Department: Nisichawayasihk Cree Nation
Position: IT Management Services
Deadline: December 28, 2023
Start Date: ASAP
Salary Range: To be determined
Ref #: NCN-2023-12-13-001

Position summary:

NISICHAWAYSIHK CREE NATION is requesting for management services of the local IT Infrastructure of the NCN government offices.


Server OS support All servers are currently Windows Server 2012 R2 Active Directory. Plans must be made to upgrade to Windows Server 2019 or greater
Workstation Support Mix of desktop and laptop PCs mostly from Dell and Lenovo to be supported. PCs have no extended warranty, No ITAM, and lifecycle management, having this process would be valuable. Most of them need to be fresh installed and enrolled in Intune/Windows Autopilot. Only a handful of PCs are already in Intune.
Workstation Deployment PCs are deployed and managed using Active Directory. Some PCs are deployed and managed using Windows Autopilot via Microsoft Intune and Entra ID, which intended to replace on-prem.
Entra ID and Intune Entra ID and Intune are to be used to manage dynamic groups, configuration profiles, conditional access, Windows Autopilot, etc.
Microsoft 365 Tenant is currently active and licenses are into NCE 1-year term with MIT Consulting until March 31, 2024, Entra ID Connect has been configured on the legacy Azure AD Connect platform to a non-DC server on-premises.
Azure Virtual Desktop (VDI) Need to migrate Sage 300 ERP server with AIS database software to Azure Virtual desktop. Sage 300 ERP and AIS support is provided by third-party vendors
On-site support Minimum of two technicians on-site to support multiple locations in Nelson House during business hours, 8 hours x 5 days per week except statutory holidays. There are currently a couple of technicians on-site from other entities who are only available on a limited after-hours basis.
Network support Ubiquiti routers, switches, and access points to be managed across multiple sites.
Server support Various Lenova servers to be managed with one non-functional Lenova storage server. One temporary server is being borrowed from a third party as a Hyper-V host for critical Active Directory server infrastructure as a temporary replacement for the storage server, but a permanent solution will be necessary. The temporary server must be returned at some point or purchased outright.
SharePoint Online Data from the file server has been uploaded to SPO under the global admin account. Initial upload only, most users on-premises are still utilizing the file server for shared and profile folders. Users with Autopilot-deployed PCs are using OneDrive for their user files. A solution for either moving exclusively to M365 or replacing on-premises will be necessary.
Training and Education Users need training and education on using Microsoft 365, Sage and AIS users will need AVD.
Data Backup/BCDR Datto SIRIS appliance is actively backing up local and syncing off-site to Canada data centers. However, the appliance is not sufficient and is constantly running out of space. WAN uplink bandwidth is also too slow to fully sync enough backups for archive clearing.
Internet Service Provider Liaison with BCN and manage Starlink account for NCN.
Top Level Domains Manage TLDs and DNS through GoDaddy and Cloudflare accounts. Manage DKIM and DMARC.
Workstation printers Assist with managing MFPs from XEROX.
EDR and anti-malware Utilize EDR solution compliant with NIST or other channel recognized CIS standards.
Email protection Utilize solution that provides spam filtering, advanced protection (e.g,. AP/DMARC) data loss prevention, and encryption.
Data governance Ensure all data is stored in M365 tenant with limited access to external sharing except with trusted contacts, Multiple agencies funding by NCN but not associated with NCN might need their own M365 tenant for ease of management and data governance.
Cloud printing Not yet implemented. All printing queues are currently hosted on dedicated print server.
Cybersecurity Cybersecurity stack must adhere to NIST or some other channel recognized CIS standard.
Remote support/vCIO Remote workers are accepted, but on-site support as direct liaison to facilitate continuous communication is highly recommended.
Cyber liability insurance No active policy in place.
MFA MFA is currently only deployed for a handful of users but is otherwise unmanaged.
IAM CA policies are created in Intune, but currently inactive due to lack of user adoption and education.
Password Management No solution in place.
SOC/SIEM/MDR Neither solution is in place.
Security awareness training No solution is in place
Patch management RMM is currently in place but will need to be replaced.
SSO Entra ID is SSO_ready, but not configured
LAPS LAPS is configured in Intune, but no solution is in place for AD-joined PCs.
VPN Site-to site VPN is configured through Ubiquiti. Client VPN is configured for certain users as needed through Ubiquiti. Due to firmware version available , only L2TP/IPsec is available and only one connection per origin IP can be established at a time.
Remote Access RMM is currently in place but will need to be replaced.
MDM Enabled through Entra ID and Intune.
Pen testing Solution to be determined.
Log management Solution to be determined.
Vulnerability management Solution to be determined.
Compliance Solution to be determined.
Wireless intrusion prevention Solution to be determined.
Privileged account Management Solution to be determined.
Secure file sharing Solution to be determined.
Physical access control Solution to be  determined.
Change Management Solution to be determined.

If you are interested, please forward your resume, cover letter and three (3) references to:
Leonard Linklater,  co-CEO
Phone: 204-484-2332
Email: [email protected]


Nora Thomas, Human Resource Administrator
Phone: (204) 484-2604 ext. #205
Email: [email protected]