Scope of work

The objective of this initiative is to develop a comprehensive technical architecture framework and strategies to modernize and update the Google platform for the client. This includes identifying and updating all relevant policies and requirements to ensure compliance with Treasury Board of Canada Secretariat (TBS) cloud guardrails, as well as providing security monitoring and oversight for cloud spend from SSC. The responsibilities encompass designing and implementing a modernized Google platform architecture, collaborating with stakeholders to align the modernization efforts with organizational goals, and maintaining documentation for the technical architecture framework and strategies. Additionally, the role involves monitoring the platform for compliance with security and cloud spend oversight requirements, producing regular reports on progress and compliance status, and participating in continual process improvement to enhance the Google platform and ensure it meets evolving requirements.

Tasks

Modernize and update the Google Landing Zones

• Obtain iATO for new Google Landing Zone
• Submit evidence for SA&A
• Obtain interim authority to operate from DimSecur
• Update the ConOps, in support of the iATO

Transfer Google’s Firewalls to Next Generation Firewalls

• Plan, manage and transfer firewalls used for the Google tenant to Palo Alto based NGFW.
• Document al changes and create support SOPs.

Virtualized Airgap Offering

• Build, plan, and manage a virtualized airgap offering to support testing and development of private cloud capabilities.

Enable Privileged Access Management for GCP

• Enable Just in time elevated privilege account management.

Recommend and Implement Complex Security Requirements

• Assess current security measures and identify areas for improvement.
• Develop and implement advanced security protocols and policies.
• Ensure compliance with TBS cloud guardrails and other regulatory requirements.

Recommend New Products or Processes

• Evaluate new products and technologies that could enhance the Google platform.
• Provide recommendations based on thorough research and analysis.
• Pilot new solutions and assess their impact on user groups.

Plan and Participate in System Upgrades

• Develop a comprehensive plan for department-wide system upgrades.
• Coordinate with relevant teams to ensure smooth implementation.
• Monitor progress and address any issues that arise during the upgrade process.

Ensure Compliance with Policies and Requirements

• Review and update policies and requirements to ensure compliance with TBS cloud guardrails.
• Implement security monitoring and oversight for cloud spend from SSC.
• Conduct regular audits to ensure ongoing compliance.

Mandatory:

M1

The Bidder must clearly demonstrate that the proposed resource must has 7 years of experience within the last 10 years working as a certified* Technical Architect or Special Advisor in the federal government in internationally dispersed secured environments comprised of over 100,000 users and at least 3000 servers, performing all of the following tasks: • Concurrently, program managing multiple IT Microsoft infrastructure or cloud related projects valued at least $15M including activities such as preparing, managing and reporting on project scope, deliverables and budget and articulating project status, including financial schedule, risks, options to internal manager and clients. • Providing technical architecture expertise on all of the following security elements: endpoint security, group policy, and identity management, Virtual Private Network (VPN) design and network architecture. * Certified refers to proposed candidates possessing, at a minimum 1 or more of the following certifications: a valid Project Management Professional (PMP) certification, a valid Certified Information Systems Security Professional (CISSP) certification; and Google Associate Cloud Engineer certification.

M2

The Bidder must clearly demonstrate that the proposed resource has 5 years of experience within the last 7 years working on a Cloud project for a large public sector organization of at least 100,000 users performing all of the following tasks: · Developing broad strategic business and technical roadmaps for cloud adoption in a large enterprise environment. · Designing and implementing base cloud architectures for AWS, Azure and GCP. · Developing technical architecture for Software as a Service (SaaS) M365 (including SharePoint, OneDrive for Business, Teams and Exchange Online) and public cloud services including AWS, Azure and GCP. · Engineering connectivity patterns between on-premises infrastructure and hyperscale providers including Azure, AWS and GCP. Designing and assessing identity management approaches to support internal and external users with cloud-based (Azure, AWS, GCP) or private on-premises services (Active Directory).