Description:
The Senior Technology Architect brings extensive expertise in
cyber security and privacy controls to strengthen the cyber resilience of
Ontario K–12 school boards. This role focuses on identifying
vulnerabilities, cyber posture maturity gaps, guiding remediation, and
enhancing protection for school boards’ digital environments. The
architect leads assessments, develops tailored action plans,
and provides hands-on implementation guidance and support to
improve the risk posture of school boards.
This resource is responsible for, but not limited to:
- Leading
and conducting comprehensive cyber security and privacy assessments across
Ontario K–12 school boards, including Threat Risk Assessments (TRA) and
Cyber Security Risk Assessments
- Preparing
detailed assessment reports and present findings, risk insights, and
remediation plans to school board leadership and stakeholders.
- Developing
board-specific actionable remediation plans to address identified gaps,
mitigate risks and improve overall cyber resilience of K-12 school boards
individually and sector-wide
- Providing
hands-on practical subject matter expertise and implementation guidance
and support to enhance school board cyber protection capabilities,
including:
- Strengthening
existing cyber security controls
- Identifying,
selecting, and implementing new cyber security controls
- Enhancing
privacy safeguards with a focus on minors as a priority
- Complying
with any applicable legislation, current and upcoming
- Aligning
with sector-specific standards and best practices
- Right-sizing
recommendations and solutions to the K-12 education sector
- Supporting
school boards in completing cyber security assessments by providing
guidance, clarifications, and tailored assistance.
- Reviewing
and validating submitted assessment responses; track progress, identify
issues, and conduct follow-ups to support remediation.
- Contributing
to the development, validation, and enhancement of sector tools and
frameworks (Cybersecurity and Privacy Assessment Tool (CPAT) and other
self-assessment tools, user guides, and reporting outputs).
- Maintaining
risk logs, remediation plans, and technical documentation to support
transparency and continuous improvement.
- Collaborating
with ministry, school board and sector third-party cyber security
personnel to share knowledge, assist with upskilling IT teams and guide
implementation of recommended controls.
- Advising
on findings, root cause analysis and mitigation strategies following
security or privacy incidents, ensuring lessons learned are translated
into improved practices.
- Supporting
the development and operationalization of cyber security controls,
policies, and playbooks tailored to the K–12 education environment.
- Engaging
with internal and external stakeholders, including school board
leadership, IT teams, and government partners, to ensure alignment with
broader cyber security initiatives and legislative requirements (e.g.,
EDSTA).
- Delivering
presentations, briefings, and consultation sessions to communicate
findings, recommendations, and progress updates.
- Monitoring
and reporting on project deliverables, providing regular status updates
and ensuring timely completion of assigned tasks.
- Staying
up to date with evolving cyber threats, privacy regulations, and
sector-specific risks, and incorporate this knowledge into engagements and
recommendations.
- Managing
and delivering multiple concurrent cyber security engagements across
diverse school board environments, prioritizing, and maintaining
high-quality deliverables under tight timelines.
- Delivering
on other duties as assigned.
This work involves working in close partnership with various
government departments, the K-12 education sector, telecommunications
providers, and network and cyber security technology vendors to develop
tailored approaches and implementation plans. To support various stakeholders,
the resource must be available to perform hands-on configuration,
troubleshooting and training at the client site. Therefore, the resource must
be available to travel same day or overnight in Ontario, as needed.
The unit manager may assign other related board work for other
unit or branch initiatives, as required.
Requirements
Experience and Skill Set Requirements:
Must Haves:
- 10+
years of experience in cyber security programs, frameworks, standards, and
regulatory compliance, preferably within the public or broader public
sector.
- 10+
years of experience conducting cyber security assessments, including:
- 10+
years of experience evaluating technical and administrative controls;
developing findings, risk logs, and reports; and preparing actionable,
risk-based remediation plans.
- Experience
applying maturity models (e.g., NIST-based models, CMMI, or equivalent) to
assess cyber security capabilities
- 10+
years of experience applying industry-standard cyber security frameworks,
including:
- NIST
Cybersecurity Framework (CSF) v1.1 and v2.0
- CIS
Critical Security Controls v8
- ISO/IEC
27001
- 10+
years of experience preparing clear, structured written deliverables,
including:
- Cyber
security and privacy assessment reports
- Remediation
plans and recommendations
Nice to have:
- Demonstrated experience working with NIST CSF v2.0 is
preferred
- 10+ years of experience presenting complex technical
concepts, assessment findings, and risk insights to executive leadership,
management teams, and diverse stakeholders.
- One or more recognized cyber security certifications
- Privacy certifications
- Knowledge of Government of Ontario standards, policies, and
directives (e.g., GO-ITS, EDSTA).
Skill Set Requirements:
Cyber Security
and Privacy:
- 10+ years of experience in cyber
security programs, frameworks, standards, and regulatory compliance,
preferably within the public or broader public sector.
- 10+ years of experience conducting
cyber security assessments, including:
- Threat Risk Assessments (TRAs)
- Cyber Security Risk Assessments
- Cyber security GRC program assessments
- 10+ years of experience evaluating
technical and administrative controls; developing findings, risk logs, and
reports; and preparing actionable, risk-based remediation plans.
- Experience applying maturity models
(e.g., NIST-based models, CMMI, or equivalent) to assess cyber security
capabilities
- Advanced experience in data analytics
and statistical analysis to analyze raw data and compilate meaningful
insights and visuals
- 10+ years of experience applying
industry-standard cyber security frameworks, including:
- NIST Cybersecurity Framework (CSF)
v1.1 and v2.0
- CIS Critical Security Controls v8
- ISO/IEC 27001
- COBIT
- Demonstrated experience working with
NIST CSF v2.0 is preferred
- 10+ years of experience applying
privacy frameworks such as:
- NIST Privacy Framework
- ISO/IEC 27701
- Strong knowledge of privacy and cyber
security considerations related to Internet of Things (IoT) environments.
- Strong knowledge of privacy and cyber
security considerations related to the use of Large Language Models (LLMs)
and Artificial Intelligence (AI tools).
- Strong knowledge of applicable privacy
legislation and regulatory requirements, including:
- Municipal Freedom of Information and
Protection of Privacy Act (MFIPPA)
- Canadian Privacy Act
- General Data Protection Regulation
(GDPR)
- Enhancing Digital Security and Trust
Act, 2024 (EDSTA)
Communication
Skills and Experience:
- 10+ years of experience presenting
complex technical concepts, assessment findings, and risk insights to
executive leadership, management teams, and diverse stakeholders.
- 10+ years of experience preparing
clear, structured written deliverables, including:
- Cyber security and privacy assessment
reports
- Remediation plans and recommendations
- Status reports and briefing materials
- Demonstrated ability to translate
technical findings into clear, actionable insights tailored to
non-technical audiences.
Industry
Certifications / Relevant Degrees:
- One or more recognized cyber security
certifications:
- Certified Information Systems Security
Professional (CISSP)
- Certified Information Security Manager
(CISM)
- Privacy certifications such as:
- Certified Information Privacy
Professional (CIPP)
- Certified Information Privacy Manager
(CIPM)
- Certified Information Privacy
Technologist (CIPT)
- Post-secondary education in information
security, computer science, information systems, or a related discipline
is preferred.
Public Sector
Experience:
- Knowledge of Government of Ontario
standards, policies, and directives (e.g., GO-ITS, EDSTA).
- Minimum 5+ years of experience working
within the K–12 education sector, preferably with Ontario school boards.
- Experience supporting or assessing
school board environments, including network infrastructure, network
security, and cyber security controls.
Skills Required
- 10+ years of experience in cyber security programs, frameworks, standards, and regulatory compliance
- 10+ years conducting cyber security assessments, including Threat Risk Assessments (TRA) and Cyber Security Risk Assessments
- 10+ years evaluating technical and administrative controls; developing findings, risk logs, and actionable remediation plans
- Experience applying maturity models (e.g., NIST-based models, CMMI) to assess cyber security capabilities
- 10+ years applying industry-standard frameworks: NIST CSF v1.1/v2.0, CIS Controls v8, ISO/IEC 27001, and COBIT
- 10+ years applying privacy frameworks such as NIST Privacy Framework and ISO/IEC 27701
- Strong knowledge of privacy and cyber security considerations for IoT environments and Large Language Models (LLMs)/AI tools
- Minimum 5+ years working within the K-12 education sector (preferably with Ontario school boards); experience assessing school board networks and controls
- Experience preparing clear structured written deliverables: assessment reports, remediation plans, status reports and briefings
- One or more recognized cyber security certifications (CISSP, CISM) and/or privacy certifications (CIPP, CIPM, CIPT)
- Post-secondary education in information security, computer science, information systems, or related discipline
What We Do
Maarut Inc. is a Canadian company specializing in IT services, technology staffing, and software development, dedicated to assisting businesses with digital transformation and solving business challenges through technology.
.jpg)








