Crypto Modernisation Risk Assessmnt NATO HQ IMS (NS), Brussels - THU 22nd J

Contenuto del lavoro

Crypto Modernisation Risk Assessmnt NATO HQ IMS (NS), Brussels - THU 22nd JUL

DEADLINE - THU 22nd JULY 2021
Anticipated Start Date: As soon as possible

Candidate must physically work at NATO HQ in Brussels Belgium. Due to nature of work, none may be done through teleworking

Purpose of this Request for Quotation is to award contract for provision of functional consultancy services to Office of Chief Information Officer (OCIO) at NATO Headquarters in Brussels.
Required services, through a single consultant, are to be provided on-site 5 days a week on:
1) Enterprise Risks Management Framework: goal is to ensure consistent risks management approach across different Entities composing Enterprise; as part of its mandate NATO Office of Chief Information Officer (OCIO) needs to establish Enterprise risks management framework. Goal is to ensure consistent risks management approach across different Entities composing Enterprise, improving better understanding about (residual) risks and proper support their acceptance
2) Enterprise Security Accreditation NATO Enterprise CIS Operational Authority (CISOA): allowing NATO CIO to perform its role of Enterprise Risk owner; As part of its mandate NATO Office of Chief Information Officer (OCIO) needs to establish role on NATO Enterprise CIS Operational Authority (CISOA) allowing NATO CIO to perform its role of Enterprise Risk owner. Main goal is to ensure risks identified as part of supporting existing processes (e.g. security accreditation, incident management, etc.) are properly evaluated, operationally validated and formally accepted, keeping and maintaining overall view on global Enterprise security posture.
3) Public Key Infrastructure (PKI) support: in developing PKI support requirements for several cryptographic key management projects and specifications and PKI interoperability; NATO Office of Chief Information Officer (OCIO) needs support in developing PKI support requirements for several cryptographic key management projects and specifications and PKI interoperability.
Please submit proposed candidates profiles and CVs by THURSDAY 22nd JULY. The top three candidates will be invited for an interview assessing capabilities for proposed resources.

Proposed daily rate fixed price should be in Euros - there is no NTE specified for this RFQ

Contract Duration: It is intended to receive consultation services for period of 3 years. NATO OCIO has committed necessary funds for 2021 and for future years subject to budget approval.
Statement of Work
Cryptographic Modernisation and Risk Assessment
1. INTRODUCTION
This statement of work (SoW) describes work to be contracted to support Chief Information Officer (CIO) at NHQ in Brussels in ongoing cryptographic modernization process for whole Alliance and to be executed by an FTE. Individual will be located within CIO Enterprise Security Branch. Individual will be in charge of development, execution and overview of multiple crypto-related projects in support of NATO Operations and Missions, including Procurement of crypto related devices and capabilities and will oversee status and process of cryptographic modernization for Enterprise. He/She will also assess threats and risks for Enterprise Cryptographic initiatives and COMSEC while interacting with multiple, different NATO and National Stakeholders.
2. STATEMENT OF WORK

• Provide assistance in planning and implementing Enterprise-wide operational contingencies as result of delays in delivery of Crypto Modernisation projects
• Providing assistance in dealing with Cryptographic issues, including training, CONOPS, key management in support of CIO’s function as Single Point of Authority
• Provide support to CIO on various Crypto Modernisation related activities, as directed by Branch Head Risk Management
• Monitors evolving cyber threat and assesses their operational impact for Enterprise
• Develops and updates threat based cryptographic assessments for identified risks
• Develops and maintains Enterprise-wide cryptographic risk assessment report
• Develops recommendations for adaptation of cryptographic services and capabilities in support of CIO
• Monitors quantum computing threat to NATO systems: develops respective assessments and produces reports to be presented to various relevant NATO deptartments
• Develops operational impact assessment of current and future cyber risks on NATO systems
• Provides support to crypto modernisation related activities as required
• Monitors operational impact to current and future Alliance Operations and Missions
• Ensures mitigations and corrective actions are planned and implemented
• Implements / Monitors implementation of operational contingencies and mitigation measures
• Prepares relevant reports to be presented to Nations
• Provides support to crypto modernisation related activities as required

Requirements:

• Clearance required: NATO SECRET
• Candidate must have knowledge and multiyear experience in organization, management and support of various (international) operations, activities, units and projects related to defense, security, electronics and communications, in national and NATO environments
• Candidate must have previous experience within NATO dealing with Crypto implementation and standards and procurement process within NATO
• Job requires deep knowledge of NATO-related Cryptographic issues, including training, CONOPS, concepts of key management and Tactical Data Links
• Job requires experience with Risks Management as applied to Cryptographic and Cyber Security Fields
• Experience in NATO commands (Operational and/or Strategic) is a preferred requirement
• Candidate must have experience in leading staff work on large and complex projects or responsible for significant budgets

Job Type: Full-time