Chief Information Security Officer (CISO) - Edmonton

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ5628

Location: Anywhere in Alberta, preference for Calgary or Edmonton

Apply by: Thursday, February 16, 2023

Paygrade: P-OTH

System Title: Leader 11, CISO

# Positions available: 1

Leader Name: Innes Holman, SVP, TSARC

As ATB’s next Chief Information Security Officer (CISO), you will be responsible for advancing the Cybersecurity program while contributing to the advancement of leading edge security technology across the organization. Confidentiality, integrity, and availability of ATB's information assets is of paramount importance to both ATB and our clients/stakeholders who place their trust in us. You will identify, evaluate and recommend effective solutions in alignment with risks; create awareness of cyber security best practices and guidelines across ATB and ensure that these practices are followed and maintained. An understanding of our future focused strategy will be essential.

As a senior leader of the Technology, Security, Architecture, Risk and Cybersecurity (TSCARC) team, you will set and align the vision and direction to inspire and drive continuous improvement by demonstrating a significant depth of technical and security expertise in cyber technology solutions complemented by a deep understanding of client experience impacts and financial services business operations.

Key Responsibilities:

• Providing guidance and leadership with developing, maintaining and updating and operationalizing the information security strategy and roadmap in alignment with ATB’s 2030 strategy. Leading and collaborating across IT domains to implement & maintain security roadmap components.
• Oversee execution of multiple concurrent initiatives annually covering all aspects of the role’s scope. Provide guidance on security alignment to all technology initiatives
• Guide and contribute to the development and refresh of an information security framework, along with the underlying standards, processes and procedures.
• Remaining current with IT Security trends and best practices to ensure the organization’s IT Security strategy is fit for ATB and contemplates readiness for future threats. Evaluating and recommending new information security technologies and counter-measures against threats to information or privacy
• Developing and sustaining alliances with appropriate industry associations to benchmark best practices
• Managing security tooling and use within the organization with a goal of least privilege, cost optimization and simplification. Leveraging technologies to provide layered defense from threat actors (defense in depth). Ensure that disaster recovery and emergency operating procedures for security tooling are in place, tested and improved upon on a regular basis.
• Defining the IT Security requirements for IT projects and IT operations, ensuring alignment to industry best practices in a multimodal enterprise that includes heritage and cloud native systems as well as innovation focused teams. Working with colleagues to design in security at the outset of initiatives.
• Defining policies, standards and guidelines for access management (client and team member) & simplifying access management processes and tools for clients and employees to optimize both security and client experience including privileged access management
• Guide and oversee the formalization and implementation of an application security program within ATB
• Defining processes and recovery protocols for cyber incident preparedness; responding and rehearsing the same and institutionalizing improvements.
• Provide leadership and oversight for the design and implementation of all security incident and vulnerability management processes.
• Providing guidance and assistance to Client Experience and Technology Senior Management and other areas within the organization with regard to addressing IT Security issues
• Assess & approve exceptions with a risk based lens. Collaborate and partner with key stakeholders to determine acceptable levels of risk in compliance with regulatory & security requirements.
• Providing support for regulatory requirements and IT-cyber related audits, as well as coordination of investigations and audit of information security breaches
• Partnering with the fraud team to provide tooling to enable required capabilities & to realize the value of a “Fusion Center” with diverse skills collaborating to protect information assets
• Identifying and rectifying vulnerabilities across all IT domains in a timely manner. This includes monitoring regular patching routines aligned to highest risk items as well as ad hoc patching where needed.
• Implementing and operationalizing solutions to identify and evaluate the health of all of ATB’s technology assets - hardware, operating systems, software, services and data as well as appropriate processes and procedures to test cybersecurity safeguards from unauthorized users both internally and externally on a regular basis
• Undertake periodic security reviews and audits, as required, engaging both internal business partners throughout the organization as well as external resources. Provide a living gap assessment to better manage priorities in lowering risk. Establish guidelines to understand and mitigate potential risks involved in the loss of intangibles (reputation).
• Contribute to the Cyber Risk Management Operating Committee, administer and adhere to the budget allocated for the role’s span of control.

Requirements

• The successful candidate will bring a minimum of 15 years of proven experience and demonstrable success in technology leadership with increasing responsibility. Emphasis on information security, infrastructure services including cloud, portfolio management and business systems.
• 5+ years of experience in information systems security at a senior leadership role.
• Industry recognized IT security designation (CISSP, CRISC or CISM).
• Familiarity with cyber security, SOX, PCI and ISO 27001. Experience with policy compliance tools and control processes.
• Financial industry experience, and Technical background in the financial industry
• Relevant technical knowledge and experience with ITIL processes, Cloud platform technology and IT operations
• A positive and participative leadership style that earns the trust and support of all levels of senior management across the organization is highly valued.
• A strategically oriented individual with superior communication and interpersonal skills and a willingness to roll-up his/her sleeves to achieve agreed upon outcomes.
• Well versed in partnership-oriented matrixed delivery models.

At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.

Interested? If you know one of our team members, BEFORE applying, reach out to them and ask them for a referral link to help your application stand out.

Online applications are preferred. Please let us know if you require any accommodations.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.