects.

Periodic Assessments & Validation: 15% Perform periodic Compliance assessments (control design and SDLC application assessments) for new implementations, major upgrades, migrations to the cloud and other application change initiatives. Level of detailed assessment is dependent upon risk (data classification, and risk calculator).

Accreditations/Licenses:

CISA, CISSP, CISM preferred.

Training/Special Skills:

Knowledge of / experience within the media industry required.

Will develop processes for evaluating compliance with internal policies, standards and baselines, industry standards (e.g., ISO27001, NIST), and regulatory requirements such as SOX, PCI, GDPR, and CCPA.

Will own program management of key initiatives such as SOX / PCI, including planning and scoping, execution of assessments, final reporting, and remediation of non-compliant areas.

Will be the resident expert for compliance monitoring, identifying gaps in the design or operating effectiveness of control points.

Stay abreast of existing and upcoming regulatory legislation in order to assess potential impact on the WM compliance programs.

Drive process improvements and control implementation across business functions, including resolution of assessment findings and independent initiatives.

Assist in the implementation of the Company GRC system, policies, standards, and processes.

Responsible for end to end programs, such as leading targeted compliance audits and reviews, communicating results and recommendations in clear and concise written reports; and collaborate with management to ensure corrective actions are implemented effectively.

Validate system requirements, flows, and written procedures through testing and observations, and to ensure regulatory compliance operating procedures and controls

Job Contribution: Expert level technical professional. Advisor on technical knowledge and ATT technologies.

Education: Bachelors of Science degree in the field of Computers, Engineering, or Mathematics preferred.

Experience: Typically requires 8-10 years experience. Technical Career Pathway (TCP) role.

Supervisory: No.