About the Program
The Cyber Resilience Strategy and Oversight Services (CRSOS) unit provides strategic vision, leadership, and support for the development and implementation of modernized I&IT solutions across Ontario's K–12 public education sector. We are building a team of Senior Technology Architects to support this multi-year cyber resilience initiative across seven specialized tracks. Candidates will be matched to the track(s) that best align with their background.
Specialization Tracks
Track 1 — Architecture & Strategy
Leading enterprise-wide technical integration strategy and reference architecture design across cloud, network, identity, and security operations domains. Requires strategic advisory experience with senior/executive leadership and hands-on design of Zero Trust, SASE/SSE, and multi-domain security architectures.
Track 2 — Cyber Security & Privacy Assessments
Leading Threat Risk Assessments (TRAs), cyber security risk assessments, and GRC program assessments. Requires deep experience evaluating technical/administrative controls, developing risk-based remediation plans, and applying privacy frameworks and legislation.
Track 3 — Standards & Governance
Mapping and adapting cyber security frameworks into governance structures, and developing cyber security, privacy, and online safety policies/standards tailored to the K–12 environment.
Track 4 — Security Operations (SecOps)
Managing and optimizing SIEM/SOAR/EDR/XDR platforms, leading detection engineering, incident response, and MSSP onboarding/transition in hybrid security operations models.
Track 5 — AI-Enabled Security Operations (AIOps)
Combining cyber/network security architecture with AI-driven security capabilities — LLMs, RAG, AI agents, AI governance, and integration of AI platforms into SecOps tooling.
Track 6 — Operational Resilience & Program Coordination
Coordinating technology modernization workplans, MSS/MSSP onboarding, incident response processes, and vulnerability management (CVEM) programs across multiple school boards.
Track 7 — Network Security & Technology
Leading reference architecture development for network infrastructure and network security, with deep hands-on expertise in SDN/SD-WAN platforms, network protocols, and performance/traffic analysis.
Core Responsibilities
- Lead technical integration strategy, solution design, and reference architecture development for cyber security and/or network technology domains
- Conduct or oversee cyber security and privacy assessments, including TRAs and GRC program evaluations
- Develop, document, and maintain cyber security, privacy, and online safety standards, policies, and playbooks
- Design and implement hybrid security operating models integrating internal teams and Managed Security Service Providers (MSSPs)
- Manage and optimize SecOps platforms (SIEM, SOAR, EDR/XDR, CASB) and lead detection engineering and incident response
- Develop and implement AI-enabled security capabilities, including automation, AI agents, LLMs, and RAG-based tools
- Lead network reference architecture development, including SDN/SD-WAN design, evaluation, and implementation
- Coordinate technology modernization workplans, MSSP onboarding, and vulnerability management programs across multiple school boards
- Prepare and deliver technical and executive-level documentation, roadmaps, and briefing materials
- Present findings, risk insights, and strategic recommendations to senior leadership, school board stakeholders, and government partners
- Provide regular status reporting on deliverables, milestones, and performance metrics
- Maintain awareness of the evolving cyber threat landscape and align with legislative developments (e.g., EDSTA)
- Travel to school board locations across Ontario as required (same-day or overnight)
Qualifications by DomainCyber Security & Network Architecture
- 5–10+ years of experience in cyber security and next-generation network security, including architecture design, integration, and implementation
- Hands-on experience with:
- Cloud-delivered security architectures (SSE/SASE — SWG, CASB, FWaaS, ZTNA)
- Zero Trust Architecture (ZTA)
- Cloud security platforms (Microsoft Azure, AWS, Google Cloud)
- Endpoint security (EPP, EDR, XDR)
- Advanced threat protection (IDS/IPS, DDoS protection, Network Access Control — e.g., HPE Aruba ClearPass, FortiNAC)
- Identity and access management (passwordless, certificate-based, MFA/2FA, biometric — FIDO U2F/FIDO2, SAML)
- Incident response and incident management (IR/IM) platforms
- Vulnerability management and automated patching
- User and Entity Behaviour Analytics (UEBA)
- Penetration testing and automated red teaming (e.g., SCYTHE, Caldera, AttackIQ)
- Operational Technology (OT) security and IT/OT convergence
- IoT security considerations and data-capturing mechanisms
- Strong knowledge of MITRE ATT&CK, D3FEND, and ATLAS frameworks
- Strong knowledge of NIST Cybersecurity Framework (CSF) v1.1/v2.0 and CIS Controls v8
- Familiarity with ISO/IEC 27001 and COBIT
Network Infrastructure & Technology
- 5+ years of experience with LAN/WAN, VPN, VLAN, and core network hardware (switches, routers, firewalls)
- 5+ years of experience with SDN/SD-WAN technologies — vendor experience with Fortinet, Meraki, and/or Palo Alto strongly preferred
- Experience with network monitoring and management tools (e.g., SolarWinds, FortiManager, Panorama)
- Experience with traffic analysis and diagnostic tools (e.g., PRTG, Wireshark)
- Experience with network telemetry and logging formats (Syslog, IPFIX, NetFlow)
- Experience configuring and troubleshooting network protocols (MPLS, VPLS, VLAN Trunking Protocol)
- Experience with data analysis/visualization tools for network dashboards (e.g., Tableau, Microsoft Power BI)
- Experience applying machine learning to network data analysis and prediction
- Experience evaluating emerging network technologies through pilots and proof-of-concepts
Security Operations & Threat Detection
- Experience managing and optimizing SIEM, SOAR, EDR/XDR, CASB, and vulnerability management platforms
- Experience in detection engineering — development, tuning, and lifecycle management of threat detection use cases
- Experience with incident response, including deep-dive investigations and root cause analysis
- Experience supporting MSSP/MDR onboarding, transition planning, and operational readiness
- Familiarity with SOC/NOC tools and performance monitoring
AI & Automation in Security
- Experience with security automation and orchestration workflows
- Hands-on experience with AI-enabled security operations and security analytics
- Experience with Large Language Models (LLMs), Retrieval-Augmented Generation (RAG), and AI agents
- Familiarity with AI security platforms (e.g., Microsoft Security Copilot, OpenAI, Anthropic Claude, Google Gemini, AWS Bedrock, Palo Alto AIRS, Splunk AI Assistant, CrowdStrike Charlotte AI)
- Understanding of AI governance and risk management — prompt injection, model security, data protection, responsible AI practices
Risk, Privacy & Governance
- Experience conducting Threat Risk Assessments (TRAs) and cyber security risk assessments
- Experience evaluating technical/administrative controls and developing risk-based remediation plans
- Experience applying maturity models (NIST-based, CMMI, CMMC, or equivalent)
- Experience applying privacy frameworks: NIST Privacy Framework, ISO/IEC 27701
- Knowledge of applicable privacy legislation: MFIPPA, Canadian Privacy Act, GDPR, EDSTA
- Advanced experience in data analytics/statistical analysis for developing findings and insights
- Experience developing cyber security and online privacy policies, standards, and guidelines
- Experience with online safety analysis, particularly as it relates to minors
Program Coordination & Stakeholder Engagement
- Experience coordinating technology modernization workplans, timelines, and dependencies across multiple organizations
- Experience supporting MSS/MSSP onboarding, transition planning, and go-live coordination
- Experience coordinating cyber incident response communication, escalation, and reporting
- Experience with vulnerability management program coordination (CVEM — scanning, remediation tracking, prioritization)
- Strong organizational and cross-functional facilitation skills
- Experience working in multi-organization or federated environments (e.g., multiple school boards/agencies)
Communication & Advisory
- 5–10+ years of experience presenting to senior/executive leadership and external stakeholders
- 5–10+ years of experience preparing technical and executive-level documentation (reports, roadmaps, briefing materials, status updates)
- Demonstrated ability to translate complex technical concepts for non-technical audiences
- Experience delivering cyber security training and upskilling programs
Education & Certifications
- Bachelor's degree in computer science, cyber security, engineering, or related field
- Postgraduate degree (M.Sc. and/or Ph.D.) in a related field preferred
- One or more of the following preferred: CISSP, CISM, CCSP, CEH, CISA, CRISC
- Privacy certifications an asset: CIPP, CIPM, CIPT
- Other assets: CASP+, Azure Security certification
Public Sector Experience
- Knowledge of Government of Ontario standards (GO-ITS series) and relevant legislation (e.g., EDSTA)
- 5+ years of experience working in the K–12 education sector, preferably with Ontario school boards
- Experience supporting or assessing school board environments (network infrastructure, network security, cyber security controls)
What We're Looking For (Summary)
We're hiring across a range of specializations. Strong applicants will typically have:
- 5–10+ years in cyber security, network security, security operations, GRC, or related architecture roles
- Deep, hands-on expertise in at least one of the domains above (not shallow exposure across all)
- Proven experience advising and presenting to senior leadership
- Public sector, education sector, or large regulated-enterprise experience is a strong asset
- Relevant industry certifications are a strong asset but not always mandatory — equivalent hands-on experience will be considered
Additional Requirements
- Must be eligible to obtain and maintain CRJMC security clearance
- Canadian work authorization required
- Availability for same-day or overnight travel within Ontario, including to school board locations, as required. Travel expense will be reimbursed.
Pay: $110.00-$120.00 per hour
Work Location: Hybrid remote in Toronto, ON (Toronto District)