Director, Payments Security Jobs

Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.
Our Payments Office within PRESTO is seeking a Director, Payments Security to provide senior leadership and strategic direction to oversee and mature the security posture of Metrolinx Payments, including the development and implementation of technical security standards and architecture, cyber governance, managing risk and compliance both internally and across the Payments supplier base, and ensuring security by design is built into all products and services that Payments bring to market.
At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team.
Reporting to the Chief Technology Officer – Payments, this newly created role is critical in providing a safe and secure service to its customers and clients, and to managing the significant risk that cyber poses to the Metrolinx Payments business and brand reputation.
What will I be doing?

• Drives and fosters the development of strong working relationships and linkages and maintains an environment of positive collaboration within Payments, with the supplier eco-system, with agency partners, and with I&IT
• Owns the security architecture and standards for Metrolinx Payments, and ensures compliance across the ecosystem for internal and supplier owned services and processes
• Oversees the Metrolinx Payments security function to provide security leadership and guidance across the Payments division.
• Works closely with the ITSEC team (including ITSEC aspects of the crisis management team) as the Payments leader to proactively address threats or pre-warning of threats received from law enforcement and other government agencies, and effectively coordinates efforts, as required, to respond to/anticipate/resolve ITSEC threats;
• Works closely with I&IT Security team to develop common standards and processes that provide enterprise wide management of cyber risk and an enterprise wide level of confidence that Metrolinx’s security posture is right sized against its risk appetite
• Develops a security governance and policy framework based upon industry leading practices to manage cyber risk for Metrolinx Payments
• Ensures the consistency, quality, reliability and integrity of Cyber Security strategies, standards, governance framework, and policies and provides leadership, expert advice and guidance on identifying and effectively managing security threats and trends and their potential impact on Metrolinx operations;
• Leads and manages the investigative process for all cyber security incidents, including root cause analyses and ensures corrective actions are completed in a timely manner;
• Provides executive leadership in the identification, development, implementation and maintenance of technologies, processes, procedures, and protocols across the organization to protect the privacy, confidentiality, integrity and availability of data and to reduce security risks;

What skills & qualifications do I need?

• Certifications in any of the following disciplines would be assets:
• Strong understanding of IT security and compliance regulations and IT Security methodologies, frameworks and practices (e.g. NIST, ISO 27000x COBIT and ITIL in an operating production technology environment to successfully plan and deliver future technology changes;
• Understanding of IT security tools and their effective application and a broad diverse knowledge of major technologies - both legacy and emerging;
• Certified Information Security Manager
• Certified Information Systems Auditor
• Minimum 5years’ managing large, complex investment budgets
• Minimum of 5 years’ leading and managing large teams of IT professionals,
• Minimum of 7 years of progressive IT Security roles
• Extensive senior level experience in the core functions of Information & Technology in a large private or public sector environment.
• Minimum of 10 (ten) years of progressive experience in the Information Technology profession, in particular Security, Systems Development and IT Operations which includes:
• Completion of a degree in Information Systems, Computer Science, Engineering, or a related discipline – or a combination of education, training and experience deemed equivalent
• Information Technology Infrastructure Library (ITIL) Foundations
• Knowledge of IT, security and information management strategies, methodologies, best practices, standards, delivery models, domain architectures, and planning issues, Enterprise Architecture principles and frameworks, Business Resiliency, Regulatory and Integrated Risk issues to direct/lead the development and implementation of Metrolinx’s enterprise wide IT Security program, including information security, technology, and management policies, standards, architecture models, and risk management strategies that drive solutions towards the achievement of business strategies and goals.

Don’t Meet Every Requirement?
If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.
We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.
Accommodation
We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process, please let our Recruitment team know by contacting us at: 416-202-5601 or email [email protected] .
Application Process
All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time-sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate.
For Internal applicants, with the recent implementation of the Internal Mobility Policy, the internal recruitment process has changed for non-union roles. Candidates must be in their current role for 12 months prior to applying for another role and each applicant must be in good standing (not participating in a Performance Improvement Plan). Please review all provisions of the policy before submitting your application.
Should it be determined that any background information provided is misleading, inaccurate or incorrect, Metrolinx reserves the right to discontinue with the consideration of your application.
We thank all applicants for their interest, however, only those selected for further consideration will be contacted.
WE ARE AN EQUITABLE AND INCLUSIVE EMPLOYER.