Description:
The Senior Technology Architect role requires
deep knowledge, expertise, and experience in cyber security frameworks and
controls designed to mitigate the impact of evolving cyber threats. The role
also requires a strong understanding of online privacy and cyber safety,
particularly as it pertains to minors and the K–12 education sector. In
addition, the resource must possess hands-on experience in mapping,
drafting, developing, and aligning cyber security models, standards,
and technical and non-technical playbooks, particularly within the K-12
education sector, preferably in Ontario. Establishing a common and tailored
framework, set of standards, and policies to K-12 will provide a consistent,
unified approach to cyber security and cyber resilience in the sector and
across all school boards, enabling opportunities for collaboration and shared
approaches to demonstrating assurance, compliance, and defending against cyber
threats to the K–12 sector.
This resource is responsible for, but not limited to:
- Contributing
to the development of a tailored cyber security framework for the
K-12 education sector grounded in the NIST Cybersecurity
Framework (CSF) v2 and CIS Controls v8, while incorporating relevant
elements from other industry standards such as COBIT and ISO.
- Developing
and documenting standards and guidance resources for
priority cyber security, privacy protection, and online safety controls
specific to the K–12 education sector.
- Providing
hands-on subject matter expertise and implementation guidance and support
to facilitate the adoption of cyber security frameworks,
standards, and policies across school boards.
- Ensuring
alignment with modern governance, risk and compliance (GRC)
programs, Security Operations (SecOps) practices, leveraging
next-generation solutions and practices such as automation, artificial
intelligence (AI), and machine learning (ML) to enhance threat detection
and response capabilities.
- Collaborating
with government partners, including departments in the Ministry
of Education, Ministry of Public and Business Service Delivery and
Procurement, including the Ontario Cyber Security Division, to align with
broader OPS and BPS cyber security priorities and ensure integration with
related initiatives as may be underway at a corporate level.
- Engaging
with a diverse stakeholder audience through presentations and
consultations to gather feedback and foster alignment.
- Providing
regular status updates and project reports on
assigned deliverables
- Aligning
with industry and legislative advancements at the
federal, provincial/local level (e.g., Enhancing Digital Security
and Trust Act, 2024 (EDSTA)).
- Delivering
on other duties as assigned.
This work involves working in close partnership with various
government departments and the K-12 education sector. The resource may need to
travel the same day or overnight in Ontario.
The unit manager may assign other related board work for other
unit or branch initiatives, as required.
Requirements
Experience and Skill Set Requirements:
Must Haves:
- 10+
years of experience mapping and adapting cyber security frameworks (e.g.,
NIST CSF v2, CIS Controls v8, COBIT, ISO/IEC 27001) for organizations of
similar size and complexity to Ontario school boards.
- 10+
years of experience integrating cyber security frameworks and controls
into enterprise risk management, governance structures, and organizational
practices, including change management.
- 10+
years of experience conducting security assessments and developing cyber
security and online privacy policies, standards, and guidelines—preferably
within the public or broader public sector.
- 10+
years of experience delivering presentations to senior leadership,
management teams, and external stakeholders.
- 10+
years of experience preparing professional documentation, including
security/privacy reports, status updates, recommendations, and briefing
notes for both technical and non-technical audiences.
- Mandatory:
One of the following security certifications:
- Certified
Information Systems Security Professional (CISSP)
- Certified
Information Security Manager (CISM)
Nice to have:
- Demonstrated
experience applying privacy frameworks such as NIST Privacy Framework v1.1
and ISO/IEC 27701 is highly desirable.
- Desirable:
Privacy certification such as Certified Information Privacy Professional
(CIPP).
- 5+
years of hands-on experience working in large public sector environments.
Preferably experience working with the Ontario K-12 education sector.
Skill Set Requirements:
Cyber Security
and Privacy:
- 10+ years of experience mapping and
adapting cyber security frameworks (e.g., NIST CSF v2, CIS Controls v8,
COBIT, ISO/IEC 27001) for organizations of similar size and complexity to
Ontario school boards.
- 10+ years of experience integrating
cyber security frameworks and controls into enterprise risk management,
governance structures, and organizational practices, including change
management.
- 10+ years of experience conducting
security assessments and developing cyber security and online privacy
policies, standards, and guidelines—preferably within the public or
broader public sector.
- Demonstrated experience applying
privacy frameworks such as NIST Privacy Framework v1.1 and ISO/IEC 27701
is highly desirable.
- Demonstrated experience in cyber/online
safety analysis and the development of related policies and standards is
highly desirable.
- Experience with capability maturity
models such as CMMI and CMMC is considered an asset.
- Strong knowledge of applicable
legislation, including the Municipal Freedom of Information and Protection
of Privacy Act (MFIPPA); familiarity with the Education Act is desirable.
- Awareness of IoT and Operational
Technology (OT) security issues is considered an asset.
Communication
Skills and Experience:
- 10+ years of experience delivering
presentations to senior leadership, management teams, and external
stakeholders.
- 10+ years of experience preparing
professional documentation, including security/privacy reports, status
updates, recommendations, and briefing notes for both technical and
non-technical audiences.
Industry
Certifications / Relevant Education:
- Mandatory: One of the following
security certifications:
- Certified Information Systems Security
Professional (CISSP)
- Certified Information Security Manager
(CISM)
- Desirable: Privacy certification such
as Certified Information Privacy Professional (CIPP).
- Other relevant certifications such as
CISA or CASP+ are considered assets.
Public Sector
Experience:
- 5+ years of hands-on experience working
in large public sector environments. Preferably experience working with
the Ontario K-12 education sector.
- 5+ years of experience applying
Ontario’s cybersecurity standards, including the GO-ITS 25.x series
(Ontario IT Standards).
- Knowledge of Government of Ontario
relevant legislation (e.g., EDSTA).
Skills Required
- 10+ years mapping and adapting cybersecurity frameworks (NIST CSF, CIS Controls, COBIT, ISO/IEC 27001)
- 10+ years integrating cybersecurity frameworks into enterprise risk management, governance, and change management
- 10+ years conducting security assessments and developing cybersecurity and online privacy policies, standards, and guidelines
- 10+ years delivering presentations to senior leadership, management, and external stakeholders
- 10+ years preparing professional documentation, security/privacy reports, status updates, recommendations, and briefing notes
- Mandatory security certification: CISSP or CISM
- 5+ years hands-on experience working in large public sector environments
- 5+ years applying Ontario cybersecurity standards, including GO-ITS 25.x
- Knowledge of Government of Ontario legislation relevant to cybersecurity (e.g., EDSTA)
- Experience aligning GRC and Security Operations practices and leveraging automation, AI/ML for detection and response
- Demonstrated experience applying privacy frameworks such as NIST Privacy Framework v1.1 and ISO/IEC 27701
- Privacy certification such as CIPP
- Other relevant certifications (CISA, CASP+)
- Experience working specifically with the Ontario K-12 education sector
- Familiarity with the Education Act
- Awareness of IoT and Operational Technology (OT) security issues
What We Do
Maarut Inc. is a Canadian company specializing in IT services, technology staffing, and software development, dedicated to assisting businesses with digital transformation and solving business challenges through technology.








