Our bottom line is different.
There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.
Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.
Job Number: REQ4827
Location: Anywhere in Canada, preference for Alberta #LI-Remote
Apply by: Sunday, October 9, 2022
System Title: Director, Cybersecurity and Security Assurance
# Positions available: 1
Leader Name: Wade Fasek
As ATB’s next Director of Cyber Security and Security Assurance, you will be part of the leadership team for the office of the CISO. You will be responsible for implementation and maintenance of ATB’s cybersecurity posture, validating protections in place, and looking forward for emerging threats. This is achieved through leading a talented team of Security Analysts as well as direct support for ATB’s CISO.
The purpose of this position is to deliver and manage a team to:
- Focus on the delivery of Cyber Security policies and processes to secure ATB systems and data against threats
- Plan, Prepare and Execute validation activities to ensure new projects and operational systems technically adhere to Information Security policies and processes with a focus on reporting, tracking and closing identified issues.
- Assess and Deliver vulnerability and penetration test efforts on projects and operational systems at ATB
- Research, Analyze and Deliver reports on emerging threats and future cyber risks
You will find success in your ability to:
- Provide leadership, coaching and direction to a team of security professionals in the delivery of security services that have organizational wide impacts.
- Continuously review processes and practices to meet objectives in a fast paced environment.
- Participate and provide leadership in the Security Response Team for all Cybersecurity incidents
- Lead Red Team testing of systems with comprehensive reports of findings and remediation guidance for business stakeholders
- Proactively anticipate and model threats and threat actor scenarios
- Develop strategic guidance for business stakeholders on emerging cyber threats
- Developing and maintaining the access control rules for systems, databases, networks and application; providing controlled access in accordance with owner-defined information access requirements
- Actively participate in the application development/acquisition process to ensure security requirements are considered at all phases of application development/acquisition process - from definition of user requirements, through application design, construction/purchase, testing, production use of the system, and application retirement
- Ensuring communication of expectations and verification of delivery of services.
As the Ideal Candidate, you possess:
- Leadership – History of leading teams of security or IT staff members and/or Managed service contracts.
- Strong management and administration skills, with a demonstrated ability to lead change and solve problems.
- Excellent communication and relationship-building skills, with a demonstrated ability to work effectively within both the business and technical arenas.
- Well-developed analytical skills accompanied by proven decision-making experience.
- Demonstrated aptitude for continuous learning and innovative thinking.
- Excellent verbal and written communication skills, including polished presentation skills with the ability to deliver technical issues to both technical and non-technical audiences in a clear and understandable manner.
- Strong leadership skills with the ability to lead assignments/teams and mentor others.
- System Administration – experience as sysadmin for Unix or Unix+Windows in large environments, including familiarity with local/OS/software firewalls including Windows Firewall, iptables, IPF, PF, or similar.
- Familiar with all aspects of operating system and application logging, including centralized logging, Syslog, web logs, process auditing, and file integrity monitoring.
- DBA – Familiar with two of: Oracle, MySQL, MS SQL Server, PostgreSQL, SAP, DB2 in the context of transaction/audit logs, end-to-end security between servers as well as Clients & Servers, DB & Table Access Permissions, DRP (backups/restores/redundancy), SQL injection, query performance tuning.
- Networking – Familiar with OSI Layer 3-7, cloud services VPCs, VLANS, private VLANS, secure VLANS, trunking, switching, routing, firewalls, reject/deny vs. drop, reverse tunnels, and solicited vs. unsolicited ingress & egress.
- Penetration Testing – Familiar with PCI compliance, WebApp Pentesting, network scanning vs. agent based vulnerability management, policy compliance, ddos resiliency testing, and all modern tools involved in service exploitation
- Vulnerability Management - Knowledge and experience in developing and implementing Vulnerability Management programs, initiatives, and capabilities.
- Threat Intelligence - Experience building threat intelligence programs. Understanding of threat landscape and security intelligence in both the government and commercial space.
- Experience with threat research, threat modeling, and information security threat assessments.
- Ability to lead cybersecurity investigations and inspections to assess risk-validate incidents, breaches.
- Experience hunting threat actors in large enterprise networks.
- Security Testing – Experience in managing Information Security Testing programs, including red team, penetration and vulnerability testing.
- Ability to build a red team and lead activities, manage vulnerability assessments, perform intrusion testing, vulnerability assessments and security scans to ensure efficiency of implemented controls and identify new gaps.
- Third Party Security Assessment Program – Experience implementing and operating an effective program to continually assess third party relationships for the appropriateness of their security controls.
- Expert knowledge of cyber security trends, technologies, and their applicability to the financial industry. Experience with security frameworks such as PCI DSS, ISO 27001/27002, CIS Critical Security Controls, NIST Framework for Improving Critical Infrastructure Security
Designations and Prerequisites:
- A minimum of 7 years of managerial experience in information security
- Masters level education in a related field is required
- Professional designation: CISSP, CISA, CISM, OSCP or OSCE Certification – desired but not required
- Experience in information security in a regulated Financial industry strongly preferred.
- Previous IT development and implementation experience.
At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.
Interested? If you know one of our team members, BEFORE applying, reach out to them and ask them for a referral link to help your application stand out.
Online applications are preferred. Please let us know if you require any accommodations.
Be great. Be you. Believe.
We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.
What happens next?
Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.
Stay in touch!
ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.