RQ09514 - Technology Architect - Senior

Assignment: RQ09514 - Technology Architect - Senior
Start Date:
End Date:
Office Location: Toronto Ontario
Organization: Community Services Cluster
Ministry: Ministry of Public and Business Service Delivery and Procurement# Business Days: 160.00
Extension # of Days: 115.00
Hybrid: 3 Days onsite / 2 days remote
Description
IMPORTANT NOTE:
The Statement of Work (SOW) through VOR (Tender-12075) shall expire on April 5 2026. The client will exercise its option(s) to extend the SOW beyond April 5 2026 for up to one (1) year. Such extension(s) will be allowable only if the Master Service Agreement is extended beyond April 5 2026 and be upon the same terms conditions and covenants contained in the SOW.
This procurement will include the option to extend the end date of the contract if there are unused effort days and no change to the ceiling amount if the need arises.
This contract will require the consultant to work up to 3 days per week in the office and the remaining days working remotely.
Travel Requirements - The resource must be available to travel the same day or overnight in Ontario as required. For this role travel to school board locations across the province will be required. Travel expenses will be reimbursed according to the Ontario Travel Meal and Hospitality Expenses Directive.
The Senior Technology Architect brings extensive expertise in cyber security and privacy controls to strengthen the cyber resilience of Ontario K 12 school boards. This role focuses on identifying vulnerabilities cyber posture maturity gaps guiding remediation and enhancing protection for school boards digital environments. The architect leads assessments develops tailored action plans and provides hands-on implementation guidance and support to improve the risk posture of school boards.
This resource is responsible for but not limited to:
Lead and conduct comprehensive cyber security and privacy assessments across Ontario K 12 school boards including:

• Threat Risk Assessments (TRA) and Cyber Security Risk Assessments
• Privacy Impact Assessments (PIA)
• Develop improvement recommendations and tailored board-specific actionable remediation plans to address identified gaps mitigate risks and improve overall cyber resilience of K-12 school boards

Provide hands-on practical subject matter expertise and implementation guidance and support to enhance school board cyber protection capabilities including:

• Strengthening existing cyber security controls
• Identifying selecting and implementing new cyber security controls
• Enhancing privacy safeguards with a focus on minors as a priority
• Complying with any applicable legislation current and upcoming
• Aligning with sector-specific standards and best practices
• Right-sizing recommendations and solutions to the K-12 education sector
• Support the development and operationalization of cyber security controls policies and playbooks tailored to the K 12 education environment.
• Advise on findings root cause analysis and mitigation strategies following security or privacy incidents ensuring lessons learned are translated into improved practices.
• Produce and maintain risk logs remediation plans and technical documentation to support transparency accountability and continuous improvement.
• Collaborate with ministry school board and sector third-party cyber security personnel to share knowledge assist with upskilling IT teams and guide implementation of recommended controls.
• Engage with internal and external stakeholders including school board lead ership IT teams and government partners to ensure alignment with broader cyber security initiatives and legislative requirements (e.g. Bill 194 / Enhancing Digital Security and Trust Act 2024 (EDSTA)).
• Deliver presentations briefings and consultation sessions to communicate findings recommendations and progress updates.
• Monitor and report on project deliverables providing regular status updates and ensuring timely completion of assigned tasks.
• Stay current with evolving cyber threats privacy regulations and sector-specific risks and incorporate this knowledge into engagements and recommendations.
• Manage and deliver multiple concurrent cyber security engagements across diverse school board environments prioritizing and maintaining high-quality deliverables under tight timelines.
• Delivering on other duties as assigned.
• This work involves working in close partnership with various government departments the K-12 education sector telecommunications providers and network and cyber security technology vendors to develop tailored approaches and implementation plans. To support various stakeholders the resource must be available to perform hands-on configuration troubleshooting and training at the client site. Therefore the resource must be available to travel same day or overnight in Ontario as needed.
• The unit manager may assign other related board work for other unit or branch initiatives as required.

Skills
Experience and Skill Set Requirements
TOTAL OF 100%
NOTE:

Cyber Security and Privacy 55%
10 years experience with cyber security processes and regulations and standards preferably for the public sector or broader public sector.
10 years experience with cyber security and privacy audits and assessments including:

• Threat risk assessments
• Cyber security assessments
• Assessments of cyber security governance risk and compliance (GRC) programs
• Privacy impact assessments
• 10 years experience evaluating technical and administrative controls producing cyber security and privacy findings and risk logs/reports and preparing remediation plans preferably for the public sector or broader public sector.
• Experience using maturity models (e.g. CMMI NIST-based proprietary models) to evaluate cyber security capabilities.
• 10 years experience applying cyber security industry frameworks such as NIST Cyber Security Framework (CSF) v1.1/v2.0 CIS Controls v8 COBIT and ISO 27001
• Experience working with the new NIST CSF v2.0
• 10 years of demonstrated experience applying privacy frameworks such as the NIST Privacy Framework ISO/IEC 27701.
• Excellent knowledge and exposure to Internet of Things (IoT) security issues.
• Excellent knowledge of Ontario federal and international privacy laws applicable to the Ontario K-12 sector (such as Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) Canadian Privacy Act General Data Protection Regulation (GDPR) etc.).
• Knowledge of Bill 194 and EDSTA 2024.

Communication Skills and Experience 25%
Strong communication skills as demonstrated through:

• 10 years experience in presenting technical concepts to executives management teams and diverse stakeholder audiences
• 10 years experience in preparing written materials (e.g. security and privacy reports status reports recommendations briefing notes) and translating technical findings into clear actionable reports.

Industry Certifications / Relevant Degrees 15%

• Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)).
• Privacy certification is preferred (Certified Information Privacy Technologist (CIPT) Certified Information Privacy Manager (CIPM) or Certified Information Privacy Professional (CIPP)).

Public Sector Experience 5%

• 5 years of hands-on experience working in large public sector environments. Preferably experience working with the Ontario K-12 education sector.
• Applied experience with Ontarios cyber security standards. The security standards (GO-ITS 25.X) can be found on the Government of Ontario information technology standards website:
• Knowledge of Government of Ontario relevant legislation (e.g. Bill 194 / EDSTA).