Security Compliance Analyst - Remote, Canada - ATB Financial

ATB Financial

Verified Company

Remote, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Our bottom line is different.
There's something special about working at ATB, and it's been recognized on every top employer list that matters.

Maybe it's our exceptional culture where your total wellness is supported through market-leading benefits and you're free to bring your whole self to work.

Maybe it's our commitment to a growth mindset and our unrelenting thirst for making it possible for fellow Albertans—even the ones who aren't our clients.

Whatever it is, you won't find a more genuine, driven and knowledgeable group of humans anywhere. We foster a culture of purpose, performance and possibilities. We engage with intense curiosity, and bring our whole selves to work, every day. We know it starts with people like you, so take a chance and start with us.

Job Number:
REQ5704

Location:
Preference for Calgary or Edmonton (can be on-site or remote)

Paygrade:
L-OTH

System Title:
Security Compliance Analyst 7

Positions available: 1

Leader Name:
Director, Security Compliance

As ATB's next Security Compliance Analyst, you will be responsible for assessing, mitigating, reporting, and preventing security risk. You will need to collaborate with other teams within the Cyber Security Group and also various Technology Operation and Architecture peers to address security related risks.

In This Role, You Can Expect To

Support daily vulnerability and patching management process to secure the technology platform
Grow the security, risk and compliance governance framework (including third parties) in line with business needs
Execute control testing and risk assessments
Coordinate the remediation of control deficiencies identified and the reporting of risk associated
Support internal audits and follow through action items mitigating risk
Act as technical writer to maintain the currency of our security policies and standards that align with business and industrial best practice
Work with concerned stakeholders to make improvements on our metrics ( KRI/KPI's) and track compliance programs maturity and performance
Work with responsible teams to support our Vendor Security Assessment Program
Evaluate new and evolving security and compliance requirements

Requirements:

Education

A bachelor's degree or equivalent in science, computer science, cybersecurity, engineering or related field, or equivalent work experience. Academic qualification or professional training or experience in governance, risk and compliance areas are also desirable.

Experience

Five or more years in Cybersecurity or Risk Management with proven experience in Vulnerability Management and Patch Management
Demonstrate significant depth of technical knowledge in technology solutions, as well as deep understanding of security compliance, and related cybersecurity risk within the financial services industry.
Cloud security and governance experience required. Google Cloud Platform (GCP) experience preferred.
Experience in developing, maintaining and reporting security metrics (KRI/KPI) that align with organization's risk appetite and risk statements
Strategy and management consulting experience an advantage.

Knowledge/Skills

Hold one or more industry security certifications like CISSP, CISA, CISM, ISO 2700
Strong technical knowledge on security scanning tools like Qualys and Veracode
Passion for Cybersecurity and continually learning new attack vectors, new threats, and security framework expertise.
Familiarity with the Payment Card Industry Data Security Standard (PCI-DSS) and NIST Framework
Knowledge or experience dealing with regulators like FINTRAC, OSFI, SWIFT and INTERAC addressing security based risks, standards, processes and regulatory compliance requirements.
Sound knowledge in multiple competency areas of security platform and program delivery

Some examples are:

Security Operations Center (SOC), SIEM integration, Security incident response teams, Cloud Security Governance and principles, Data Loss Prevention (DLP) implementation, Data Security and Privacy Compliance, fIrewall and VPN platforms, End-point protection, Identity and Access Management (IAM), Vulnerability Management platforms, Patch Management process, and Code Scanning tooling.

Demonstrated knowledge of the following: cybersecurity risk and control assessment, penetration testing, security methodologies and practices in a complex organizational environment.
Strong interpersonal skills with an impressive history of forging strong relationships with multiple stakeholders and relating well to people of all backgrounds and at all levels.
Excellent business acumen and interpersonal skills; able to work across business lines at a senior level to influence and effect change to achieve common goals.
You have a willingness to learn about different protocols and technologies
Writing/editing technical documentation such as security standards,policies and procedures

**At ATB, we kno