Director, Cybersecurity and Security Assurance - Edmonton

Remote - Edmonton, Alberta, Canada

ATB Financial

Big life events can trigger big banking changes. Whether you’re starting university or planning your retirement, we’ve made it easy to find the accounts and resources you need.

View company page

Our bottom line is different.

There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.

Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number: REQ3044
Location: Remote - Alberta Preferred
Apply by: January 10th, 2021
Paygrade: N - OTH
# Positions available: 1
Leader Name: Glenn Joiner

As ATB’s next Director of Cybersecurity and Security Assurance, you will be part of the leadership team for the office of the CISO. You will be responsible for implementation and maintenance of ATB’s cybersecurity posture, validating protections in place, and looking forward for emerging threats. This is achieved through leading a talented team of Security Analysts as well as direct support for ATB’s CISO.

The purpose of this position is to deliver and manage a team to:

  • Focus on the delivery of Cybersecurity policies and processes to secure ATB systems and data against threats
  • Plan, Prepare and Execute validation activities to ensure new projects and operational systems technically adhere to Information Security policies and processes with a focus on reporting, tracking and closing identified issues.
  • Assess and Deliver vulnerability and penetration test efforts on projects and operational systems at ATB
  • Research, Analyze and Deliver reports on emerging threats and future cyber risks

You will find success in your ability to:

  • Provide leadership, coaching and direction to a team of security professionals in the delivery of security services that have organizational wide impacts.
  • Continuously review processes and practices to meet objectives in a fast paced environment.
  • Participate and provide leadership in the Security Response Team for all Cybersecurity incidents.
  • Lead Red Team testing of systems with comprehensive reports of findings and remediation guidance for business stakeholders.
  • Proactively anticipate and model threats and threat actor scenarios.
  • Develop strategic guidance for business stakeholders on emerging cyber threats.
  • Developing and maintaining the access control rules for systems, databases, networks and application; providing controlled access in accordance with owner-defined information access requirements.
  • Actively participate in the application development/acquisition process to ensure security requirements are considered at all phases of application development/acquisition process - from definition of user requirements, through application design, construction/purchase, testing, production use of the system, and application retirement.
  • Ensuring communication of expectations and verification of delivery of services.

As the Ideal Candidate, you possess:

  • Leadership – History of leading teams of security or IT staff members and/or Managed service contracts.
  • Strong management and administration skills, with a demonstrated ability to lead change and solve problems.
  • Excellent communication and relationship-building skills, with a demonstrated ability to work effectively within both the business and technical arenas.
  • Well-developed analytical skills accompanied by proven decision-making experience.
  • Demonstrated aptitude for continuous learning and innovative thinking.
  • Excellent verbal and written communication skills, including polished presentation skills with the ability to deliver technical issues to both technical and non-technical audiences in a clear and understandable manner.
  • Strong leadership skills with the ability to lead assignments/teams and mentor others.

Requirements

  • System Administration – experience as sysadmin for Unix or Unix+Windows in large environments, including familiarity with local/OS/software firewalls including Windows Firewall, iptables, IPF, PF, or similar.
  • Familiar with all aspects of operating system and application logging, including centralized logging, Syslog, web logs, process auditing, and file integrity monitoring.
  • DBA – Familiar with two of: Oracle, MySQL, MS SQL Server, PostgreSQL, SAP, DB2 in the context of transaction/audit logs, end-to-end security between servers as well as Clients & Servers, DB & Table Access Permissions, DRP (backups/restores/redundancy), SQL injection, query performance tuning.
  • Networking – Familiar with OSI Layer 3-7, cloud services VPCs, VLANS, private VLANS, secure VLANS, trunking, switching, routing, firewalls, reject/deny vs. drop, reverse tunnels, and solicited vs. unsolicited ingress & egress.
  • Development - Significant programming experience required. Ideally, proficient in two of: Python, PHP, JavaScript, Perl. Also proficient in shell scripting, and optionally would be proficient in Ruby, Lua, C, C++, C#, and/or Assembly.
  • Penetration Testing – Familiar with PCI compliance, WebApp Pentesting, network scanning vs. agent based vulnerability management, policy compliance, ddos resiliency testing, and all modern tools involved in service exploitation.
  • Vulnerability Management - Knowledge and experience in developing and implementing Vulnerability Management programs, initiatives, and capabilities.
  • Threat Intelligence - Experience building threat intelligence programs. Understanding of threat landscape and security intelligence in both the government and commercial space.
  • Experience with threat research, threat modeling, and information security threat assessments.
  • Ability to lead cybersecurity investigations and inspections to assess risk-validate incidents, breaches.
  • Experience hunting threat actors in large enterprise networks.
  • Security Testing – Experience in managing Information Security Testing programs, including red team, penetration and vulnerability testing.
  • Ability to build a red team and lead activities, manage vulnerability assessments, perform intrusion testing, vulnerability assessments and security scans to ensure efficiency of implemented controls and identify new gaps.
  • Third Party Security Assessment Program – Experience implementing and operating an effective program to continually assess third party relationships for the appropriateness of their security controls.
  • Expert knowledge of cyber security trends, technologies, and their applicability to the financial industry. Experience with security frameworks such as PCI DSS, ISO 27001/27002, CIS Critical Security Controls, NIST Framework for Improving Critical Infrastructure Security.

Designations and Prerequisites:

  • A minimum of 7 years of managerial experience in information security.
  • Masters level education in a related field is required.
  • Professional designation: CISSP, CISA, CISM, OSCP or OSCE Certification – desired but not required.
  • Experience in information security in a regulated Financial industry strongly preferred.
  • Previous IT development and implementation experience.

At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.

Benefits

Be great. Be you. Believe.

We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.

What happens next?

Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.

ATB Financial team members are required to disclose their COVID vaccination status and provide proof of vaccination or complete COVID rapid testing as a condition of employment to help support client and team member safety. We thank all candidates in advance for their understanding.

Stay in touch!

ATB is excited to know you’re interested in a career with us! Follow us on LinkedIn, Facebook and Instagram to get the inside scoop on what our team is up to.

Tags: Audits C CISA CISM CISSP Cloud Compliance DDoS Firewalls IPtables ISO 27001 JavaScript Lua Monitoring MSSQL MySQL NIST Oracle OSCE OSCP PCI DSS Pentesting Perl PHP PostgreSQL Python Red team Ruby SAP Scripting Security assessment SQL SQL injection SQL Server Threat intelligence Threat Research UNIX Vulnerability management Windows

Perks/benefits: Career development Startup environment Team events Wellness

Regions: Remote/Anywhere North America
Country: Canada
Job stats:  3  0  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.