Director of Cyber Security and Security Assurance
Calgary, Alberta, Canada - Remote
ATB FinancialBig life events can trigger big banking changes. Whether you’re starting university or planning your retirement, we’ve made it easy to find the accounts and resources you need.
Our bottom line is different.
There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.
Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.
Job Number: REQ4827
Location: Anywhere in Canada, preference for Alberta #LI-Remote
Apply by: Sunday, October 9, 2022
System Title: Director, Cybersecurity and Security Assurance
# Positions available: 1
Leader Name: Wade Fasek
As ATB’s next Director of Cyber Security and Security Assurance, you will be part of the leadership team for the office of the CISO. You will be responsible for implementation and maintenance of ATB’s cybersecurity posture, validating protections in place, and looking forward for emerging threats. This is achieved through leading a talented team of Security Analysts as well as direct support for ATB’s CISO.
The purpose of this position is to deliver and manage a team to:
- Focus on the delivery of Cyber Security policies and processes to secure ATB systems and data against threats
- Plan, Prepare and Execute validation activities to ensure new projects and operational systems technically adhere to Information Security policies and processes with a focus on reporting, tracking and closing identified issues.
- Assess and Deliver vulnerability and penetration test efforts on projects and operational systems at ATB
- Research, Analyze and Deliver reports on emerging threats and future cyber risks
You will find success in your ability to:
- Provide leadership, coaching and direction to a team of security professionals in the delivery of security services that have organizational wide impacts.
- Continuously review processes and practices to meet objectives in a fast paced environment.
- Participate and provide leadership in the Security Response Team for all Cybersecurity incidents
- Lead Red Team testing of systems with comprehensive reports of findings and remediation guidance for business stakeholders
- Proactively anticipate and model threats and threat actor scenarios
- Develop strategic guidance for business stakeholders on emerging cyber threats
- Developing and maintaining the access control rules for systems, databases, networks and application; providing controlled access in accordance with owner-defined information access requirements
- Actively participate in the application development/acquisition process to ensure security requirements are considered at all phases of application development/acquisition process - from definition of user requirements, through application design, construction/purchase, testing, production use of the system, and application retirement
- Ensuring communication of expectations and verification of delivery of services.
As the Ideal Candidate, you possess:
- Leadership – History of leading teams of security or IT staff members and/or Managed service contracts.
- Strong management and administration skills, with a demonstrated ability to lead change and solve problems.
- Excellent communication and relationship-building skills, with a demonstrated ability to work effectively within both the business and technical arenas.
- Well-developed analytical skills accompanied by proven decision-making experience.
- Demonstrated aptitude for continuous learning and innovative thinking.
- Excellent verbal and written communication skills, including polished presentation skills with the ability to deliver technical issues to both technical and non-technical audiences in a clear and understandable manner.
- Strong leadership skills with the ability to lead assignments/teams and mentor others.
- System Administration – experience as sysadmin for Unix or Unix+Windows in large environments, including familiarity with local/OS/software firewalls including Windows Firewall, iptables, IPF, PF, or similar.
- Familiar with all aspects of operating system and application logging, including centralized logging, Syslog, web logs, process auditing, and file integrity monitoring.
- DBA – Familiar with two of: Oracle, MySQL, MS SQL Server, PostgreSQL, SAP, DB2 in the context of transaction/audit logs, end-to-end security between servers as well as Clients & Servers, DB & Table Access Permissions, DRP (backups/restores/redundancy), SQL injection, query performance tuning.
- Networking – Familiar with OSI Layer 3-7, cloud services VPCs, VLANS, private VLANS, secure VLANS, trunking, switching, routing, firewalls, reject/deny vs. drop, reverse tunnels, and solicited vs. unsolicited ingress & egress.
- Penetration Testing – Familiar with PCI compliance, WebApp Pentesting, network scanning vs. agent based vulnerability management, policy compliance, ddos resiliency testing, and all modern tools involved in service exploitation
- Vulnerability Management - Knowledge and experience in developing and implementing Vulnerability Management programs, initiatives, and capabilities.
- Threat Intelligence - Experience building threat intelligence programs. Understanding of threat landscape and security intelligence in both the government and commercial space.
- Experience with threat research, threat modeling, and information security threat assessments.
- Ability to lead cybersecurity investigations and inspections to assess risk-validate incidents, breaches.
- Experience hunting threat actors in large enterprise networks.
- Security Testing – Experience in managing Information Security Testing programs, including red team, penetration and vulnerability testing.
- Ability to build a red team and lead activities, manage vulnerability assessments, perform intrusion testing, vulnerability assessments and security scans to ensure efficiency of implemented controls and identify new gaps.
- Third Party Security Assessment Program – Experience implementing and operating an effective program to continually assess third party relationships for the appropriateness of their security controls.
- Expert knowledge of cyber security trends, technologies, and their applicability to the financial industry. Experience with security frameworks such as PCI DSS, ISO 27001/27002, CIS Critical Security Controls, NIST Framework for Improving Critical Infrastructure Security
Designations and Prerequisites:
- A minimum of 7 years of managerial experience in information security
- Masters level education in a related field is required
- Professional designation: CISSP, CISA, CISM, OSCP or OSCE Certification – desired but not required
- Experience in information security in a regulated Financial industry strongly preferred.
- Previous IT development and implementation experience.
At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.
Interested? If you know one of our team members, BEFORE applying, reach out to them and ask them for a referral link to help your application stand out.
Online applications are preferred. Please let us know if you require any accommodations.
Be great. Be you. Believe.
We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.
What happens next?
Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.
Stay in touch!
Other jobs like this
Explore more Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Senior Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Security Consultant jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open SOC Analyst jobs
- Open Lead Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Senior Security Analyst jobs
- Open Application Security Engineer/Architect jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Product Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Network Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Network security-related jobs
- Open Clearance-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open Threat intelligence-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open CISA-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open SQL-related jobs
- Open DevSecOps-related jobs
- Open Security assessment-related jobs
- Open Splunk-related jobs
- Open PowerShell-related jobs
- Open OWASP-related jobs