Job Description Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.

At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team.

PRESTO is an electronic transit fare payment system in the Greater Toronto, Hamilton and Ottawa areas that eliminates the need for tickets, passes and cash. PRESTO serves more than 5 million customers across 11 transit agencies and processes over $2.5 billion in fares through 67 million boardings per month (pre-pandemic). Today, PRESTO offers one of the most globally advanced fare payment systems in the world having delivered new ways to pay for customers, including real time PRESTO Contactless with credit and Interac debit and PRESTO in Mobile Wallet across its transit agency clients, including the Toronto Transit Commission (TTC). Enhancing the customer experience through continuous improvement while working with our transit agency clients to support their needs, and maintaining a system that performs exceptionally, continue to drive PRESTO toward making transit better for all.

Our Payments (PRESTO) Security Office is seeking a Security Governance Analyst to safeguard technology assets against internal and external security threats to the confidentiality, integrity, and availability of business information and systems by developing and implementing day-to-day system security controls, and identifying and remediating threats for identified vulnerabilities. Provides security governance of delivery projects and supports audits by analyzing and responding to results.

What will I be doing?

• Participates and provides input into the development and implementation of information security policies, standards, processes, and procedures.
• Support risk identification & assessment, response & mitigation, control monitoring and reporting
• Reviewing and support information system change requests by assisting with risk assessment prior to implementation to identify new sources of risk or elevation in the severity of currently identified risks.
• Gathering and preparing data for reporting security service performance metrics that includes status of information systems, services obtained from external providers, and actions for improvement.
• Supports the Metrolinx Payment Card Industry (PCI) program by completing tasks as required (i.e. data compilation and reporting)
• Supports and acts on remediation plans and responses to internal and external audit findings. (PCI, OAG, General Controls Audit, Internal Audit, Critical Infrastructure Protection, etc.)
• Participating and contributing to benchmarking exercises for comparison to industry standards (ISF, ISO, NIST) and industry peers in the government and transportation sectors.
• Support Cybersecurity Awareness Training through training module uploads, training completion tracking.
• Interact with internal and external audit partners on a periodic basis to coordinate and monitor IT responsibilities for the completion of compliancy certifications.
• Liaising with Managed Security Service Providers (MSSPs) and participating in the design, developing, deployment, and support of information security systems and solutions (e.g. authentication, key management, Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEM), antimalware, etc.)

What Skills and Qualifications Do I Need?

• Completion of a degree in Computer Science, Information Technology (IT), or a related discipline – or a combination of education, training and experience deemed equivalent.
• Demonstrated experience developing and implementing system security controls, remediation of security issues and identifying and managing threats to the achievement of business objectives; project management experience; and broad-based experience in the CISSP security domains.
• Technical certifications such as CISSP, CCSP, CISA or CISM are an asset.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Experience in security architecture requirements analysis and impact assessment in the context of security architecture. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and the NIST Cybersecurity Framework
• Advanced knowledge and experience with agile methodology and principles in the IT environment
• Experience with cloud services (Software-as-a-Service, Platform-as-a-Service)
• Project management and interpersonal skills to coordinate complex projects to meet approved timelines.

Don’t Meet Every Requirement? If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.

We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.

Accommodation We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process, please let our Recruitment team know by contacting us at: 416-202-5601 or email hr.recruitment@metrolinx.com .

Application Process All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time-sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate.

Should it be determined that any background information provided is misleading, inaccurate or incorrect, Metrolinx reserves the right to discontinue with the consideration of your application.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.

WE ARE AN EQUITABLE AND INCLUSIVE EMPLOYER.