Security Governance Analyst

Metrolinx

Job Location:

Toronto - Canada

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Description

Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express as well as the PRESTO fare payment system. We are also building new and improved rapid transit including GO Expansion Light Rail Transit routes and major expansions to Torontos subway system to get people where they need to go better faster and easier. Metrolinx is an agency of the Government of Ontario.

At Metrolinx equity diversity and inclusion are essential to living our values of serving with passion thinking forward and playing as a team.

PRESTO is an electronic transit fare payment system in the Greater Toronto Hamilton and Ottawa areas that eliminates the need for tickets passes and cash. PRESTO serves more than 5 million customers across 11 transit agencies and processes over $2.5 billion in fares through 67 million boardings per month (pre-pandemic). Today PRESTO offers one of the most globally advanced fare payment systems in the world having delivered new ways to pay for customers including real time PRESTO Contactless with credit and Interac debit and PRESTO in Mobile Wallet across its transit agency clients including the Toronto Transit Commission (TTC). Enhancing the customer experience through continuous improvement while working with our transit agency clients to support their needs and maintaining a system that performs exceptionally continue to drive PRESTO toward making transit better for all.

Our Payments (PRESTO) Security Office is seeking a Security Governance Analyst to safeguard technology assets against internal and external security threats to the confidentiality integrity and availability of business information and systems by developing and implementing day-to-day system security controls and identifying and remediating threats for identified vulnerabilities. Provides security governance of delivery projects and supports audits by analyzing and responding to results.

What will I be doing

Participates and provides input into the development and implementation of information security policies standards processes and procedures.
Support risk identification & assessment response & mitigation control monitoring and reporting
Reviewing and support information system change requests by assisting with risk assessment prior to implementation to identify new sources of risk or elevation in the severity of currently identified risks.
Gathering and preparing data for reporting security service performance metrics that includes status of information systems services obtained from external providers and actions for improvement.
Supports the Metrolinx Payment Card Industry (PCI) program by completing tasks as required (i.e. data compilation and reporting)
Supports and acts on remediation plans and responses to internal and external audit findings. (PCI OAG General Controls Audit Internal Audit Critical Infrastructure Protection etc.)
Participating and contributing to benchmarking exercises for comparison to industry standards (ISF ISO NIST) and industry peers in the government and transportation sectors.
Support Cybersecurity Awareness Training through training module uploads training completion tracking.
Interact with internal and external audit partners on a periodic basis to coordinate and monitor IT responsibilities for the completion of compliancy certifications.
Liaising with Managed Security Service Providers (MSSPs) and participating in the design developing deployment and support of information security systems and solutions (e.g. authentication key management Intrusion Prevention Systems (IPS) Security Information and Event Management (SIEM) antimalware etc.)

What Skills and Qualifications Do I Need

Completion ofa degree inComputer Science Information Technology (IT) or a related discipline or a combination of education training and experience deemed equivalent.
Demonstrated experiencedeveloping and implementing system security controls remediation of security issues and identifying and managing threats to the achievement of business objectives; project management experience; and broad-based experience in the CISSP security domains.
Technical certifications such as CISSP CCSP CISAor CISM are an asset.
Excellent written and verbal communication skills interpersonal and collaborative skills and the ability to communicate cybersecurity and risk-related concepts to technical and non-technical audiences at various hierarchical levels ranging from board members to technical specialists.
Experience in security architecture requirements analysis and impact assessment in the context of security architecture. Knowledge of common information security management frameworks such as ISO/IEC 27001 ITIL COBIT as well as those from NIST including 800-53 and the NIST Cybersecurity Framework
Advanced knowledge and experience with agile methodology and principles in the IT environment
Experience with cloud services (Software-as-a-Service Platform-as-a-Service)
Project management and interpersonal skills to coordinate complex projects to meet approved timelines.

Dont Meet Every Requirement

If youre excited about working with Metrolinx but your past experience doesnt quite align with every qualification of this posting we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.

We invite all interested individuals to apply and encourage applications from members of equity-deserving communities including those who identify as Indigenous Black racialized women people with disabilities and people with diverse gender identities expressions and sexual orientations.

Accommodation:

We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process please let our Recruitment team know by contacting us at: or email .

Application Process:

All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time-sensitive correspondence we recommend that you check your email regularly. If no response is received we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate.

Should it be determined that any background information provided is misleading inaccurate or incorrect Metrolinx reserves the right to discontinue with the consideration of your application.

We thank all applicants for their interest however only those selected for further consideration will be contacted.

WE ARE AN EQUITABLE AND INCLUSIVE EMPLOYER.

#LI-MM3

Required Experience:

Description Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express as well as the PRESTO fare payment system. We are also building new and improved rapid transit including GO Expansion Light Rail Transit routes and major expansions to T...