Security Compliance Analyst

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ5015

Location: Anywhere in Alberta, preference for Edmonton or Calgary #LI_Remote

Apply by: Monday, November 6, 2022

Paygrade: K/L-OTH

System Title: Security Analyst 6/7

# Positions available: 1

Leader Name: Edmond Kwan

As ATB’s next Security Compliance Analyst, you will be responsible for assessing, mitigating, reporting, and preventing security risk. You will need to collaborate with other teams within the Cyber Security Group and also various Technology Operation and Architecture peers to address security related risks.

The successful candidate will be responsible for delivering a wide portfolio of internal and external services. We are looking for a candidate with knowledge and expertise in security practice, regulations in high growth technology environments. Your experience with financial institutions within Governance, Risk and Compliance areas in Cyber Risk domains are critical to your success in this role.

In This Role, You Can Expect To

• Provide expertise to support PCI Compliance Program, NIST and OSFI framework
• Contribute to the journey of PCI compliance and assess the current state of gaps
• Identify CDE (CardHolder Data Environment) and reduce PCI scope as necessary
• Participate in PCI initiatives, for example data tokenization project to support PCI Compliance
• Support daily vulnerability and patching management process to secure the technology platform
• Grow the security, risk and compliance governance framework (including third parties) in line with business needs
• Execute control testing and risk assessments
• Coordinate the remediation of control deficiencies identified and the reporting of risk associated
• Support internal audits and follow through action items mitigating risk
• Act as technical writer to maintain the currency of our security policies and standards that align with business and industrial best practice
• Work with concerned stakeholders to make improvements on our metrics (KRI/KPI’s) and track compliance programs maturity and performance
• Work with responsible teams to support our Vendor Security Assessment Program
• Evaluate new and evolving security and compliance requirements

Requirements

Education

• A bachelor’s degree or equivalent in science, computer science, cybersecurity, engineering or related field, or equivalent work experience. Academic qualification or professional training or experience in governance, risk and compliance areas are also desirable.

Experience

• Five or more years in Cybersecurity or Risk Management with proven experience in Vulnerability Management and Patch Management
• Solid experience in PCI Compliance Program in financial institutes
• Demonstrate significant depth of technical knowledge in technology solutions, as well as deep understanding of security compliance, and related cybersecurity risk within the financial services industry.
• Cloud security and governance experience required. Google Cloud Platform (GCP) experience preferred.
• Experience in developing, maintaining and reporting security metrics (KRI/KPI) that align with organization’s risk appetite and risk statements
• Strategy and management consulting experience an advantage.

Knowledge/Skills

• Hold one or more industry security certifications like CISSP, CISA, CISM, PCI ISA, ISO 27001
• Strong technical knowledge on security scanning tools like Qualys and Veracode
• Passion for Cybersecurity and continually learning new attack vectors, new threats, and security framework expertise.
• Familiarity with the Payment Card Industry Data Security Standard (PCI-DSS) and NIST Framework
• Knowledge or experience dealing with regulators like FINTRAC, OSFI, SWIFT and INTERAC addressing security based risks, standards, processes and regulatory compliance requirements.
• Sound knowledge in multiple competency areas of security platform and program delivery. Some examples are: Security Operations Center (SOC), SIEM integration, Security incident response teams, Cloud Security Governance and principles, Data Loss Prevention (DLP) implementation, Data Security and Privacy Compliance, fIrewall and VPN platforms, End-point protection, Identity and Access Management (IAM), Vulnerability Management platforms, Patch Management process, and Code Scanning tooling.
• Demonstrated knowledge of the following: cybersecurity risk and control assessment, penetration testing, security methodologies and practices in a complex organizational environment.
• Strong interpersonal skills with an impressive history of forging strong relationships with multiple stakeholders and relating well to people of all backgrounds and at all levels.
• Excellent business acumen and interpersonal skills; able to work across business lines at a senior level to influence and effect change to achieve common goals.
• You have a willingness to learn about different protocols and technologies
• Writing/editing technical documentation such as security standards, policies and procedures

At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.

Interested? If you know one of our team members, BEFORE applying, reach out to them and ask them for a referral link to help your application stand out.

Online applications are preferred. Please let us know if you require any accommodations.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.