VSAG Security Analyst

Listening to Albertans. Going deeper to understand who they are and where they’re going. Translating the complex world of banking and investing into brilliantly simple solutions. Through all this, we believe we can create happiness. This is the ATB way.

Job Number: REQ1496

Location: Anywhere in Alberta

Apply by: Sunday March 7th 2021

Paygrade: J-OTH

# Positions available: 1

Leader Name: Troy Long

The Security Analyst is a complex role within the Vendor Security and Access Management (VSAG) team that acts within 2 distinct areas of the office of the Chief Information Security Officer (CISO). The VSAG Analyst will be the single point of contact for security role activities as well as the initial point of contact for the Vendor Security Assessment Program (VSAP). The VSAG Analyst will be responsible to manage and organize all things Security Role, Workflow Attribute, and Vendor Security Assessments related by ensuring policy, governance and procedures are adhered to.

The VSAG Security Analyst will be responsible to lead and facilitate the following:

• Review vendor security assessments to ensure the vendor is operating within ATB’s cyber security appetite
• Manage ATB suppliers as they move through the stages of the VSAP program, from intake to renewal, including assessment, communication, and reporting
• Perform analysis on vendor data to determine cyber security trends and area’s that may be of concern to ATB
• Act as a cyber risk liaison between CISO and ATB”s risk program
• Provide expertise around 3rd party supplier cyber security trends and assessments of cyber risk
• Work on continually improving ATB’s VSAP program including future enhancements and capabilities.
• Resolve business requirement issues and decisions around security roles and permissions with the SAP environment. This will include adding an existing t-code to an existing security role or assigning an existing security role to an SAP Position.
• Resolve business requirement issues and decisions around security roles and permissions with Non SAP Applications.
• Assign Workflow attributes, Wire Transits, Payment Engine nodes and PCO Worklist access – assigning workflow attributes to the appropriate SAP Positions within each Org Unit.
• End to end process for the creation of New Security Roles. This will include collecting and Analyzing Security requirements provided by their respective Line of Business. Review gathered requirements with IT Support Teams (ie. BaS, PE, CRM) to ensure no security risks are present. The requirements will be submitted via SNOW, once prioritized submitted to IT Security to develop the role. The VSAG Analyst must ensure Segregation of Duties are not compromised during this process. Once the new security role is created, ensure the new security role is properly tested, deployed into production and assigned to the appropriate SAP Security Position numbers.
• Ensure that whenever a change is initiated that clear SOD (Segregation of Duties) are adhered to, by using the current control mechanisms
• Ensure that all documentation is complete and any necessary updates to supporting documentations/applications maintained are followed through, as a result of new security roles and/or changes to existing roles and workflows.
• Ensure testing of any change is planned and executed and ultimately appeases the business requirements.
• The single point of contact for the business with respect to SAP Security Role change activities. Instrumental in organizing, managing and a liaison with Subject Matter Experts within each LoB/SSU to compile and coordinate all activities related to SAP Security.
• Coordinate monthly reporting, SoD reporting, quarterly role access audits and semi annual work flow attribute audits and any other access audits as required.
• Providing support to the following end-to-end process activities:
• Providing recommendations to improve the access management experience to bring efficiencies, effectiveness and agility
• Be a valued partner to the Enterprise Process Ownership group to ensure alignment of risk and controls for SOD and providing end-to-end views to the organization for SOD
• Support First Line Risk Manage in design or changes to processes for technical segregation of duties considerations.
• Many many more exciting challenges will keep you engaged and the work new and fresh!

Requirements

The informal requirements (This is the important stuff!):

The VSAG analyst is part of a closely aligned team that is accountable for two very important programs at ATB:

A must for this role is to be customer obsessed given the principles of our team:

1. Access Governance

VSAG Principles - A principle is a proposition or value that is a guide for behavior or evaluation. In law, it is a rule that has to be or usually is to be followed, or can be desirably followed, or is an inevitable consequence of something.

1 - Timeliness

• Access day 1
• Accurate
• Transparency
• Reduced/limited exceptions (i.e none)
• Measured
• Pro-activeness
• No need for rush requests as the process ensures we move at pace

2 - Access required to do the job, no more, no less

• Individual vs entity (group based continuum)

3- Final accountability

• Don’t pass the buck
• Collaboration hub of decisions
• First line of defense

The why:

Because customers matter and the experience on how we deliver that is our accountability.

2. Vendor Security Assessment Program

VSAP Principles - A principle is a proposition or value that is a guide for behavior or evaluation. In law, it is a rule that has to be or usually is to be followed, or can be desirably followed, or is an inevitable consequence of something.

1 - Timeliness

• Vendor Security Assessments meet or exceed the customer expectation to move at the pace of business
• Accurate
• Transparency
• Reduced/limited exceptions (i.e none)
• Measured
• Proactiveness
• No need for rush requests as the process ensures we move at pace

2 - Vendor is within ATB's cyber risk appetite of Low

• Automated scoring decisions allow us to focus on vendors outside our tolerance levels

3- Final accountability

• Don’t pass the buck
• Collaboration online portal for decisions
• First line of defense

The why:

Because customers matter and the experience on how we deliver that is our accountability.

The stuff from the formal job description:

• Relevant experience or graduate/undergraduate degree in business, management, information technology, access management etc.
• 5 to 7 year’s progressive experience in the financial sector with a strong background in SoD concerns with respect to business and applications.
• Broad knowledge or understanding of ATB’s business, structure and organization as well as knowledge in ATB’s policies, procedures and processes.
• Understanding of SAP Security Roles/Workflow or technical or configuration overview of SAP
• CISSP or equivalent would be an asset.
• Strong communicator with the ability to understand, interpret and translate business requirements.
• Strong analytical thinking skills with project and change management acumen.
• Excellent facilitation and listening skills.

The Good Stuff (Here is why you want to be a part of our team):

• 6 of the funnest people ever
• We are all in this together and we support one another
• Our division leader is swell
• We can and do make a difference to our customers
• We are diverse, inclusive, and will welcome your unique thoughts and opinions so that we can all grow together
• Kevin, James, Lisa, Marie, and Ranti are all awesome so your awesomeness will fit right in
• Technical innovation - If you have or want to have the ability to do cool technical stuff, having an understanding of development techniques, using different tools such as Google, GRC, ServiceNow, and new ones we haven't even discovered yet, then we want you!
• We are serious and committed but we know our audience and know how to approach a situation with the appropriate lens
• Did I mention we are 6 of the funnest people ever!

If this sounds like something you would be interested in, we can't wait to meet and discuss it with you, thank you for considering applying your skills and personality to our team.

At ATB, we know that highly talented people can readily transfer their skills. If you believe your skills and experience are transferable, please consider putting your name in the running.

Online applications are preferred.

Benefits

Purpose. Growth. Advancement. Fun. Rewards… learn about our perks and benefits.

A little about ATB:

We are Alberta’s largest, home grown financial institution and for the last 80+ years, we’ve transformed people’s understanding of what banking can–and should–make possible. Today, 5,500+ ATB team members embrace a growth mindset in order to help bring ATB’s story to life, delivering happiness to our customers and team members alike. It’s why we’re also a highly sought after, award-winning employer. The best part is, we’re just getting started. Join us, and create happiness.

What happens next?

If you make the shortlist for this role, you will hear from us within 10 business days of the posting close date. We will also keep your application on file for future roles that you may wish to consider.

We are also an equal opportunity employer. Find out more about what to expect when applying.

If your application is shortlisted, we might ask you to participate in a digital interview.

Stay in touch!

ATB is happy to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.