Deadline Date: Friday 29 November 2024
Requirement: Provision of CIS Security Services Contractor
Location: Brussels, BELGIUM
Full-Time On-Site: Yes
Time On-Site: 100%
Not to Exceed: 2025 BASE: NTE/ sprint 2,205 EUR (44 sprints, total NTE 97,020 EUR)
Number of sprints is calculated considering a starting date 02 JAN 2025. This will be adjusted based on actual starting date.
2026 and 2027 Options: Up to a maximum of 44 sprints per year (price per sprint will be determined by applying the price adjustment).
Period of Performance: 2025 BASE: As soon as possible not later than 6th January 2025 (tentative) – 31st December 2025 with possibility to the following options:
* 2026 Option: 1st January 2026 until 31st December 2026
* 2027 Option: 1st January 2027 until 31st December 2027
Required Security Clearance: NATO Secret
Introduction:
NCIA – Coherence Branch
Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.
The Coherence (COH) supports the Agency’s Demand Management (DM) organization, and is responsible for liaison with all customers in the CSU’s AoR and supports the Commander CSU in the role as NCIA representative and provides a single entry point for customers. Service Management Branch (SMB) contributes and/or conducts monitoring and measurement of customer satisfaction. SMB supports the management of all agreements concerning Service Provision, Operations and Exercises within the CSU AoR. SMB supports Service Lines in the implementation and improvement of service management processes.
NCIA – Service Design and CIS Security
Service Design and CIS Security (SDCS) team consists of subject matter experts mainly providing security compliance, risk assessment, risk management and security architecture services.
The service under this SOW have to be delivered by a resource with qualifications and experience as CIS Security Services Contractor. The resource will provide services related to main activities as described in Scope of Work section below, under the direction of the Head, Service Design and CIS Security (SDCS) team.
Objectives:
The main objectives of this statement of work can be summarized as follow:
* Organize, coordinate and perform CIS security services;
* Support CIS security accreditation activities and post-activity tasks;
* Document high-level CIS security meetings, capturing key decisions, action items, and insights to support multi-stakeholder collaboration and decision-making;
* Communicate and follow-up security audits and remediation activities,
Scope of Work:
Under the direction / guidance of the CIS Security Manager, the services provided will be supporting the following activities:
CIS security services
* Provide support for NHQ CIS security forums, panels, boards and related high-level task force meetings and working groups.
* Coordinate meetings with stakeholders and provide arrangements for the meetings, including supporting materials,
* Provide support for CIS security accreditation activities for NHQ CIS.
* Prepare and communicate meeting minutes,
* Follow-up on actions resulting from various forums, meetings,
* Maintain collaborative portal for security accreditation processes,
* Support NHQ CIS Governance Framework processes,
* Maintain and coordinate Security audits with NCSC and customer representatives,
* Maintain CIS Security Remediation Tracker for identified vulnerabilities,
* Submit physical and logical access requests and follow the on-boarding process for CSU newcomers,
* Provide local support for NCIA and Enterprise projects,
* Assist his/her superiors and recommends solutions;
* Works on own initiative with limited supervision, and possibly leads others as required,
* Performs other duties as may be required.
Continuous Improvement:
* Identify areas for improvement in documentation and processes.
* Proactively identify potential vulnerabilities and coordinate preventive measures.
* Contribute to the knowledge base for SDCS team.
* Ensure information is accurate and up-to-date.
Collaboration with IT Teams:
* Work closely with other CSU Brussels IT teams and other NHQ/Enterprise stakeholders to ensure cohesive security strategies.
* Collaborate on projects and initiatives.
* Participate in IT forums and discussions.
It is expected that ONE resource is providing the above services.
The contractor will provide the service on-site and there is a possibility to work 1 day per week teleworking from Belgium, providing services during NATO HQ working hours.
The measurement of execution for this service is sprints, with each sprint planned for a duration of 1 week.
The content and scope of each sprint will be agreed in writing, during the sprint-planning meeting, based on the activities mentioned above
Coordination and Reporting:
The contractor shall participate in weekly status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Team Leaders instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.
Schedule:
This task order will be active immediately after signing of the contract by both parties
It is expected the service starts as soon as possible but no later than 06th January 2025 and ending no later than 31st December 2025.
If the 2026 option is exercised, the period of performance is 01st January 2026 to 31st December 2026
If the 2027 option is exercised, the period of performance is 01st January 2027 to 31st December 2027
Constraints:
All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.
Security:
The services provided by the proposed resource require a valid NATO SECRET security clearance.
Practical Arrangements:
The contractor will be required to provide the service primarily on-site at NATO Head Quarter – Brussels – Belgium as part of this engagement. There is a possibility to work 1 day per week teleworking from Belgium.
Services under this SOW must be accomplished by ONE contractor.
The resource providing services under this SOW will be part of the NCIA Service Delivery and CIS Security (SD&CS) team.
No travel is expected. However, if required during the execution of this contract, travel costs are out of scope and will be borne by the NCI Agency separately in accordance to the provisions of the AAS+ Framework Contract.
Security:
* The services provided by the proposed resource require a valid NATO SECRET security clearance.
Qualifications:
The consultancy support for this service requires a CIS Security Services Contractor with the following qualifications:
Essential qualifications:
* Experience working in environments with multiple classified networks;
* A high level of experience in coordinating security-related activities and complex discussion concerning IT requirements, technical solutions and security aspects;
* Experience in planning and coordinating security tests and security accreditation process;
* Experience in writing minutes with focus on CIS technical and security matters;
* Excellent understanding of the CIS Security related terminology;
* Experience with MS-Office Suite, MS-Visio and MS-SharePoint.
Desirable qualifications:
* Previous work experience in international organizations, such as NATO, or specialized Defence Industry,
* Knowledge of NATO CIS Security Policy, Directive and Guidance,
* ITIL Certification,
* Project Management certification.
Competencies:
* Language Skills – Good oral and writing skills in one of the two official NATO languages are essential. A working knowledge of the other is highly desired. Most of the work of the NCIA is conducted in the English language,
* Relating and Networking - Easily establishes good relationships with users and staff; relates well to people at all levels; builds wide and effective networks of contacts; uses humour appropriately to bring warmth to relationships with others,
* Delivering Results and Meeting Customer Expectations - Focuses on customer needs and satisfaction; sets high standards for quality and quantity; monitors and maintains quality and productivity; works in a systematic, methodical and orderly way; consistently achieves project goals,
* Adapting and Responding to Change - Adapts to changing circumstances; tolerates ambiguity; accepts new ideas and change initiatives; adapts interpersonal style to suit different people or situations; shows an interest in new experiences;
* Communication Skills – Good diplomacy and tact.