Director, Application Security - Vancouver

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ4567
Location: Remote
Apply by: August 24th, 2022
Paygrade: N-OTH
# Positions available: 1
Leader: SVP and CISO

As ATB’s next Director of Application Security, you will be a leader who bears responsibility on behalf of the organization to lead teams responsible for the design and operation of critical cybersecurity controls and strategy to protect ATBs applications which include SAP and a suite of other SaaS and internal applications that are integral to ATB’s operations. The position will also drive thought leadership for Application cybersecurity controls on behalf of the CISO organization through effective collaboration with peers within the team and with ATB lines of business.

Accountabilities:

• The oversight of Application Security control design, operations and strategy.
• Focus on the technical design and delivery of preventive and detective controls adhering to Cyber Security policies and processes to secure ATBs Applications and data against cybersecurity threats. Contribute to and implement application security controls and practices that align with security architecture principles & technical standards.
• Lead the Application Security team to design, implement, operate, and monitor application security controls aligned to our security strategy with a strong focus on scalable and automatable cloud based security controls. Monitor and continuously improve application security operations.
• Oversee the inventory of SaaS applications requiring security control operations, and partner with existing application owners to ensure security requirements for application are understood with accountabilities.
• Plan, Prepare and Execute validation activities to ensure new projects and operational systems adhere to Information Security policies and processes with a focus on reporting, tracking, communication and coaching to resolve identified issues.
• Mentor, coach and lead other team members that fall under the direct accountability of the role.
• Prepare and track all fiscal budgetary accountabilities that fall under the direct accountability of the role.
• Represent CISO in select Steering Committees, RFP Creation and evaluation teams and Working committees in this domain.

Primary Responsibilities

• Drive a leading application security team focused on continuous improvement and proactive security controls.
• Support a strategic patching strategy in conjunction with technology and business teams for ATB’s SAP environment.
• Deliver operational security controls complying with agreed operating level agreements for timeliness and responsiveness and maintenance strategies while continuing to focus on reducing cybersecurity risk in alignment to the NIST cybersecurity framework and meeting existing compliance requirements such as ICOFR controls.
• Define cybersecurity operational controls and practices, lead the creation (and assure the ongoing relevance) of ATB’s application security roadmap in collaboration with various technical and business stakeholders as well as architecture. Collaborate with Identity and Access Management teams and Access Governance to ensure that Least Privileged Access models are in place for application access.
• Accommodate sometimes conflicting requirements and constraints from diverse stakeholders, such as application owners, line-of-business users, peers, security architects, and administrators. Collaborate with technical colleagues, client experience team members, and business stakeholders where. Analyze, shape and prioritize stakeholder requirements to ensure they are implemented within initiative, functional, non-functional and environmental requirements and constraints.
• Identify value opportunities for ATB and ATB clients; shapes agenda and priorities in collaboration with clients.
• Represent CISO in a variety of governance forums such as Project Steering Committees, Architecture Review boards, Design and Decision boards, RFP creation and evaluation teams, Leadership Strategy teams, vendor oversight teams to ensure the needs and objectives of the organization’s cybersecurity strategy are met & security requirements.

Collaboration

• Work closely with procurement teams to review and support contract and MSA negotiations as it relates to new Saas being investigated by organization, Security vendors and suppliers & follow the Technology Assessment Process (TAP) on any new software or services requirements. Ensure that application security models are designed in conjunction with new application assessments.
• Work with finance teams, program managers and CISO to ensure fiscal budgetary items are defined annually, tracked and managed appropriately.
• Establish relationships with vendor partners to ensure strong delivery, innovation and ongoing improvement in receiving high value services.
• Interact with ATB businesses along with technology business partners to coordinate work and ensure their needs are met.
• Work with CISO Leadership team to develop and manage a team of application security professionals and strategize on team structure to achieve organization security objectives.
• Work closely with peers to align team efforts toward common strategy objectives.
• Work with other Technology and Customer experience team members and peers to increase understanding and adoption of effective Application Security processes and controls to ensure we are best able to protect the organization’s and customer assets.
• Ensure strong collaboration with Architecture, Customer Experience, and Technology teams in support of developing application security roadmaps for supporting organizational application timelines.

Management and Operational Accountabilities

• Stand up and manage a mixed team of staff and vendor partners with a view to ATB retaining strong control over direction and execution of work, while gaining efficiency and value from vendor partners.
• Develop, manage, and govern the Application Security team to constantly improve the organization’s capacity to address cybersecurity threats, vulnerabilities and remediation efforts for key applications - on premise and cloud.
• Work with other CISO Leadership team members to establish baseline application security accountabilities, objectives, key metrics and responsibilities on behalf of the CISO office.
• Define job roles, recruit candidates, and then manage (directly or indirectly) a team of application security professionals assigned to cross guild initiatives across ATB and risk initiatives within our Technology organization.
• Collaborate regularly with peers in Architecture to design and develop application security controls and security roadmaps, as well as peers across other technology and business groups.
• Lead the development, publishing and maintenance of the organization’s application security plan, as well as a roadmap for its future development, ensuring that it matches and supports business needs and risks and is in alignment with security best practices.
• Collaborate with peers in Data and AI, Engineering and Cybersecurity to support the organization’s data loss prevention strategy and operations within key applications.
• Develop and communicate organizational objectives; inspire and motivate team members to achieve results.
• Build organizational talent by creating a learning environment that ensures employees realize their highest potential.
• Actively work to streamline processes with the goal of effective and scalable delivery to the customer while balancing enterprise cybersecurity risk management objectives.
• Manage and steward the budget for this team.

Requirements

• A bachelor’s or master’s degree in science, computer science, engineering or related field, or equivalent work experience. Academic qualification or professional training or experience in legal and regulatory areas are also desirable.
• Seven or more years of IT experience in cybersecurity application security or application development — recently at or near the director level.
• Demonstrate significant depth of technical, business and financial expertise in technology application security solutions, as well as deep understanding of application security operations and design, within the financial services industry.
• Financial services industry experience preferred. Broad business experience is desired.
• Strong cloud and SaaS application security experience required along with cloud security control design knowledge and experience. Google Cloud and Salesforce security experience preferred.
• CISSP, OSCE, CISM or industry relevant certifications are highly desirable.
• Experience in recruiting, developing and leading application security teams with demonstrable results.
• Five or more years of progressive leadership experience in leading cross-functional teams and enterprise wide programs, operating and influencing effectively across the organization.
• Experience in integrating complex, cross-corporate processes and information strategies.
• Strategy and management consulting experience desirable.

• Excellent business acumen and interpersonal skills; able to work across business lines at a senior level to influence and effect change to achieve common goals.
• Demonstrated leadership; proven track record of leading complex, multidisciplinary talent teams in new endeavors and delivering solutions.
• Proven Computing and Security literacy — The ability to not only understand but the ability to describe business use cases/outcomes, management concepts, and analytical approaches/options to differing Peer groups. The ability to effectively translate IT and Security concepts to executives, business, and IT stakeholders.
• Information security and risk strategy experience — Experience in strategic technology planning and execution, and policy development and maintenance.
• Analytical skills — Outstanding analytical and problem-solving abilities.
• Familiarity with business information generation and analysis methods. Demonstrates deep domain expertise in emerging developments in tech including hardware, software, and the architectural domains of predictive analytics, natural language conversation, vision and intelligent automation.
• Ability to effectively drive business, culture and technology change in a dynamic and complex operating environment. Proven ability to deliver results and drive change in the organization.
• Excellent oral and written communication skills, including the ability to explain cybersecurity concepts and technologies to business leaders, and business concepts to technologists. You should be able to “sell” ideas and processes internally at all levels, including the senior executives. Experience in presentation of cyber security topics to a variety of audiences from senior executives to front line staff.
• Proven record of effective leadership, including the ability to balance team and individual responsibilities, build teams and consensus, get things done through others not directly under his/her supervision, and work ethically and with integrity.
• Demonstrated knowledge of Banking/Fintech business processes as it relates to defining and addressing security based risks, standards, processes and regulatory compliance requirements.
• Advanced knowledge of SAP and Saas security control model design and operation.
• Demonstrated knowledge of the following: application development and security methodologies and practices in a complex organizational environment. Possess deep technical expertise in application security, with the ability to apply acumen to ATB’s baseline current state landscape and to inform and shape target state operating models, and architectural design.
• Broad experience desired, but not essential, in multiple competency areas of application security platform and program delivery. Some examples are: SAP, Salesforce, Google, Box, API integration, and code scanning tooling.
• Sought after for cybersecurity application security design expertise or capabilities. Seen as a valuable resource to senior leaders. Can provide application security design advice and best practice perspective on any project, tackle complex issues on the topic, teach others, and write articles

At ATB, we know that highly talented people can readily transfer their skills. If you believe your skills and experience are transferable, please consider putting your name in the running.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.