Managing Director, Security Operations and Threat Assurance

Calgary, Alberta, Canada

ATB Financial

Big life events can trigger big banking changes. Whether you’re starting university or planning your retirement, we’ve made it easy to find the accounts and resources you need.

View company page

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ4224
Location: Calgary, AB
Apply by: June 28th, 2022
Paygrade: O-OTH
# Positions available: 1
Leader Name: CISO

The Managing Director, Security Operations and Threat Assurance significantly contributes to setting ATB’s Cybersecurity Strategy and direction to inspire and drive continuous improvement of operational security controls, as well as proactive threat intelligence and assessment to evaluate and protect against current and future cybersecurity threats throughout the enterprise. The role will have to stand up and manage a mixed team of staff and vendor partners with a view to ATB retaining strong control over direction and execution of work, while getting great efficiency and value as well as interacting with ATB businesses to coordinate work and ensure their needs are met.

As ATB's next Managing Director, Security Operations and Threat Assurance, you will be a senior leader who bears responsibility on behalf of the organization to lead teams responsible for the operations of critical cybersecurity controls, and technical assessment and assurance of cybersecurity risks in products and technical solutions. The position will also drive thought leadership for Cyber Security Operational and Threat Hunting accountabilities on behalf of the CISO organization. The associated accountabilities include:

  • Oversee critical cybersecurity areas including Security Operations, Security incident response, Data Loss Prevention, Security monitoring and threat intelligence, Security Assurance validation, and Security Champions programs.
  • Focus on the technical design and delivery of preventive and detective controls adhering to Cyber Security policies and processes to secure ATB systems and data against cybersecurity threats. Contribute to and implement security controls and practices that align with security architecture principles & technical standards.
  • Lead the Security Operations team to implement, operate, and monitor security controls aligned to our security strategy with a strong focus on scalable and automatable cloud based security controls. Monitor and continuously improve SIEM operations.
  • Lead the Security Assurance and Threat Intelligence team to drive high quality, objective technical assessments and remediations of current and future cybersecurity threats to critical systems and applications and advise team on prioritized remediations.
  • Plan, Prepare and Execute validation activities to ensure new projects and operational systems adhere to Information Security policies and processes with a focus on reporting, tracking, communication and coaching to resolve identified issues.
  • Mentor, coach and lead other team members that fall under the direct accountability of the role.
  • Prepare and track all fiscal budgetary accountabilities that fall under the direct accountability of the role.
  • Represent CISO in select Steering Committees, RFP Creation and evaluation teams and Working committees in this domain.

Primary Responsibilities

  • Drive a leading security assurance and threat intelligence team focused on continuous improvement and red team challenge techniques
  • Deliver operational security controls complying with agreed operating level agreements for timeliness and responsiveness while continuing to focus on reducing cybersecurity risk in alignment to the NIST cybersecurity framework. Define cybersecurity operational controls and practices, lead the creation (and assure the ongoing relevance) of the firm’s security operations and threat intelligence roadmap in collaboration with various technical and business stakeholders as well as architecture.
  • Accommodate sometimes conflicting requirements and constraints from diverse stakeholders, such as line-of-business users, peers, Network and Security architects, analysts, and administrators. Collaborate with technical colleagues, client experience team members, and business stakeholders on self-service frameworks to embed security focused solutions and security driven culture. Analyze, shape and prioritize stakeholder requirements to ensure they are implemented within initiative, functional, non-functional and environmental requirements and constraints. Ensure roadmaps are implemented in both Security Operations platforms, and Security assurance platforms. Identify value opportunities for ATB and ATB clients; shapes agenda and priorities in collaboration with clients.
  • Direct and assist as necessary, investigations into information security breaches while liaising with the Legal, Risk and Privacy teams as well as the involved teams and leaders ensuring root-causes of such breaches are understood and addressed.
  • Promote a strong cybersecurity culture across the organization through the evolution of the employee Security champions program. Promote a strong cybersecurity culture across the organization and develop Security teams that support a highly effective security focused mindset current with modern cloud security technologies
  • Represent CISO in a variety of governance forums such as Project Steering Committees, Architecture Review boards, Design and Decision boards, RFP creation and evaluation teams, Leadership Strategy teams, vendor oversight teams to ensure the needs and objectives of the cybersecurity team are met & security requirements are translated into vernacular the teams’ understand and are able to adopt..
  • Collaboration:
    • Work closely with procurement teams to review and support contract and MSA negotiations as it relates to Security vendors and suppliers & follow the Technology Assessment Process (TAP) on any new software or services requirements.
    • Work with finance teams, program managers and CISO to ensure fiscal budgetary items are defined annually, tracked and managed appropriately.
    • Establish relationships with vendor partners to ensure strong delivery, innovation and ongoing improvement in receiving high value services.
    • Interact with ATB businesses along with TIE business partners to coordinate work and ensure their needs are met.
    • Work with CISO Leadership team to develop and manage a team of cybersecurity professionals and strategize on team structure on behalf of the Security Operations team and Cyber Security Assurance team.
    • Work closely with peers to align team efforts toward common strategy objectives.
    • Work with other Technology and Customer experience team members and TIE peers to increase understanding and adoption of effective Security processes and controls to ensure we are best able to protect the organizations and customers assets.
    • Ensure strong collaboration with Architecture teams in support of developing cybersecurity.

Management and Operational Accountabilities

The role has a moderate level of complexity. The individual will interact with other leaders within the AOE’s SSU’s, and TIE, as well as external service partners. The MD of Security Operations and Threat Assurance contributes to supporting ATB’s strategic direction to inspire and drive continuous improvement of operational security controls, as well as proactive threat intelligence and assessment to evaluate and protect against current and future cybersecurity threats throughout the enterprise.

  • The role will have to stand up and manage a mixed team of staff and vendor partners with a view to ATB retaining strong control over direction and execution of work, while gaining efficiency and value from vendor partners.
  • Develop, manage, allocate and govern the Security Operations and Threat Assurance teams to constantly improve the organization’s capacity to address cybersecurity threats, vulnerabilities and remediation efforts for all ATB environments - on premise and cloud.
  • Oversee Security Incident management monitoring and processes to support effective Security breach investigations and resolution.
  • Work with other CISO Leadership team members to establish baseline accountabilities, objectives and responsibilities on behalf of the CISO office.
  • Maintain an effective and objective separation of accountabilities in directing “Red Team” Threat Assurance activities and “Blue Team” Security Operations responsibilities.
  • Define job roles, recruit candidates, and then manage (directly or indirectly) a team of cybersecurity operations and security development and threat assurance professionals assigned to cross guild initiatives across ATB and risk initiatives within TIE.
  • Collaborate regularly with peers in Architecture to design and develop security controls, as well as peers across other technology and business groups.
  • Lead the development, publishing and maintenance of the organization’s security operations plan, as well as a roadmap for its future development, ensuring that it matches and supports business needs and risks and is in alignment with architecture direction.
  • Oversee the organization’s data loss prevention strategy and operations in collaboration with Data Governance.
  • Develop and communicate organizational objectives; inspire and motivate team members to achieve results.
  • Build organizational talent by creating a learning environment that ensures employees realize their highest potential.
  • Actively work to streamline processes with the goal of effective and scalable delivery to the customer while balancing enterprise cybersecurity risk management objectives.
  • Manage and steward budget for this team.

Requirements

Education

  • A bachelor’s or master’s degree in science, computer science, engineering or related field, or equivalent work experience. Academic qualification or professional training or experience in legal and regulatory areas are also desirable.

Experience

  • Fifteen or more years of IT experience in cybersecurity or risk management — recently at or near the director/managing director level.
  • Demonstrate significant depth of technical, business and financial expertise in technology solutions, as well as deep understanding of security operations, and related cybersecurity threat intelligence and red teaming within the financial services industry.
  • Financial services industry experience preferred. Broad business experience is desired.
  • Strong cloud security experience required along with cloud security control knowledge and experience. Google Cloud security experience preferred.
  • CISSP, OSCE, CISM or industry relevant certifications.
  • Experience in recruiting and developing leading cyber operations and/or threat intelligence teams with demonstrable results.
  • Five or more years of progressive leadership experience in leading cross-functional teams and enterprise wide programs, operating and influencing effectively across the organization.
  • Experience in integrating complex, cross-corporate processes and information strategies.
  • Strategy and management consulting experience desirable.

Knowledge/Skills

  • Excellent business acumen and interpersonal skills; able to work across business lines at a senior level to influence and effect change to achieve common goals.
  • Demonstrated leadership; proven track record of leading complex, multidisciplinary talent teams in new endeavors and delivering solutions.
  • Proven Computing and Security literacy — The ability to not only understand but the ability to describe business use cases/outcomes, management concepts, and analytical approaches/options to differing Peer groups. The ability to effectively translate IT and Security concepts to executives, business, and IT stakeholders.
  • Information security and risk strategy experience — Experience in strategic technology planning and execution, and policy development and maintenance.
  • Analytical skills — Outstanding analytical and problem-solving abilities.
  • Familiarity with business information generation and analysis methods. Demonstrates deep domain expertise in emerging developments in tech including hardware, software, and the architectural domains of predictive analytics, natural language conversation, vision and intelligent automation.
  • Ability to effectively drive business, culture and technology change in a dynamic and complex operating environment. Proven ability to deliver results and drive change in the organization.
  • Excellent oral and written communication skills, including the ability to explain cybersecurity concepts and technologies to business leaders, and business concepts to technologists. The candidate should be able to “sell” ideas and processes internally at all levels, including the senior executives. Experience in presentation of cyber security topics to a variety of audiences from senior executives to front line staff.
  • Proven record of effective leadership, including the ability to balance team and individual responsibilities, build teams and consensus, get things done through others not directly under his/her supervision, and work ethically and with integrity.
  • Demonstrated knowledge of Banking/Fintech business processes as it relates to defining and addressing security based risks, standards, processes and regulatory compliance requirements.
  • Demonstrated knowledge of the following: cybersecurity threat intelligence, penetration testing and offensive security methodologies and practices in a complex organizational environment. Possess deep technical expertise in cybersecurity operations and penetration testing methodologies, with the ability to apply acumen to ATB’s baseline current state landscape and to inform and shape target state operating models, vulnerability management programs, threat intelligence gathering, and architectural design.
  • Broad experience desired, but not essential, in multiple competency areas of security platform and program delivery. Some examples are: Security Operations Center (SOC), SIEM integration, Security incident response teams, Cloud Security architecture and principles, data Loss prevention (DLP) implementation, data security and privacy, fIrewall and VPN platforms, end-point protection, vulnerability management platforms, and code scanning tooling.
  • Sought after for cybersecurity expertise or capabilities. Seen as a valuable resource to senior leaders. Can perform skills on any project, tackle complex issues on the topic, teach others, and write articles.

At ATB, we know that highly talented people can readily transfer their skills. If you believe your skills and experience are transferable, please consider putting your name in the running.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

All ATB Financial team members are required to disclose their vaccination status and provide proof of vaccination as a condition of employment to help support client and team member safety.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.

Tags: Analytics Automation Banking Blue team CISM CISSP Cloud Compliance Computer Science Finance FinTech Firewalls GCP Governance Incident response Monitoring NIST Offensive security OSCE Pentesting Privacy Red team Risk management Security strategy SIEM Strategy Threat intelligence VPN Vulnerabilities Vulnerability management

Perks/benefits: Career development Startup environment Team events Wellness

Region: North America
Country: Canada
Job stats:  6  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.