Deadline Date: Tuesday 22 April 2025
Requirement: Provision of Subject Matter Expertise - Programme Coordination
Location: Mons, BE
Full Time On-Site: Yes
Time On-Site: 100%
Period of Performance: 2025 BASE: As soon as possible and not later than 2nd June 2025 – 31st December 2025 with possibility to exercise sprints from the following options:
2026 Options: 1st January 2026 until 31st December 2026
2027 Options: 1st January 2027 until 31st December 2027
Required Security Clearance: NATO SECRET
FACILITY SECURITY REQUIREMENT: For this specific SOW the Contractor’s company is required to hold a valid Facility Security Clearance (FSC), which allows to handle and store NATO SECRET material.
1. INTRODUCTION
To strengthen the Alliance through connecting its forces, the NCI Agency delivers secure, coherent, cost effective and interoperable communications and information systems in support of consultation, command & control and enabling intelligence, surveillance and reconnaissance capabilities, for NATO, where and when required. It includes IT support to the Alliances’ business processes (to include provision of IT shared services) to the NATO HQ, the Command Structure and NATO Agencies.
NCI Agency CIS Support Unit (CSU) Mons enables end-to-end CIS services as it maintains and supports a range of CIS capabilities during peacetime, crisis and war throughout its allocated Area of Responsibility (AOR) and as otherwise directed as specified in the extant Supreme Headquarters Allied Powers Europe (SHAPE) Service Level Agreement (SLA).
NCI Agency CSU MONS provides Subject Matter Expertise effort to SHAPE, to support The Cyberspace Operations Centre (CyOC) to fulfill new duties and increasing sustenance in regards of incident correlation, incident handling/response, trend analysis and collaboration with NCIA through cyber security system development.
The Cyberspace Operations Centre (CyOC) is NATO's only Theater Component for cyberspace, providing persistent, centralised and comprehensive cyberspace situational awareness, Command and Control (C2) and execution. The CyOC is within the SHAPE establishment but with different roles and responsibilities.
The Cyberspace Situational Awareness Support Section analyses technical cyberspace vulnerability assessments and instigates consequence mitigating activities.
In the light of these activities, the NCI Agency is looking for a talented Programme Coordinator to join to Cyberspace Situational Awareness Support Section.
2. OBJECTIVES
This statement of work (SoW) describes the work to be contracted to support CyOC Situational Awareness Support Section to fulfil new project duties and increase sustenance within the Cyberspace Community of Interest (CyCOI), including external stakeholders such as NCI Agency and OCIO in regards of risk capturing, incident correlation, assessments, and meetings coordination.
3. SCOPE OF WORK
Scope of this project is to provide support to CyOC Situational Awareness Support Section The Contractors will be part of a team under the supervision of the NCIA Service Delivery Manager/ Project Manager and will provide services using an agile and iterative approach using multiple sprints. Each sprint is planned for a duration of 4weeks.
The work shall be carried out in sprints whereby each sprint is independent. The content and scope of each sprint will be agreed with the Service Delivery Manager/ Project Manager and technical staff during the sprint-planning meeting, in writing.
The work shall be conducted in close collaboration between the Contractor and NCI Agency Service Delivery Manager/ Project Manager as described in table below.
The expert contractor shall carry out the specific tasks, as described in the table(s) below, in each sprint to produce the below listed activities:
Risk Collection, Assessment, and Reporting
Collect risk inputs and maintain up-to-date risk assessments.
Validate and manage reports related to Cyberspace Situational Awareness (SAR).
Provide timely and accurate risk reports to stakeholders.
Constraints:
Limited access to timely risk data from stakeholders or external parties.
Dependence on stakeholder availability for validation and report inputs.
Acceptance Criteria:
CyOC SA leadership acknowledges that reports are used for informed decision-making.
Reports are comprehensive, validated, and submitted on time.
Incident Correlation and Analysis
Collaborate on the technical analysis and correlation of cybersecurity incident reports.
Identify patterns and trends to support incident response decision-making.
Constraints:
Real-time constraints during incident data correlation.
Dependence on timely reporting from external/internal stakeholders.
Acceptance Criteria:
Analysis is accurate, identifies critical patterns, and is approved by CyOC SA leadership.
Cyberspace Situational Awareness (SA) Assessment
Contribute to assessments of project reports on threats, mission, and network awareness.
Recommend improvements to enhance cyberspace situational awareness and network security.
Constraints:
Limited data availability for thorough assessments.
Acceptance Criteria:
Reports are reviewed and approved by CyOC SA leadership.
Incident Response Support
Provide support to the incident response team, facilitating decision-making, analysis, and context based on cybersecurity incidents.
Constraints:
Time-sensitive incidents limit the window for detailed analysis.
Incomplete or delayed data may affect the quality of analysis.
Acceptance Criteria:
CyOC SA leadership confirms that support enhances incident resolution and future threat prevention.
Stakeholder Engagement and Meeting Facilitation
Organize and facilitate CyOC SA stakeholder engagements, prepare meeting agendas, document outcomes, and ensure timely follow-ups on action items.
Constraints:
Limited availability of key personnel for meetings and follow-ups.
Acceptance Criteria:
Meetings are organized with clear agendas and documented outcomes.
Action items are tracked and completed within agreed timelines.
Cyberspace Situational Awareness Product Support
Support the development of SA products for planning and execution of operations.
Constraints:
Complexities in integrating diverse data sources into SA products.
Acceptance Criteria:
SA products are delivered according to operational requirements and on schedule.
Products provide accurate and relevant insights, improving mission planning and situational awareness.
Leadership and users confirm the utility and effectiveness of the products.
Sprint Planning:
Objective: Plan the objectives for the upcoming sprint
Kick-off meeting: Conduct a monthly meeting with the contractor to plan the objectives of upcoming sprints and review contractor`s manpower to meet the agreed deliverables.
Set sprint goals: Define clear, achievable goals for the sprint and associated acceptance criteria, including specific delivery targets, Quality standards as well as Key Performance Indicators (KPIs) for each task to be recorded in the sprint meeting minutes.
Agree on the required level of effort for the various sprint tasks.
Backlog Review: Review and prioritize the backlog of tasks, issues, and improvements from previous sprints.
Assess each payment milestone cycle duration of one calendar month. State of completion and validation of each sprint status and sign off sprints to be submitted for payment as covered in Section 4.
Sprint Execution:
Objective: Contractor to execute the agreed “sprint plans” with continuous monitoring and adjustments.
Regular meetings between NCIA and the contractor to review sprint progress, address issues, and make necessary adjustments to the processes or production methodology. The Meetings will be physically in the office, or in person via electronic means using Conference Call capabilities, according to the NCI Agency staff instructions.
Continuous improvement: Contractor to establish a continuous feedback loop to gather input from all stakeholders for ongoing improvements and their subsequent implementation depending on NCIA approval.
Progress Tracking: Contractor to use a shared dashboard or tool to track the status of the sprint deliveries and any issues.
Quality Assurance/Quality Check: Contractor shall ensure that the quality standards agreed for the sprint deliverables are maintained throughout the sprint.
Quality Control: NCIA to perform the Final Quality Control of the agreed deliverables and provide feedback on any issues.
Sprint Review:
Objective: Review the sprint performance and identify areas for improvement.
At the end of each sprint, there will be a meeting between the NCI Agency and the Contractor to review the outcomes against the acceptance criteria comprising sprint goals, agreed quality criteria and Key Performance Indicators (KPIs).
Define specific actions to address issues and enhance the next sprint.
Sprint Payment:
For each sprint to be considered as complete and payable, the contractor must report the outcome of their work during the sprint, first verbally during the retrospective sprint review meeting and then in writing within three days after the sprint’s end date. A report must be sent by email to the NCI Agency manager, highlighting all work performed against the agreed tasking list set for the sprint.
The payment shall be dependent upon successful acceptance as set in the above planning/review meetings. This will follow the payment milestones that shall include a completed Delivery Acceptance Sheet (DAS).
Invoices shall be accompanied with a Delivery Acceptance Sheet (DAS) signed by the Contractor and project authority.
If the contractor fails to meet the agreed Acceptance criteria for any task, the NCI Agency reserves the right to withhold payment for that task/sprint.
Roles and responsibilities:
The work shall be conducted in close collaboration between the Contractor, NCI Agency and SHAPE, as described below:
NCIA Agency CSU MONS: Service Delivery Manager/ Project Manager
SHAPE CYOC SA: Technical Manager/ COTR
Contractor: To provide deliverables identified above.
4. DELIVERABLES AND PAYMENT MILESTONES
The following deliverables are expected from this statement of work:
Complete the activities/tasks agreed in each spring meeting as per sections 2 and 3 above.
Produce sprint completion reports (format: e-mail update), which include details of activities performed. Specifically, tasks requested for internal activities (traceable), up to date centralised digital repository with categorised folders for each project overview, quarterly APSS financial reports, monthly all project overview and status reports, real-time project tracking and visualisation via dashboard, calendar overview on upcoming events and team updates with dates, agendas and materials, overview on workshop materials and SOPs update.
Payment Schedule will be at the end of each sprint of four working weeks, following the acceptance of the sprint report.
The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the sprint report and the Delivery Acceptance Sheet (DAS) – (Annex B).
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the NCIA POC.
The Contractor will participate in the daily reporting and planning activities (daily stand-ups) as well as the required participation in workshops, events and conferences related to the supported services, as requested by the COTR.
2025 BASE: 2nd June 2025 – 31 December 2025
Deliverable 01: Sprints (1-12) (Number of sprints will be adjusted based on actual starting date.)
Quantity: 7
Payment Milestones: Upon completion of each sprint and at the end of the work.
2026 OPTION: 01 January 2026 to 31 December 2026
Deliverable: Up to 12 Sprints
Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.
Payment Milestones: Upon completion of each sprint and at the end of the work.
2027 OPTION: 01 January 2027 to 31 December 2027
Deliverable: Up to 12 Sprints
Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.
Payment Milestones: Upon completion of each sprint and at the end of the work.
5. COORDINATION & REPORTING
The Contractor shall deliver services on-site in SHAPE, 100% onsite (Mons, Belgium)
The Contractor will be provided with a workspace at SHAPE, 100% onsite (Mons, Belgium)
The Contractor shall report to the assigned NCIA and SHAPE POCs.
The contractor will work full-time at SHAPE CYOC Cyberspace Situational Awareness Support Section but day-to-day tasking and supervision of personnel work assignments, subtask activity definitions, travel/TDY requirements and work quality assurance, performance evaluation and sign-off any given task will be the responsibility of the Managing Authority, NCI Agency, in coordination with SHAPE.
The Contractor shall participate in monthly status update meetings and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to service delivery manager’s instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in writing, within three (3) working days after the sprint’s end date. A report in the format of a short email shall be sent to NCI Agency POC briefly mentioning the work held and the achievements during the sprint.
6. SCHEDULE
It is expected the service starts as soon as possible but no later than 2nd June 2025 and ending no later than 31 December 2025.
If the 2026 option is exercised, the period of performance is 01 January 2026 to 31 December 2026
If the 2027 option is exercised, the period of performance is 01 January 2027 to 31 December 2027
The work will be conducted during normal office hours following the SHAPE calendar, as well as outside office hours and on weekends, if necessary.
7. CONSTRAINTS
All the documentation provided under this statement of work will be based on NCI Agency templates or agreed with project point of contact.
All support, maintenance, documentation and required code will be stored under configuration management and/or in the provided NCI Agency tools.
All developed solutions, tools and code under this project will be property of the NCI Agency.
8. SECURITY
Performance of the services described in this SOW require a valid NATO SECRET security clearance prior to the start of the engagement.
9. PRACTICAL ARRANGEMENTS
The contractor will be required to provide the service 100% on-site at SHAPE, located in Mons in Belgium.
Exceptional off-site activities to support service delivery can also be arranged with the line manager’s coordination and approval.
The work depicted in this SOW is expected to be carried by a SIGNLE RESOURCE .
The work will be conducted during normal office hours following the SHAPE calendar, as well as outside office hours and on weekends, if necessary.
SHAPE Recognized Business hours/Holidays: SHAPE official holiday schedule applies and will be provided to the contractor. SHAPE Operations: Monday to Thursday 0830 – 1730 and Friday 0830 – 1530 (CET)
Contractor Furnished Services: Contractor shall furnish everything required to perform the contract except for the items specified and covered under NCIA Furnished Property and Services below.
NCIA Furnished Property and Services: Access to relevant networks and environments will be provided by NCIA
The work depicted in this SOW is expected to be carried by a SINGLE RESOURCE.
Work is to be performed on the NCI Agency network(s) and appropriate hardware and connectivity will be provided by the NCI Agency, for the duration of this contract, and is to be returned upon completion of the contract.
Work at NS level: Should it be required for the Contractor to develop various documents at NATO Secret (NS) level, then this is to be performed either at the NATO premises or Contractor’s facilities that must possess a Facility Security Clearance (FSC) at the appropriate level with approved storage capability.
In case the contractor is working at NS level at NATO’s premises but there is a need to continue this work at the contractor’s facilities, then NATO Security regulations for the transportation/handling of NATO classified information/assets will apply.
For this specific SOW the Contractor’s company is required to hold a valid Facility Security Clearance (FSC), which allows to handle and store NATO SECRET material.
10. SECURITY
Delivering services under this SoW requires a valid NATO SECRET security clearance.
Any resource proposed for this SOW requires valid NATO SECRET security clearance prior to the start of the engagement.
All the deliverables of this project will be considered NATO UNCLASSIFIED, while access to networks exceeding this classification level is required.
11. TRAVEL
There may be requirements to travel to other sites within NATO for completing these tasks.
Travel costs are out of scope and will be borne by the NCI Agency separately in accordance to the provisions of the AAS+ Framework Contract.
Travel requires the prior coordination with and approval of the NCIA Service Delivery Manager/Project Manager.
12. REQUIRED QUALIFICATIONS
[See Requirements]
Requirements
8. SECURITY
* Performance of the services described in this SOW require a valid NATO SECRET security clearance prior to the start of the engagement.
9. PRACTICAL ARRANGEMENTS
* For this specific SOW the Contractor’s company is required to hold a valid Facility Security Clearance (FSC), which allows to handle and store NATO SECRET material.
12. REQUIRED QUALIFICATIONS
Contractor – MANDATORY Requirements:
* Advanced knowledge and multi-year experience in the areas of risk and organizational management and support of various (international) operations, activities, units and projects related to defense, cybersecurity, networks, digital evidence, communications or information systems.
* Minimum 3 years of experience within NATO dealing with management and/or communication and Information Systems and/or Cyber.
* Minimum 3 years in stakeholder management, meeting coordination, interpreting and communicating findings in reports, and leadership support.
* Bachelor degree followed by minimum 5 years experience.
Contractor – DESIRED Requirements:
* Prior experience of working in an international environment comprising both military and civilian elements.
* Knowledge of NATO responsibilities and organization, including ACO and ACT.
* A proficiency level in English (similar STANAG 6001 level 3333).