Internal Assurance, Technology Domain Lead

At ATB, we exist to make it possible for our clients, team members and communities. Our purpose is more than aspirational. It's a real commitment we live every day through our values (what we call the ATB ID). Life at ATB is about more than work. In fact, we’re consistently recognized as one of Canada's top employers thanks to our high-care, high-performance culture, upheld by the three commitments we make to our team members: Impact in action: No matter where you are in the organization, you're empowered to make an impact in the lives of our clients and communities. Thrive together: We want you—the unique, authentic you—to feel safe and celebrated at work. We're on a continuous journey to build the most flexible and inclusive programs. Ready for tomorrow: We want to enable your success through interesting and challenging work, performance enablement, and learning and development. ## About the role As ATB’s next IA Technology Domain Lead, you will be responsible for managing the full lifecycle of cyber and technology assurance engagements, which includes leading the discovery phase, risk identification, and preliminary planning with stakeholders. Day-to-day work involves overseeing the execution of complex processes, guiding engagement teams through daily priority tasks and blockers, and performing initial quality assurance reviews of test sheets and reporting. Additionally, the role serves as a high-value strategic advisor to stakeholders by providing meaningful insights and strategic challenges, while also collaborating across functional lines of defense to harmonize assurance activities. Key responsibilities also include overseeing the review and coordination of Management Action Plans (MAPs) for validation testing, assisting leadership with quarterly and annual audit reporting, and actively sensing and communicating emerging cyber and technology risks. ## Accountabilities * Engagement Discovery and Planning: Leads the discovery phase for cyber and technology focused engagements, including researching applicable evaluation criteria, preparation of environmental scans, risk identification, and preliminary stakeholder meetings. * Engagement Execution and Oversight: Oversees and guides the execution of complex processes and selected engagements, including attending daily stand-ups, coaching team members and identifying escalation or information points to highlight for the TFC Director. Evaluates engagement progress and "blockers" into ongoing reassessments of daily and weekly priority tasks for engagement teams, themself and those requiring escalation. * Strategic Advisory and Effective Partnership: Serve as a high-value advisor by engaging with curiosity, providing meaningful insights as well as strategic challenge, and being responsible to stakeholder needs. * Empower ‘OneATB’: Collaborate with peers, stakeholders and cross-functional lines of defense to harmonize assurance activities and foster alignment. * Quality Assurance & Review: Performs first reviews of test sheets and reporting to ensure all tasks are completed, meet or exceed requirements and are fit for purpose. * Remediation Management: Oversees the review of Management Action Plans (MAPs) to ensure proposed remediation effectively addresses original risks. Also, coordinates completed MAP actions submitted to TFC for validation testing, including performing triage to confirm appropriate evidence has been provided, assigning to a TFC IA Partner for testing, tracking testing progress and performing first review of completed testing. * Communications and Reporting: Assists leadership in generating content used for the quarterly and annual audit reports. Identify, define and log future / follow-on engagements for consideration in annual audit planning. * Risk Sensing and Domain Expertise: Actively participate in identification and communication of emerging risks impacting cyber and technology and / or the banking industry. Act as a trusted resource for IA and stakeholders regarding cyber and technology risk assessment and evaluation. ## Skills, experience & requirements ### Competencies/ Skill-Sets Required * Advanced Time Management: Sophisticated ability to manage multiple concurrent tasks and exercise professional judgment on shifting priorities. * Autonomous Execution: Capable of leading audit execution, write-ups, and findings presentations autonomously, escalating timely as appropriate. * Complex Synthesis: Ability to synthesize large volumes of information to build a "story" around themes in risk assessment and reporting. * Agile Methodology: Proficient in working within agile cycles, utilizing tools like Jira kanbans and daily stand-ups to manage workflows. * Data Literacy: Understanding of descriptive and diagnostic analytics, including data reporting, visualization, and dashboarding. * Technology Operations: Solid understanding of common IT Service Management, Architecture and/or Product Management processes. * IT Audit: Strong understanding of IT audit principles, practices and control standards including a demonstrated ability to apply such standards. * Key Knowledge: Familiarity with relevant industry frameworks including, NIST (National Institute of Standards and Technology) frameworks, OSFI (Office of the Superintendent of Financial Institutions Canada), ICOFR (Internal Control Over Financing), ISO (International Organization for Standardization), PCI (Payment Card Industry), OWASP (Open Web Application Security Project), as well as common IT technology governance and control frameworks (e.g. Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT)). ### ### Audit and Risk Management * Risk Culture Leadership: Partners with team members and stakeholders to promote a culture of risk management across Business Units. * Audit Criticality: Leads the development and implementation of audit programs and assessment techniques and evaluates results to identify audit findings which can be leveraged to improve operational efficiency and compliance via leveraging knowledge of audit methodology, leading practices and approaches. * Compliance Advisory: Coaches team members and stakeholders towards understanding and improving compliance and risk management. Ability to communicate complex issues in a way that makes them easily understood. * Decision Critical Accountability: Focuses engagements and the tasks within them on the processes, controls and decision points where lapses in attention or concentration could impact the organization's critical risks. ### ### Data and Analytics * Data Reporting, Visualization & Dashboarding Tools * Descriptive & Diagnostic Analytics * Data Extraction, Validation and Cleanup skills an asset ### Accreditation * Successful completion of a post secondary degree, a computer science, information systems or technology, graduate business, finance or management degree an asset * Professional designation related to technology assurance such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk and Information Systems Control (CRISC), domain specific Global Information Assurance Certification (GIAC), relevant Cloud Security Alliance (CSA) certification or equivalent experience. Don’t meet all the requirements on the list? A resume only goes so far in expressing who you are and the unique perspectives you bring. If you believe your skills and experience align with the role—but you might not check all the boxes—we want to hear from you. We encourage candidates from all work backgrounds, equity-seeking communities and experience levels to apply. If you’re seeking a career where your drive, perspective and growth are celebrated, we want to hear from you. We’re dedicated to building a workforce reflective of those within our communities, and a culture where our team members are equipped with what they need to succeed—their way. Part of creating an inclusive workplace is recognizing our role in advancing Truth and Reconciliation. We are committed to meeting and exceeding the standards set out in the Partnership Accreditation in Indigenous Relations program created by the Canadian Council for Aboriginal Business. What happens next? If you are shortlisted, you’ll hear from us after the posting closes. Check out our How We Hire page to learn more about our hiring process. If you need any accommodations throughout this process, please let us know at talentteam@atb.com Stay in touch We’re excited that you’re interested in a career with ATB. Follow us on LinkedIn, Facebook and Instagram to learn more about what our team is up to.