Director, Payments Security


Employee Status: Regular
Bargaining Unit: Non-Union
Pay Range: $149,197 – $212,019
Location: 20 Bay St.
Closing Date: 17-Sep-2023

Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.

At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team.

Our Payments Office within PRESTO is seeking a Director, Payments Security to provide senior leadership and strategic direction to oversee and mature the security posture of Metrolinx Payments, including the development and implementation of technical security standards and architecture, cyber governance, managing risk and compliance both internally and across the Payments supplier base, and ensuring security by design is built into all products and services that Payments bring to market.

Reporting to the Chief Technology Officer – Payments, this newly created role is critical in providing a safe and secure service to its customers and clients, and to managing the significant risk that cyber poses to the Metrolinx Payments business and brand reputation.

What will I be doing?

• Oversees the Metrolinx Payments security function to provide security leadership and guidance across the Payments division.
• Develops a security governance and policy framework based upon industry leading practices to manage cyber risk for Metrolinx Payments
• Provides executive leadership in the identification, development, implementation and maintenance of technologies, processes, procedures, and protocols across the organization to protect the privacy, confidentiality, integrity and availability of data and to reduce security risks;
• Owns the security architecture and standards for Metrolinx Payments, and ensures compliance across the ecosystem for internal and supplier owned services and processes
• Works closely with I&IT Security team to develop common standards and processes that provide enterprise wide management of cyber risk and an enterprise wide level of confidence that Metrolinx’s security posture is right sized against its risk appetite
• Works closely with the ITSEC team (including ITSEC aspects of the crisis management team) as the Payments leader to proactively address threats or pre-warning of threats received from law enforcement and other government agencies, and effectively coordinates efforts, as required, to respond to/anticipate/resolve ITSEC threats;
• Leads and manages the investigative process for all cyber security incidents, including root cause analyses and ensures corrective actions are completed in a timely manner;
• Drives and fosters the development of strong working relationships and linkages and maintains an environment of positive collaboration within Payments, with the supplier eco-system, with agency partners, and with I&IT
• Ensures the consistency, quality, reliability and integrity of Cyber Security strategies, standards, governance framework, and policies and provides leadership, expert advice and guidance on identifying and effectively managing security threats and trends and their potential impact on Metrolinx operations;

What Skills and Qualifications Do I Need?

• Completion of a degree in Information Systems, Computer Science, Engineering, or a related discipline – or a combination of education, training and experience deemed equivalent
• Minimum of 10 (ten) years of progressive experience in the Information Technology profession, in particular Security, Systems Development and IT Operations which includes:
o Minimum of 7 years of progressive IT Security roles
o Minimum of 5 years’ leading and managing large teams of IT professionals,
o Minimum 5years’ managing large, complex investment budgets
o Extensive senior level experience in the core functions of Information & Technology in a large private or public sector environment.
• Certifications in any of the following disciplines would be assets:
o Information Technology Infrastructure Library (ITIL) Foundations
o Certified Information Systems Auditor
o Certified Information Security Manager
• Knowledge of IT, security and information management strategies, methodologies, best practices, standards, delivery models, domain architectures, and planning issues, Enterprise Architecture principles and frameworks, Business Resiliency, Regulatory and Integrated Risk issues to direct/lead the development and implementation of Metrolinx’s enterprise wide IT Security program, including information security, technology, and management policies, standards, architecture models, and risk management strategies that drive solutions towards the achievement of business strategies and goals.
• Strong understanding of IT security and compliance regulations and IT Security methodologies, frameworks and practices (e.g. NIST, ISO 27000x COBIT and ITIL in an operating production technology environment to successfully plan and deliver future technology changes;
• Understanding of IT security tools and their effective application and a broad diverse knowledge of major technologies – both legacy and emerging;

Don’t Meet Every Requirement?

If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.

We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.


We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process, please let our Recruitment team know by contacting us at: 416-202-5601 or email

Application Process:

All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any background information provided be misleading, inaccurate or incorrect, Metrolinx reserves the right to discontinue with the consideration of your application.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.


To apply for this job please visit