Associate Vice President (AVP), Cyber Security & Deputy CISO - Calgary

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ6909

Department: CXT

Location: Anywhere in Alberta, preference for Calgary or Edmonton

Apply by: Sunday, November 26, 2023

Paygrade: P-OTH

System Title: Deputy Chief Information Security Officer

# Positions available: 1

Leader Name: Innes Holman, SVP, Technology Architecture, Risk, & CISO

Work Arrangement: Hybrid - You’ll work both remote and onsite, where time onsite is based on your job

accountabilities and performance objectives.

As ATB’s next AVP Cyber Security & Deputy CISO, you will develop, coordinate and implement security strategies, guidelines and standards for ATB, in and outside of IT as well as identify, evaluate and recommend effective resolutions; create awareness of cyber security best practices and guidelines across the organization and ensure that ATB’s practices and guidelines are followed and maintained at all times.

This role manages the Cybersecurity functions and contributes to the definition and implementation of the Information Technology strategy across the organization to ensure that the confidentiality, integrity, and availability of the organization’s information assets is maintained. The individual will interact with other Senior leaders within business AOEs and SSUs and within CXT, external service partners, and the members of the operations and service management teams. This role sets vision and direction to inspire and drive continuous improvement of cyber security policies, standards and procedures. The Individual is expected to demonstrate significant depth of technical and security expertise in technology solutions, as well as comprehensive understanding of client processes and business operations.

Key Responsibilities:

Security Strategy & Roadmap

• Championing the information security strategy and roadmap in alignment with ATB’s 2030 strategy
• Remaining current with IT Security trends and best practices to ensure the organization’s IT Security strategy is fit for ATB and contemplates readiness for future threats
• Leading and collaborating across IT domains to implement & maintain security roadmap components
• Managing security tooling and use within the organization with a goal of least privilege, cost optimization and simplification
• Evaluating and recommending new information security technologies and counter-measures against threats to information or privacy
• Guiding development of security reports and dashboards.

Security Standards

• Directing the development & continuous improvement of an information security framework, along with the underlying standards, processes and procedures.
• Defining the IT Security requirements for IT projects and IT operations, ensuring alignment to industry best practices in a multimodal enterprise that includes heritage and cloud native systems as well as innovation.
• Informing a risk based process for third party management with cyber requirements and controls
• Defining policies, standards and guidelines for access management (client and team member) & simplifying access management processes and tools for clients and employees to optimize both security and client experience
• Defining processes and recovery protocols for cyber incident preparedness; responding and rehearsing same
• Developing and sustaining alliances with appropriate industry associations to benchmark best practices

Security Improvements & Advisory

• Managing  IT Security service providers, vendors, and consultants to ensure key objectives and deliverables are met in an efficient manner
• Providing guidance and assistance to CX&T Senior Management and other areas within the organization with regard to addressing IT Security issues
• Collaborating with key stakeholders to determine acceptable levels of risk in compliance with regulatory requirements.
• Providing support for regulatory requirements and IT-cyber related audits, as well as coordination of investigations and audit of information security breaches

Security Identification, Protection, Detection

• Actively ensuring appropriate administrative, physical and technical safeguards are in place to protect the information assets from internal and external threats.
• Coordinating with operational groups and business units to identify and implement measures to prevent or detect security incidents or breaches
• Partnering with the fraud team to provide tooling to enable required capabilities & to realize the value of a “Fusion Center” with diverse skills collaborating to protect information assets
• Identifying and rectifying vulnerabilities across all IT domains.  This includes monitoring regular patching routines aligned to highest risk items as well as ad hoc patching where needed. 
• Introducing and implementing appropriate processes and procedures to test all information security safeguards on a regular basis.
• Implementing and operationalizing solutions to identify and evaluate the health of all of ATB’s technology assets - hardware, operating systems, software, services and data
• Leveraging technologies to provide layered defense from threat actors
• Implementing and operationalizing solutions to ensure protection of the company's systems and data from unauthorized users both internally and externally 
• Undertaking periodic reviews and audits, as required, engaging both internal business partners throughout the organization as well as external resources.
• Providing leadership and oversight for the design and implementation of all security incident and vulnerability management processes.
• Providing oversight and guidance in performing on-going security monitoring of information systems including assessing information security risk through a qualitative risk analysis on a regular basis; 
• Leading efforts to conduct functional gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements

Security Response and Recovery

• Proactively leading development of cyber incident recovery planning 
• Guiding table top and other dry run activities to ensure alignment and preparedness for a cyber incident
• Continually reviewing and assessing ATB’s readiness for a cyber incident in the changing threat landscape
• Ensuring that disaster recovery and emergency operating procedures are in place and tested on a regular basis and aligned with cyber incident protocols in conjunction with Technology operations  and first line of defense

Leadership Responsibility

• Drive coordination of strategic planning processes and ensure alignment with broader strategic objectives
• Act as a member of the TSARC Leadership Team and collaborate with his/her peers to achieve the  strategic plan
• Be a change champion, enhance organizational readiness, gain support and mobilize resources to achieve the business objective from change
• Be a trusted strategic advisor to the CX&T leadership team based on the functional responsibilities
• Provide leadership to ensure the ATB leadership understands the importance, relevance and involvement of the role’s area
• Exhibit exceptional leadership, business acumen, and professional behaviors in all interactions
• Participate in governing bodies, industry bodies,  and steering committees according to cadence as required
• Provide guidance to the Cyber Risk Management Committee and contribute to the IT Capital Approval Committee and Architecture Design Decision and Review Board(s)

Financial / Budgetary Responsibility

• Develop, administer and adhere to the budget allocated for the role’s span of control
• Oversee the execution of multiple concurrent initiatives annually covering all aspects of the role’s scope. 
• Provide guidance on security alignment to all CXT initiatives.
• Establish guidelines to understand and mitigate potential risks involved in the loss of intangibles (reputation) in conjunction with ERM and Finance

People Management

• Hire, develop and empower competent leaders and team members. Execute HR policies and procedures relevant to IT (recruit, hire, compensate, train, appraise, promote and dismiss)
• Serve as mentor for leaders and team members, provide support and guidance for staff development and identify and action succession plans
• Conduct performance evaluation of the team and provide effective coaching and mentoring
• Foster a team environment, recommend training programs targeting specific areas of improvement, mentor members of the IT team and provide inputs to performance reviews
• Share knowledge and develop staff capabilities to strengthen understanding of the relevant area and IT-Business alignment
• Develop and communicate organizational objectives; inspire and motivate team members to achieve results
• Build organizational talent by creating a learning environment that ensures employees realize their highest potential
• Actively work to streamline processes with the goal of speeding delivery to the client while balancing risk management objectives

Relationship Management

• Work in partnership with Business and CX&T senior leaders on strategic initiatives to continuously improve policies, standards and procedures by anticipating issues, providing advice and sharing knowledge and best practices
• Provide insights and guidance to the TSARC Head based on the functional responsibilities and accountabilities
• Partner across the CX&T and TSARC Senior Leadership team to align with internal and external client demands
• In collaboration with CX&T and TSARC senior leadership, ensure all delivered technology solutions are aligned with the organizational goals

Requirements

Accreditation

• Bachelor’s degree in an appropriate field (Information Security)
• 15+ years of proven experience and demonstrated success in technology leadership with emphasis on information security
• 5+ years of experience in information systems security at a senior leadership role
• Industry recognized IT security designation (CISSP, CRISC or CISM)
• Familiarity with cyber security, SOX, PCI and ISO 27001. Experience with policy compliance tools and control processes.
• Financial industry experience, and Technical background
• Relevant technical knowledge and experience with ITIL processes, Cloud platform technology (Google and Amazon Web Services Preferred) and IT operations
• Organizational agility, a positive and participative leadership style that earns the trust and support of all levels of senior management across the organization is highly valued.
• A strategically oriented individual with superior communication and interpersonal skills and a willingness to roll-up his/her sleeves to achieve agreed upon outcomes.
• Well versed in partnership-oriented delivery models.

Core Skills

Skills required for optimal performance, for example:

• Able to lead a large team of technology experts and vendor partners.
• Is an exceptional communicator with demonstrated ability to build relationships with senior leadership
• Able to develop and communicate the organizational vision, and inspire and motivate across a diverse set of stakeholders
• Ability to present information in a variety of different formats and influences all levels of the organization, including senior leaders.
• Proven ability to work with competing resources, budget limitations, and strong conflict management skills
• Strong business acumen including financial management as well as managing resources to drive stated value-driven results;

Additional Information

• Reports to the Head of Technology Strategy Architecture Risk and Cybersecurity (TSARC)
• Member of TSARC Senior Leadership Team

At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.

Interested? If you know one of our team members, BEFORE applying, reach out to them and ask them for a referral link to help your application stand out.

Online applications are preferred. Please let us know if you require any accommodations.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.