RQ07641 - Technology Architect - Senior

Deliverables :

TheSenior Technology Architect role requires extensive knowledge andexperience with cyber security frameworks and controls to reducethe impact of evolving cyber threats in the education sectorpreferably the Ontario K12 school board environment.

Knowledge andexperience with online privacy and cyber safety as it applies tominors and K12 is also highly desirable.

Common framework standards andpolicy(ies) provide a consistent common mapping for all which willin turn provide a common means to demonstrate assurance / complianceand ability to defend against current and future cyber threats toK12.

The Senior Technology Architectresource is responsible for but not limited to :

• Contributingto a tailored cyber security framework that is based primarily onNIST Cybersecurity Framework (CSF) v2 and CIS Controls v8 withconsiderations from other industry frameworks and standards such asCOBIT ISO etc.
• Developingstandards for priority cyber security privacy protection and onlinesafety controls applicable to K12 including documentedguidance.
• Providinghandson subject matter expertise and guidance to support adoptionof framework standards and policy(ies).
• Ensuringalignment with modern security operation (SecOps) practicesleveraging automation artificial intelligence and machinelearning.
• Collaboratingwith other parts of the government (e.g. Ontario Cyber SecurityDivision) to consider linkages with OPS and BPS cyber securitypriorities and standards and alignment with other workstreams ofthe cyber protection strategy such as cyber security and privacyassessments to identify linkages and interconnections andfacilitate alignment.
• Presentingto various stakeholders to seek feedback as needed.
• Deliveringon other duties as assigned.
• Providingprogress and project status reports on all deliverables assigned.
• This workinvolves working in close partnership with various governmentdepartments and the K12 education sector. The resource may need totravel the same day or overnight in Ontario.
• The unitmanager may assign other related board work for other unit orbranch initiatives asrequired.

Requirements

Experienceand Skill SetRequirements :

MustHaves :

• 5years experience mapping and adapting cyber security frameworkssuch as NIST Cybersecurity Framework v2 CIS Controls v8 COBIT andISO 27001 for adoption by an organization comparable in size andcomplexity to a schoolboard.
• 5years experience integrating and implementing cyber securityframeworks and cyber security controls into an organization senterprise risk management practice governance and overallorganization including associated change managementpractices.
• Experiencewith the adoption of capability maturity models such as CapabilityMaturity Model Integration (CMMI) and Cybersecurity Maturity ModelCertification (CMMC) isdesirable.
• Securitycertification is mandatory (CISSP orCISM).

Nicetohaves :

5years handson experience working with large public sectorenvironments preferably with K12 schoolboards

Skill SetRequirements :

CyberSecurity andPrivacy :

• 5years experience mapping and adapting cyber security frameworkssuch as NIST Cybersecurity Framework (CSF) v2 CIS Controls v8 COBITand ISO 27001 for adoption by an organization comparable in sizeand complexity to a school board.
• 5 yearsexperience integrating and implementing cyber security frameworksand cyber security controls into an organization s enterprise riskmanagement practice governance and overall organization includingassociated change management practices.
• 5 yearsexperience performing security analysis developing and implementingcyber security and online privacy policies standards and guidelinespreferably for the public sector or broader public sector.
• Demonstratedexperience applying privacy frameworks such as the NIST PrivacyFramework v1.1 and ISO / IEC 27701 is highly desirable.
• Demonstratedexperience performing cyber / online safety analysis developing andimplementing cyber safety policies standards and guidelines ishighly desirable.
• Experiencewith the adoption of capability maturity models such as CapabilityMaturity Model Integration (CMMI) and Cybersecurity Maturity ModelCertification (CMMC) is desirable.
• Excellentknowledge of applicable legislation such as Municipal Freedom ofInformation and Protection of Privacy Act (MFIPPA).

Knowledge ofthe Education Act is desirable.

Excellentknowledge and exposure to Internet of Things (IoT) or OperationalTechnology (OT) security issues is desirable.

Communication Skills andExperience :

Strongcommunication skills as demonstrated through :

• 10 yearsexperience in effectively presenting to senior management andmanagement teams and externalstakeholders.
• 10years experience in preparing written materials (e.g. security andprivacy reports status reports recommendations briefing notes) forpractitioners and management levels.

Industry Certifications / RelevantDegrees :

• Securitycertification is mandatory (Certified Information Systems SecurityProfessional (CISSP) or Certified Information Security Manager(CISM)).
• Privacycertification (Certified Information Privacy Professional (CIPP))is desirable.
• Othercertifications CISA CASP

Public SectorExperience :

• 5 yearshandson experience working with large public sector environmentspreferably with K12 school boards.
• 5 yearsapplying Ontario s cyber security standards. The security standards(GOITS 25.X) can be found on the Government of Ontario informationtechnology standards website :

Experience and Skill Set Requirements : Must Haves : 5+ yearsexperience mapping and adapting cyber security frameworks such asNIST Cybersecurity Framework v2, CIS Controls v8, COBIT and ISO27001 for adoption by an organization comparable in size andcomplexity to a school board.

5+ years experience integrating andimplementing cyber security frameworks, and cyber security controlsinto an organization s enterprise risk management practice,governance and overall organization including associated changemanagement practices.

Experience with the adoption of capabilitymaturity models such as Capability Maturity Model Integration(CMMI) and Cybersecurity Maturity Model Certification (CMMC) isdesirable.

Security certification is mandatory (CISSP or CISM).Nice-to-haves : 5+ years hands-on experience working with largepublic sector environments, preferably with K-12 school boardsSkill Set Requirements : Cyber Security and Privacy : 5+ yearsexperience mapping and adapting cyber security frameworks such asNIST Cybersecurity Framework (CSF) v2, CIS Controls v8, COBIT andISO 27001 for adoption by an organization comparable in size andcomplexity to a school board.

5+ years experience integrating andimplementing cyber security frameworks, and cyber security controlsinto an organization s enterprise risk management practice,governance and overall organization including associated changemanagement practices.

5+ years experience performing securityanalysis, developing and implementing cyber security and onlineprivacy policies, standards and guidelines, preferably for thepublic sector or broader public sector.

Demonstrated experienceapplying privacy frameworks such as the NIST Privacy Framework v1.1and ISO / IEC 27701 is highly desirable.

Demonstrated experienceperforming cyber / online safety analysis, developing andimplementing cyber safety policies, standards and guidelines ishighly desirable.

Experience with the adoption of capabilitymaturity models such as Capability Maturity Model Integration(CMMI) and Cybersecurity Maturity Model Certification (CMMC) isdesirable.

Excellent knowledge of applicable legislation such asMunicipal Freedom of Information and Protection of Privacy Act(MFIPPA).

Knowledge of the Education Act is desirable. Excellentknowledge and exposure to Internet of Things (IoT) or OperationalTechnology (OT) security issues is desirable.

Communication Skillsand Experience : Strong communication skills as demonstratedthrough : 10+ years experience in effectively presenting to seniormanagement and management teams and external stakeholders.

10+years experience in preparing written materials (e.g., security andprivacy reports, status reports, recommendations, briefing notes)for practitioners and management levels.

Industry Certifications / Relevant Degrees : Security certification is mandatory (CertifiedInformation Systems Security Professional (CISSP) or CertifiedInformation Security Manager (CISM)).

Privacy certification(Certified Information Privacy Professional (CIPP)) is desirable.Other certifications CISA, CASP+ Public Sector Experience : 5+ yearshands-on experience working with large public sector environments,preferably with K-12 school boards.

5+ years applying Ontario scyber security standards. The security standards (GO-ITS 25.X) canbe found on the Government of Ontario information technologystandards website :