Senior Technology Architect

• Performing cyber security and privacy assessments to identify vulnerable areas of the K-12 school boards including:
• Threat risk assessments
• Cyber security and risk assessments
• Privacy impact assessments
• Developing school board-specific, prioritized action and remediation plans to support K-12 school boards in improving their cyber resilience and risk posture.
• Providing hands-on subject matter expertise and implementation guidance to support enhancements of cyber protection for K-12 school board networks, including improvements recommendations in:
• Cyber security
• Privacy protection for minors
• Providing subject matter expertise and advice in improving cyber protection processes, including supporting the development of cyber security standards for K-12 school boards.
• Providing guidance for mitigation strategies following root cause analysis of security or privacy breaches in the K-12 school board networks.
• Providing subject matter expertise, guidance and support to K-12 school boards cyber security personnel by producing risk logs, and proposing remediation actions.
• Presenting to various stakeholders, as needed.
• Delivering on other duties as assigned.
• Providing status and project status reports on all other deliverables assigned.
• This work involves working in close partnership with the K-12 education sector.
• The manager may assign school board-related work for other initiatives, as required.

• 10+ years’ experience with cyber security processes and regulations, and standards, preferably for the public sector or broader public sector
• 10+ years’ experience with cyber security and privacy audits and assessments including:
• Threat risk assessments
• Cyber security assessments
• Privacy impact assessments
• 10+ years’ experience producing cyber security and privacy risk logs and preparing risk remediation plans, preferably for the public sector or broader public sector
• 10+ years’ experience applying cyber security industry frameworks such as NIST CSF v1.1/v2.0, COBIT, CIS Controls v8 and ISO 27001
• 10+ years of demonstrated experience applying privacy frameworks such as the NIST Privacy Framework, ISO/IEC 27701
• Excellent knowledge and exposure to Internet of Things (IoT) security issues
• Excellent knowledge of Ontario, federal and international privacy laws applicable to the Ontario K-12 sector (such as Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Canadian Privacy Act, General Data Protection Regulation (GDPR) etc.)

• Strong communication skills as demonstrated through:
• 10+ years’ experience in effectively presenting to management teams and external stakeholders
• 10+ years’ experience in preparing written materials (e.g., security and privacy reports, status reports, recommendations, briefing notes)

• Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))
• Privacy certification is preferred (Certified Information Privacy Professional (CIPP))

• 5+ years’ hands-on experience working with Ontario’s public sector or Ontario’s broader public sector
• Applied experience with Ontario’s cyber security standards. The security standards (GO-ITS 25.X) can be found on the Government of Ontario information technology standards website:

• 10+ years’ experience with cyber security and privacy audits and assessments including:
• Threat risk assessments
• Cyber security assessments
• 10+ years’ experience producing cyber security and privacy risk logs and preparing risk remediation plans, preferably for the public sector or broader public sector
• 10+ years’ experience applying cyber security industry frameworks such as NIST CSF v1.1/v2.0, COBIT, CIS Controls v8 and ISO 27001

• 10+ years’ experience in preparing written materials (e.g., security and privacy reports, status reports, recommendations, briefing notes)

• Security certification is mandatory (Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM))

LanceSoft