Job Title: Technology Architect (Standards) - Senior Location: Toronto Ontario Work Model: Hybrid Duration: 12 months Security Clearance: CRJMC Submission Deadline::00 p.m. EST
Must Haves
Cyber Security and Privacy 60%
10 years of experience mapping and adapting cyber security frameworks (e.g. NIST CSF v2 CIS Controls v8 COBIT ISO/IEC 27001) for organizations of similar size and complexity to Ontario school boards.
10 years of experience integrating cyber security frameworks and controls into enterprise risk management governance structures and organizational practices including change management.
10 years of experience conducting security assessments and developing cyber security and online privacy policies standards and guidelines-preferably within the public or broader public sector.
Demonstrated experience applying privacy frameworks such as NIST Privacy Framework v1.1 and ISO/IEC 27701 is highly desirable.
Demonstrated experience in cyber/online safety analysis and the development of related policies and standards is highly desirable.
Experience with capability maturity models such as CMMI and CMMC is considered an asset.
Strong knowledge of applicable legislation including the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA); familiarity with the Education Act is desirable.
Awareness of IoT and Operational Technology (OT) security issues is considered an asset.
Communication Skills and Experience 20%
10 years of experience delivering presentations to senior leadership management teams and external stakeholders.
10 years of experience preparing professional documentation including security/privacy reports status updates recommendations and briefing notes for both technical and non-technical audiences.
Industry Certifications / Relevant Education 15%
Mandatory: One of the following security certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Desirable: Privacy certification such as Certified Information Privacy Professional (CIPP).
Other relevant certifications such as CISA or CASP are considered assets.
Public Sector Experience 5%
5 years of hands-on experience working in large public sector environments. Preferably experience working with the Ontario K-12 education sector.
5 years of experience applying Ontarios cybersecurity standards including the GO-ITS 25.x series (Ontario IT Standards).
Knowledge of Government of Ontario relevant legislation (e.g. EDSTA).
Description / Responsibilities / Skills
Project Description
The Cyber Resilience Strategy and Oversight Services (CRSOS) unit provides strategic vision leadership and support for the development and implementation of modernized I&IT solutions in the public education sector and associated stakeholders.
Responsibilities of the CRSOS unit include:
Developing vision and implementation strategy for evolving network technology platforms in the K-12 sector.
Working closely with stakeholder partners to assist in achieving sector and ministry strategic goals and objectives through innovative network and network security solutions.
Acquiring intelligence for the sector through developing and managing relationships with sector organizations and network/network security organizations such as telecommunications service providers and network technology and service providers.
Important Notes
The client may exercise its option(s) to extend the Statement of Work (SOW) beyond October 5 2027 provided that the Master Service Agreement is extended.
This procurement will include the option to extend the end date of the contract if there are unused effort days and no change to the ceiling amount if the need arises.
This contract will require the consultant to work up to 2 days per week in the office and the remaining days working remotely.
Responsibilities
The Senior Technology Architect role requires deep knowledge expertise and experience in cyber security frameworks and controls designed to mitigate the impact of evolving cyber threats.
The role also requires a strong understanding of online privacy and cyber safety particularly as it pertains to minors and the K 12 education sector.
In addition the resource must possess hands-on experience in mapping drafting developing and aligning cyber security models standards and technical and non-technical playbooks particularly within the K-12 education sector preferably in Ontario.
The resource is responsible for but not limited to:
Contributing to the development of a tailored cyber security framework for the K-12 education sector grounded in the NIST Cybersecurity Framework (CSF) v2 and CIS Controls v8 while incorporating relevant elements from other industry standards such as COBIT and ISO.
Developing and documenting standards and guidance resources for priority cyber security privacy protection and online safety controls specific to the K 12 education sector.
Providing hands-on subject matter expertise and implementation guidance and support to facilitate the adoption of cyber security frameworks standards and policies across school boards.
Ensuring alignment with modern governance risk and compliance (GRC) programs Security Operations (SecOps) practices leveraging next-generation solutions and practices such as automation artificial intelligence (AI) and machine learning (ML) to enhance threat detection and response capabilities.
Collaborating with government partners including departments in the Ministry of Education Ministry of Public and Business Service Delivery and Procurement including the Ontario Cyber Security Division to align with broader OPS and BPS cyber security priorities and ensure integration with related initiatives as may be underway at a corporate level.
Engaging with a diverse stakeholder audience through presentations and consultations to gather feedback and foster alignment.
Providing regular status updates and project reports on assigned deliverables.
Aligning with industry and legislative advancements at the federal provincial/local level (e.g. Enhancing Digital Security and Trust Act 2024 (EDSTA)).
Delivering on other duties as assigned.
This work involves working in close partnership with various government departments and the K-12 education sector. The resource may need to travel the same day or overnight in Ontario.
Job Title: Technology Architect (Standards) - Senior Location: Toronto Ontario Work Model: Hybrid Duration: 12 months Security Clearance: CRJMC Submission Deadline::00 p.m. EST Must Haves Cyber Security and Privacy 60% 10 years of experience mapping and adapting cyber security frameworks (...
Job Title: Technology Architect (Standards) - Senior Location: Toronto Ontario Work Model: Hybrid Duration: 12 months Security Clearance: CRJMC Submission Deadline::00 p.m. EST
Must Haves
Cyber Security and Privacy 60%
10 years of experience mapping and adapting cyber security frameworks (e.g. NIST CSF v2 CIS Controls v8 COBIT ISO/IEC 27001) for organizations of similar size and complexity to Ontario school boards.
10 years of experience integrating cyber security frameworks and controls into enterprise risk management governance structures and organizational practices including change management.
10 years of experience conducting security assessments and developing cyber security and online privacy policies standards and guidelines-preferably within the public or broader public sector.
Demonstrated experience applying privacy frameworks such as NIST Privacy Framework v1.1 and ISO/IEC 27701 is highly desirable.
Demonstrated experience in cyber/online safety analysis and the development of related policies and standards is highly desirable.
Experience with capability maturity models such as CMMI and CMMC is considered an asset.
Strong knowledge of applicable legislation including the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA); familiarity with the Education Act is desirable.
Awareness of IoT and Operational Technology (OT) security issues is considered an asset.
Communication Skills and Experience 20%
10 years of experience delivering presentations to senior leadership management teams and external stakeholders.
10 years of experience preparing professional documentation including security/privacy reports status updates recommendations and briefing notes for both technical and non-technical audiences.
Industry Certifications / Relevant Education 15%
Mandatory: One of the following security certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Desirable: Privacy certification such as Certified Information Privacy Professional (CIPP).
Other relevant certifications such as CISA or CASP are considered assets.
Public Sector Experience 5%
5 years of hands-on experience working in large public sector environments. Preferably experience working with the Ontario K-12 education sector.
5 years of experience applying Ontarios cybersecurity standards including the GO-ITS 25.x series (Ontario IT Standards).
Knowledge of Government of Ontario relevant legislation (e.g. EDSTA).
Description / Responsibilities / Skills
Project Description
The Cyber Resilience Strategy and Oversight Services (CRSOS) unit provides strategic vision leadership and support for the development and implementation of modernized I&IT solutions in the public education sector and associated stakeholders.
Responsibilities of the CRSOS unit include:
Developing vision and implementation strategy for evolving network technology platforms in the K-12 sector.
Working closely with stakeholder partners to assist in achieving sector and ministry strategic goals and objectives through innovative network and network security solutions.
Acquiring intelligence for the sector through developing and managing relationships with sector organizations and network/network security organizations such as telecommunications service providers and network technology and service providers.
Important Notes
The client may exercise its option(s) to extend the Statement of Work (SOW) beyond October 5 2027 provided that the Master Service Agreement is extended.
This procurement will include the option to extend the end date of the contract if there are unused effort days and no change to the ceiling amount if the need arises.
This contract will require the consultant to work up to 2 days per week in the office and the remaining days working remotely.
Responsibilities
The Senior Technology Architect role requires deep knowledge expertise and experience in cyber security frameworks and controls designed to mitigate the impact of evolving cyber threats.
The role also requires a strong understanding of online privacy and cyber safety particularly as it pertains to minors and the K 12 education sector.
In addition the resource must possess hands-on experience in mapping drafting developing and aligning cyber security models standards and technical and non-technical playbooks particularly within the K-12 education sector preferably in Ontario.
The resource is responsible for but not limited to:
Contributing to the development of a tailored cyber security framework for the K-12 education sector grounded in the NIST Cybersecurity Framework (CSF) v2 and CIS Controls v8 while incorporating relevant elements from other industry standards such as COBIT and ISO.
Developing and documenting standards and guidance resources for priority cyber security privacy protection and online safety controls specific to the K 12 education sector.
Providing hands-on subject matter expertise and implementation guidance and support to facilitate the adoption of cyber security frameworks standards and policies across school boards.
Ensuring alignment with modern governance risk and compliance (GRC) programs Security Operations (SecOps) practices leveraging next-generation solutions and practices such as automation artificial intelligence (AI) and machine learning (ML) to enhance threat detection and response capabilities.
Collaborating with government partners including departments in the Ministry of Education Ministry of Public and Business Service Delivery and Procurement including the Ontario Cyber Security Division to align with broader OPS and BPS cyber security priorities and ensure integration with related initiatives as may be underway at a corporate level.
Engaging with a diverse stakeholder audience through presentations and consultations to gather feedback and foster alignment.
Providing regular status updates and project reports on assigned deliverables.
Aligning with industry and legislative advancements at the federal provincial/local level (e.g. Enhancing Digital Security and Trust Act 2024 (EDSTA)).
Delivering on other duties as assigned.
This work involves working in close partnership with various government departments and the K-12 education sector. The resource may need to travel the same day or overnight in Ontario.