Senior Systems Analyst, Compliance Oversight

Metrolinx
corporate strategy

Employee Status: Regular
Bargaining Unit: Non-Union
Pay Range: $88,758 – $120,634
Location: 20 Bay St
Closing Date: 21-Jul-2024

Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario.

At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team.

PRESTO is an electronic transit fare payment system in the Greater Toronto, Hamilton and Ottawa areas that eliminates the need for tickets, passes and cash. PRESTO serves more than 5 million customers across 11 transit agencies and processes over $2.5 billion in fares through 67 million boardings per month (pre-pandemic). Today, PRESTO offers one of the most globally advanced fare payment systems in the world having delivered new ways to pay for customers, including real time PRESTO Contactless with credit and Interac debit and PRESTO in Mobile Wallet across its transit agency clients, including the Toronto Transit Commission (TTC). Enhancing the customer experience through continuous improvement while working with our transit agency clients to support their needs, and maintaining a system that performs exceptionally, continue to drive PRESTO toward making transit better for all.

Our PRESTO (Payments) office is hiring a PCI Senior Systems Analyst, in the Compliance Oversight team, to support PCI Compliance with technical oversight, along with advisory to the PRESTO Scheme Certification assessment program, to meet internal and external client, partner and vendor needs.

What will I be doing?

• Leverages subject matter expertise to provide technical oversight and guidance for full compliance with Payment Card Industry Data Security Standards (PCI-DSS) – that aim to protect cardholder data during payment card transactions.
• Drives the coordination of PCI compliance annual Audit and reporting as appropriate in conjunction with Senior Compliance Analyst.
• Drives Remediation of PCI Audit findings / recommendations as per defined timelines
• Conducts Compliance Impact Assessment/Threat Risk Assessment against multiple projects/initiatives/third party engagements.
• Conducts internal and external Gap Assessment against PCI DSS standards/schedules/technical controls to identify gaps in compliance activities and make recommendations.
• Provides advisory to internal / external stakeholders on policies and procedures related to PCI-DSS compliance in conjunction with Senior Compliance Analyst.
• Reviews contracts and RFP documentation for PCI related considerations.
• Analyzes and documents technical Business Processes and Information Flows /Cardholder Dataflows.
• Provides technical recommendations to mitigate risks and improve compliance operations and streamline processes to safeguard payment card information and support the integrity of the PRESTO fare collection system.
• Provides technical advisory and back up to support the vendor/client testing of all interface components for PRESTO Scheme Governance at all stages of the Systems Development Life Cycle (SDLC). This includes, but not limited to, testing requirement and design, enhancements, and modifications, training and support as well as providing authoritative advice and recommendations for remedying risk and problems.
• Provides guidance on test strategies, plans, test scenarios, test scripts and execution of certification test for the application of technology in partnership with business leaders.
• Works with other team members to monitor PCI Compliance, and Certification testing, against system requirements to meet performance goals.
• Reviews technical and administrative procedures are in place, training is provided, and maintenance and support arrangements are made to ensure a smooth transition into production from PCI Compliance, Certification testing, perspective in conjunction with Senior Compliance Analyst.
• Monitors and tracks project progress and oversees vendor activities.
• Formulates and prepares project justifications in terms of the proposed scope, budget and schedule as appropriate.

What Skills and Qualifications Do I Need?

• Completion of a degree in Computer Science or a related discipline – or a combination of education, training and experience deemed equivalent.
• Demonstrated years’ experience in the development and support of complex technology, PCI, and preferably code certification programs or systems that meet business needs. PCIP certification is a plus.

Don’t Meet Every Requirement?

If you’re excited about working with Metrolinx but your past experience doesn’t quite align with every qualification of this posting, we encourage you to apply. You just might be the right candidate for this or other roles. We are always looking for great talent to join our team.

We invite all interested individuals to apply and encourage applications from members of equity-deserving communities, including those who identify as Indigenous, Black, racialized, women, people with disabilities, and people with diverse gender identities, expressions and sexual orientations.

Accommodation:

We value the unique skills and experiences each person brings to Metrolinx and are committed to creating and maintaining an inclusive and accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process, please let our Recruitment team know by contacting us at: 416-202-5601 or email hr.recruitment@metrolinx.com.

Application Process:

All applicants must be legally entitled to work in Canada. Metrolinx will be using email to communicate with you for all job competitions. It is your responsibility to include an updated email address that is checked daily and accepts emails from unknown users. As we send time sensitive correspondence, we recommend that you check your email regularly. If no response is received, we will assume you are no longer interested in pursuing the opportunity. Please be advised that a Criminal Record Check may be required of the successful candidate.

Should it be determined that any background information provided be misleading, inaccurate or incorrect, Metrolinx reserves the right to discontinue with the consideration of your application.

We thank all applicants for their interest, however, only those selected for further consideration will be contacted.

WE ARE AN EQUITABLE AND INCLUSIVE EMPLOYER.

To apply for this job please visit ehtc.fa.ca2.oraclecloud.com.