SC2024-003475 Cyber Security Scorecard Dev and Assessment (NS) - FRI 5 Apr

Deadline Date: Friday 5 April 2024

Requirement: Cyber Security Scorecard Development and Assessment

Location: The Hague, NL

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 1170

Required Start Date: 13 May 2024

End Contract Date: 31 December 2024

Required Security Clearance: NATO SECRET

Duties and Role:

• Design and implement a comprehensive cybersecurity scorecard, tailored to assess NATO-Enterprise's cybersecurity posture.
• Develop specific, relevant metrics and measures that accurately reflect the cybersecurity performance.
• Continually update and refine the assessment methodology to ensure it remains effective and relevant to NATO's needs.
• Perform on-site cybersecurity maturity and performance assessments as required.
• Guide and support various non-NCIA managed Enterprise entities in conducting their self-assessments.
• Analyse collected cybersecurity data and generate insightful reports and visualizations.
• Effectively communicate with stakeholders at all levels.

This work will be executed and funded as a Level-of-Effort based contract with a set number of hours, and therefore delivery will be based on instructions provided by the project team.

For information, the primary deliverables for this work are anticipated to be:

• Developing Cybersecurity Scorecard, Measures and Metrics: Creating robust and relevant metrics for tracking cybersecurity performance.
• Refining Assessment Methodology: Continuously updating and refining the methodology for assessing cybersecurity maturity and performance.
• Publishing Annual Cybersecurity Scorecard: Releasing an updated scorecard every year to guide the subsequent assessment cycle.
• Maintaining Self-Assessment Tools: Ensuring that self-assessment tools, questionnaires, metrics and measurements are up to date and relevant.
• Conducting On-Site Assessment: Performing on-site cybersecurity maturity and performance assessments.
• Supporting Self Assessments: Assisting various non-NCIA managed Enterprise entities in conducting their assessments.
• Compiling Results and Report Generation: Creating consolidated reports and establishing visualization tools for assessment results.

The work will mostly be executed on-site, but there will also be a requirement to visit other sites for assessments as directed by the project team. In the initial weeks, a concrete work schema with delivery milestones will be agreed upon with the project manager, after which payment will be approved pro-rata upon completion of the delivery milestones (typically on a monthly basis). Travel expenses and Per Diem for requested travel duties will be covered through separate funding.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• Expertise in Cyber Security: The candidate must have extensive experience in cyber security with a focus on analytical assessment, scorecard development and performance metrics. The candidate must have a deep understanding of the cybersecurity processes such as Cyber Incident Management, Defensive Cyberspace Operations, Enterprise Risk Management and Cyber Threat Intelligence Analysis and Sharing.
• Experience in Metrics and Measures Development: The candidate must have experience in creating meaningful and actionable cybersecurity metrics and measures.
• Methodology Development Skills: The candidate must have proficiency in developing, refining and updating methodologies for assessing cybersecurity maturity and performance.
• Data Analysis and Visualization Proficiency: The candidate must have strong skills in data analysis and the ability to create insightful visualizations for complex data sets. Familiarity with modern data visualization tools is essential.
• Communication Skills: The candidate must have excellent written and verbal communication skills for engaging with various stakeholders and facilitating Enterprise-wide assessments.
• The contracted individual must be able to perform effectively and efficiently with minimal supervision