CPS Senior Technology Architect

Note: Hybrid Candidate must be able to work 3 days onsite and 2 days remote.

MUST HAVES:

• Cyber Security and Privacy
  • 10 years experience with cyber security and privacy audits and assessments including:
    • Threat risk assessments
    • Cyber security assessments
  • 10 years experience producing cyber security and privacy risk logs and preparing risk remediation plans preferably for the public sector or broader public sector
  • 10 years experience applying cyber security industry frameworks such as NIST CSF v1.1/v2.0 COBIT CIS Controls v8 and ISO 27001
• Communication Skills and Experience
  • 10 years experience in preparing written materials (e.g. security and privacy reports status reports recommendations briefing notes)
• Industry Certifications / Relevant Degrees
  • Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))

Nicetohave: Cyber Security and Privacy Privacy impact assessments

Description

**IMPORTANT NOTE: *This procurement will include the option to extend the end date of the contract if there are unused effort days and no change to the ceiling amount if the need arises.

The Senior Technology Architect role requires extensive knowledge and experience with both cyber security and privacy controls to reduce the impact of evolving cyber threats in the Ontario K12 school board environment. This resource is responsible for but not limited to:

• Performing cyber security and privacy assessments to identify vulnerable areas of the K12 school boards including:
  • Threat risk assessments
  • Cyber security and risk assessments
  • Privacy impact assessments
• Developing school boardspecific prioritized action and remediation plans to support K12 school boards in improving their cyber resilience and risk posture.
• Providing handson subject matter expertise and implementation guidance to support enhancements of cyber protection for K12 school board networks including improvements recommendations in:
  • Cyber security
  • Privacy protection for minors
• Providing subject matter expertise and advice in improving cyber protection processes including supporting the development of cyber security standards for K12 school boards.
• Providing guidance for mitigation strategies following root cause analysis of security or privacy breaches in the K12 school board networks.
• Providing subject matter expertise guidance and support to K12 school boards cyber security personnel by producing risk logs and proposing remediation actions.
• Presenting to various stakeholders as needed.
• Delivering on other duties as assigned.
• Providing status and project status reports on all other deliverables assigned.
• This work involves working in close partnership with the K12 education sector.
• The manager may assign school boardrelated work for other initiatives as required.

Experience and Skill Set Requirements TOTAL OF 100%

Cyber Security and Privacy 55%

• 10 years experience with cyber security processes and regulations and standards preferably for the public sector or broader public sector
• 10 years experience with cyber security and privacy audits and assessments including:
  • Threat risk assessments
  • Cyber security assessments
  • Privacy impact assessments
• 10 years experience producing cyber security and privacy risk logs and preparing risk remediation plans preferably for the public sector or broader public sector
• 10 years experience applying cyber security industry frameworks such as NIST CSF v1.1/v2.0 COBIT CIS Controls v8 and ISO 27001
• 10 years of demonstrated experience applying privacy frameworks such as the NIST Privacy Framework ISO/IEC 27701
• Excellent knowledge and exposure to Internet of Things (IoT) security issues
• Excellent knowledge of Ontario federal and international privacy laws applicable to the Ontario K12 sector (such as Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) Canadian Privacy Act General Data Protection Regulation (GDPR) etc.)

Communication Skills and Experience 25%

• Strong communication skills as demonstrated through:
• 10 years experience in effectively presenting to management teams and external stakeholders
• 10 years experience in preparing written materials (e.g. security and privacy reports status reports recommendations briefing notes)

Industry Certifications / Relevant Degrees 15%

• Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))
• Privacy certification is preferred (Certified Information Privacy Professional (CIPP))

Public Sector Experience 5%

• 5 years handson experience working with Ontarios public sector or Ontarios broader public sector
• Applied experience with Ontarios cyber security standards. The security standards (GOITS 25.X) can be found on the Government of Ontario information technology standards website: