Employee Status: Regular
Bargaining Unit: Non-Union
Pay Range: $131,882 – $186,282
Location: 20 Bay St.
Closing Date: 11-Sep-2023

Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.

At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team.

Our Payments Office is seeking a Senior Manager Cybersecurity Operations & Security Engineering to provide leadership and expertise in the development of cyber security related strategies, enterprise security operations, security reference models and roadmaps, including application, infrastructure and cloud system elements and incorporates subject matter expertise, governance and design in order to implement, coordinate and maintain the Payments (PRESTO) Security operations strategy and supporting roadmaps.

What will I be doing?

This role is accountable for Security Operations client relationship management, delivery to scope, budget, timelines and quality, using a Lean Agile approach. Responsible to enhance the Cybersecurity culture through positive leadership and ensure staff members, stakeholders and outsourced vendors are working together to successfully achieve strategic objectives.

• Oversees ongoing security incident and vulnerability management reporting by defining operational security KPI’s and reporting on them in the form of monthly reports to executive leadership
• Managers the IT security incidents by ensuring that incidents are appropriately classified and communicated by implementing a security incident classification framework and communication framework.
• Leads combined in-source, out-source and vendor team, providing a single point of leadership for operational ITSEC at Metrolinx
• Acts as a single point of contact to Security Operations Center (SOC) vendors, manages vendor relationships, addresses and works to resolve any non-compliance issues with services or contracts.
• Manages the development and implementation of management and governance practices, frameworks and playbooks to ensure consistency, quality, reliability and integrity;
• Work closely with the Security Architecture (SA) team to ensure alignment of the strategies and architectures with the overall technology vision defined for Metrolinx;
• Provides leadership towards defining the role of Security Operations and leads its implementation and governance; implementation and maintenance of Metrolinx’s Security infrastructure and services.
• Directs and oversees the alignment of Security operations and engineering activities with governing frameworks, standards; legislative, regulatory and contractual requirements that govern Metrolinx activities; Bridges the gap between business and technology and communicates security operations-related concepts to both technical and non-technical audiences across the organization’s business functions;
• Accountable for security operations solution design that supports the overall architecture
• Leads, develops, creates and manages, IT Security Business Continuity (BC) planning including taking accountabilities for creating, testing and updating the plan on an on going basis, reviewing trends and incorporating best practices
• Supports managing the relationship with Security Operations vendors including providing technical direction to vendor contracts, when required;
• Provides oversight to, defines and monitors the Security Operations team’s yearly operating plan and performance objectives to monitor for quality and excellent delivery of services;
• Advises on the effectiveness and completeness of business and technology strategies, ensuring alignment with Metrolinx I&IT and other applicable cross-organization strategies;
• Provides creative thought leadership with input from others to develop and deploy a strategic vision; connects and aligns projects with strategic corporate goals;

What Skills and Qualifications Do I Need?

• Completion of a degree in Engineering, Computer Sciences or a related discipline – or a combination of education, training and experience deemed equivalent.
• Minimum ten (10) years’ experience of contributing to the success of a range of midsize-to-large initiatives with above average levels of complexity and business criticality progressively senior experience in Cybersecurity
• Experience leading Security Operations, vulnerability management, threat management and managing a Security Operations Center (SOC), security operations planning, design, development, implementation and maintenance.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Equivalent is MANDATORY
• GIAC®️ Defensible Security Architecture (GDSA) an asset
o Experience with large scale environments in areas such as Networking and Operating Systems is Mandatory
• Excellent knowledge and understanding of IT Security frameworks such as SOC2, NIST, ISO 27011 and ISO 27002, MITRE, STRIDE etc.
• Relationship management, influencing, facilitation and negotiating skills and political acuity to: introduce new ways of thinking and working (i.e. DevSecOps, Lean, Agile); to provide expert opinions and advice to stakeholders; identify and resolve issues;

Don’t Meet Every Requirement?
If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.

We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.

Accommodation:

We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process, please let our Recruitment team know by contacting us at: 416-202-5601 or email hr.recruitment@metrolinx.com.

Application Process:

All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time-sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate. Should it be determined that any background information provided is misleading, inaccurate or incorrect, Metrolinx reserves the right to discontinue with the consideration of your application.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.

WE ARE AN EQUITABLE AND INCLUSIVE EMPLOYER.