Director, Cybersecurity and Security Assurance - Edmonton
Remote - Edmonton, Alberta, Canada
ATB FinancialBig life events can trigger big banking changes. Whether you’re starting university or planning your retirement, we’ve made it easy to find the accounts and resources you need.
Our bottom line is different.
There’s something special about working at ATB, and it’s been recognized on every top employer list that matters. Maybe it’s our exceptional culture where your total wellness is supported through market-leading benefits and you’re free to bring your whole self to work. Maybe it’s our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren’t our clients.
Whatever it is, you won’t find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.
Job Number: REQ3044
Location: Remote - Alberta Preferred
Apply by: January 10th, 2021
Paygrade: N - OTH
# Positions available: 1
Leader Name: Glenn Joiner
As ATB’s next Director of Cybersecurity and Security Assurance, you will be part of the leadership team for the office of the CISO. You will be responsible for implementation and maintenance of ATB’s cybersecurity posture, validating protections in place, and looking forward for emerging threats. This is achieved through leading a talented team of Security Analysts as well as direct support for ATB’s CISO.
The purpose of this position is to deliver and manage a team to:
- Focus on the delivery of Cybersecurity policies and processes to secure ATB systems and data against threats
- Plan, Prepare and Execute validation activities to ensure new projects and operational systems technically adhere to Information Security policies and processes with a focus on reporting, tracking and closing identified issues.
- Assess and Deliver vulnerability and penetration test efforts on projects and operational systems at ATB
- Research, Analyze and Deliver reports on emerging threats and future cyber risks
You will find success in your ability to:
- Provide leadership, coaching and direction to a team of security professionals in the delivery of security services that have organizational wide impacts.
- Continuously review processes and practices to meet objectives in a fast paced environment.
- Participate and provide leadership in the Security Response Team for all Cybersecurity incidents.
- Lead Red Team testing of systems with comprehensive reports of findings and remediation guidance for business stakeholders.
- Proactively anticipate and model threats and threat actor scenarios.
- Develop strategic guidance for business stakeholders on emerging cyber threats.
- Developing and maintaining the access control rules for systems, databases, networks and application; providing controlled access in accordance with owner-defined information access requirements.
- Actively participate in the application development/acquisition process to ensure security requirements are considered at all phases of application development/acquisition process - from definition of user requirements, through application design, construction/purchase, testing, production use of the system, and application retirement.
- Ensuring communication of expectations and verification of delivery of services.
As the Ideal Candidate, you possess:
- Leadership – History of leading teams of security or IT staff members and/or Managed service contracts.
- Strong management and administration skills, with a demonstrated ability to lead change and solve problems.
- Excellent communication and relationship-building skills, with a demonstrated ability to work effectively within both the business and technical arenas.
- Well-developed analytical skills accompanied by proven decision-making experience.
- Demonstrated aptitude for continuous learning and innovative thinking.
- Excellent verbal and written communication skills, including polished presentation skills with the ability to deliver technical issues to both technical and non-technical audiences in a clear and understandable manner.
- Strong leadership skills with the ability to lead assignments/teams and mentor others.
- System Administration – experience as sysadmin for Unix or Unix+Windows in large environments, including familiarity with local/OS/software firewalls including Windows Firewall, iptables, IPF, PF, or similar.
- Familiar with all aspects of operating system and application logging, including centralized logging, Syslog, web logs, process auditing, and file integrity monitoring.
- DBA – Familiar with two of: Oracle, MySQL, MS SQL Server, PostgreSQL, SAP, DB2 in the context of transaction/audit logs, end-to-end security between servers as well as Clients & Servers, DB & Table Access Permissions, DRP (backups/restores/redundancy), SQL injection, query performance tuning.
- Networking – Familiar with OSI Layer 3-7, cloud services VPCs, VLANS, private VLANS, secure VLANS, trunking, switching, routing, firewalls, reject/deny vs. drop, reverse tunnels, and solicited vs. unsolicited ingress & egress.
- Penetration Testing – Familiar with PCI compliance, WebApp Pentesting, network scanning vs. agent based vulnerability management, policy compliance, ddos resiliency testing, and all modern tools involved in service exploitation.
- Vulnerability Management - Knowledge and experience in developing and implementing Vulnerability Management programs, initiatives, and capabilities.
- Threat Intelligence - Experience building threat intelligence programs. Understanding of threat landscape and security intelligence in both the government and commercial space.
- Experience with threat research, threat modeling, and information security threat assessments.
- Ability to lead cybersecurity investigations and inspections to assess risk-validate incidents, breaches.
- Experience hunting threat actors in large enterprise networks.
- Security Testing – Experience in managing Information Security Testing programs, including red team, penetration and vulnerability testing.
- Ability to build a red team and lead activities, manage vulnerability assessments, perform intrusion testing, vulnerability assessments and security scans to ensure efficiency of implemented controls and identify new gaps.
- Third Party Security Assessment Program – Experience implementing and operating an effective program to continually assess third party relationships for the appropriateness of their security controls.
- Expert knowledge of cyber security trends, technologies, and their applicability to the financial industry. Experience with security frameworks such as PCI DSS, ISO 27001/27002, CIS Critical Security Controls, NIST Framework for Improving Critical Infrastructure Security.
Designations and Prerequisites:
- A minimum of 7 years of managerial experience in information security.
- Masters level education in a related field is required.
- Professional designation: CISSP, CISA, CISM, OSCP or OSCE Certification – desired but not required.
- Experience in information security in a regulated Financial industry strongly preferred.
- Previous IT development and implementation experience.
At ATB, we know that as you develop in your career, you gain many transferable skills. If you believe your experience and qualities are a match for this position, please consider applying.
Be great. Be you. Believe.
We are dedicated to building a workforce reflective of the diversity within our communities and creating an environment where every team member has what they need to reach their potential. We encourage candidates from all equity-seeking groups to apply.
What happens next?
Thank you for applying online. If you are shortlisted for this opportunity, you will hear from us after the posting close date regarding next steps. We might ask you to participate in a digital interview or phone interview. If you require any accommodations, please let us know.
ATB Financial team members are required to disclose their COVID vaccination status and provide proof of vaccination or complete COVID rapid testing as a condition of employment to help support client and team member safety. We thank all candidates in advance for their understanding.
Stay in touch!
Explore more Information Security career opportunities
- Open Senior Information Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Incident Response Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Azure Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Personnel Security Officer jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Penetration Tester jobs
- Open Information Security Architect jobs
- Open Information Security Officer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Sr. Product Security Engineer jobs
- Open SOC Analyst jobs
- Open Cybersecurity Engineer jobs
- Open Security Officer 3 jobs
- Open Privacy Manager jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open DevOps-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Clearance-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open Open Source-related jobs
- Open Splunk-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open HIPAA-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open Unix-related jobs