2024-0192 ACPV Programme Management Support (NS) - FRI 25 Oct
Brussels, Brussels, Belgium
Deadline Date: Friday 25 October 2024
Requirement: ACPV Programme Management Support
Location: Brussels, BE
Full Time On-Site: No
Time On-Site: 80% on-site, 20% remote
Period of Performance: 2024 BASE: As soon as possible but not later than 18 November 2024 until 20 December 2024 with the possibility to exercise the following option:
2025 OPTION: 01 January 2025 until 31 December 2025.
Start date is as soon as possible but not later than 18 November 2024.
Required Security Clearance: NATO SECRET
1. PURPOSE
The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the Asset, Configuration, Patching and Vulnerability (ACPV) Programme Management Support to be conducted by the selected company.
This work package will provide programme management support to the ACPV Programme Manager function to develop identified deliverables. It will also provide advice on best practice and methodology to support effective enterprise programme management.
The products from this work will be used within NATO structure to execute ACPV Management function.
2. BACKGROUND
ACPV supports the NATO strategic objective to enhance cyber defence and resilience. It directly contributes to NATO’s cybersecurity posture, proactively challenging adversarial freedom of manoeuvre in cyberspace, countering malicious cyber activities on the Alliance and contributing to Enterprise cyberspace situational awareness in a dynamic environment.
NATO needs to continuously improve its Enterprise vulnerability management process as part of its aim to operate at the high security levels, which ensure its effectiveness and reliability. The ACPV Core System is expected to provide the NATO Cybersecurity ecosystem with adequate ACP management for vulnerability assessment information within the NATO Enterprise, ensuring that NATO CIS are understood, monitored, patched and actioned properly, in order to improve their protection against the full spectrum of current and future cyber threats.
In support of this, the NCI Agency is tasked under a Programme of Work (POW) to support the ACPV programme management function.
To support this work, the NCI Agency is looking for subject matter expertise in the delivery of complex, foundational and novel capability.
This contract is to provide consistent support, on a completion-type (deliverable-based) contract, to the NATO HQ Office of Chief Information Office (OCIO), thereby contributing to its POW based on the deliverables that are described in the scope of work below.
3. SCOPE OF WORK
The aim of this contract is to support the OCIO with programme management expertise specifically related to ACPV.
The requestor expects additional work in 2025, thus has planned an option that could be executed in addition to the base work for 2024 with effective planning, research, writing, holding external and internal discussions, modifying documents (including after each meeting), reporting progress, including meetings. This service shall include working closely with related business areas and stakeholders.
Therefore, this contract includes an optional scope extension with deliverables to be executed in 2025, pending NCIA exercises this option.
Under the direction / guidance of the OCIO Point of Contact, the Contractor will be the part of the OCIO Team supporting the following activities:
1) ACPV Strategic Communications Plan:
a) Contribute to the production of the sections of the plan,
b) Provide expertise to mature the plan,
c) Identify ACPV management strategic goals,
d) Implement and manage the ACPV Community of Interest (COI) portal (utilising an existing NATO COI System; the contractor is not required to generate the hosting portal.)
e) Keep maintenance of up-to-date stakeholder lists including contact details.
2) Lessons Identified Register:
a) Collect feedbacks from various internal NATO Entities and external Industry Partners,
b) Provide a concise and quality-driven list of Lessons Identified from the ACPV management process,
c) Maintain identified lessons in a Lessons Register.
3) Risk Log:
a) Contribute to the identification, the estimation of the probability and the impact of the ACPV program risks,
b) Contribute to the development of a Risk Response Plan,
c) Maintain the Risk Log linking mitigation actions to the D2 Activity / Plan of action.
4) Roll-out and Implementation Roadmap:
a) Contribute to the development of the roll-out and implementation Roadmap of ACPV Programme,
b) Provide own expertise for the development of the Roadmap,
c) Link the actions to the D2 Plan of actions.
5) Bi-weekly Progress Report:
a) Provide bi-weekly progress report to the OCIO internal stakeholders,
b) Maintain the activity tracker,
c) Summarize change programme schedule, key risks and work in progress/plan of action.
6) ACPV COI Conference:
a) Contribute to the administrative arrangements and the execution of Quarterly Face-2-Face ACPV COI Conference,
b) Prepare calling notice,
c) Develop and coordinate the conference agenda,
d) Coordinate the representatives from stakeholders,
e) Arrange the access of the participants to the NHQ.
The measurement of execution for this work is sprints, with each sprint planned for a duration of 1 week.
4 DELIVERABLES AND PAYMENT MILESTONES
The following BASE deliverables are expected from the work on this SoW in 2024:
Deliverable: 5 sprints
Payment Milestones: Upon completion of all sprints (at the end of the work).
The NCIA reserves the possibility to exercise a number of options in the year 2024, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority.
2025 OPTION: 01 January 2025 to 31 December 2025
Deliverable: Up to 37 sprints
Payment Milestones: Upon completion of each fourth sprint and at the end of the work.
The NCIA reserves the possibility to exercise a number of options in the year 2025, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority.
5. COORDINATION AND REPORTING
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities, according to the manager’s / team leader’s instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCI Agency Project Manager mentioning briefly the work held and the development achievements during the sprint.
At the end of the project, the Contractor shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level.
6. SCHEDULE
This task order will be active immediately after signing of the contract by both parties.
The BASE period of performance is as soon as possible but not later than 18 November 2024 and will end no later than 20 December 2024.
If the 2025 OPTION is exercised, the period of performance is 01 January 2025 to 31 December 2025.
7. CONSTRAINTS
All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.
All documentation etc. will be stored under configuration management and/or in the provided NCI Agency tools.
8. SECURITY AND NON-DISCLOSURE AGREEMENT
The candidate has to be in possession of a valid NATO SECRET security clearance at contract start in order to facilitate follow-on engagements and coordination at NATO venues.
The signature of a Non-Disclosure Agreement between the contractor contributing to this task and NCIA will be required prior to execution.
9. PRACTICAL ARRANGEMENTS
The contractor will be required to work approximately 20% remote, 80% onsite in Brussels, BEL as part of this engagement. The ACPV Programme Management Function Team is located in BRUSSELS / BEL, with working hours to be adjusted accordingly.
The contractor will be required to work within a NATO country, following the rules and regulations applicable for the operations of NATO CIS.
The contractor may be required to travel to other NATO locations as part of his role. Travel expenses for missions to other NATO/NCIA locations rather than NATO HQ in Brussels will be reimbursed to the individual directly (outside this contract) under NATO rules.
Regular travel costs to and from main location of the work (NATO HQ) are out of scope and will be borne by the contractor.
This work must be accomplished by one contractor.
The Purchaser will provide the Contractor with the following Purchaser-Furnished Equipment (PFE):
Access to NATO sites, as required, for the purpose of executing this SOW.
Workspace (needed business IT for both on- and off-site work, hot-desk at NATO HQ facility).
10. REQUIRED PROFILE
[See Requirements]
11. DESIRABLE PROFILE
[See Requirements]
Requirements
8. SECURITY AND NON-DISCLOSURE AGREEMENT
- The candidate has to be in possession of a valid NATO SECRET security clearance at contract start in order to facilitate follow-on engagements and coordination at NATO venues.
10. REQUIRED PROFILE
The contractor hired for this position will be part of the ACPV Programme Management Functions Team. She/He is going to perform the identified tasks must have demonstrated skills, knowledge and experience as follows:
- Experience (proven record) in collaborating with industry and international organizations on IT-Service based projects and programmes management activities in general and, desirably experience in at least one ‘ACPV like’ functional/technical area (such as asset management databases and/or ITSM tools and/or CMDB and/or SCCM and/or patch management tooling and/or vulnerability management and/or end point device management),
- Experience (proven record) in enterprise risk management plan and risk log,
- Understanding of recent emerging technological trends and challenges in ACPV area,
- Expert technical knowledge of strategic organizational change management,
- Experience (proven record) with strategic planning, change roadmaps and change implementation including progress measurement and reporting,
- Strong analytical and research skills with the ability to collect, analyse and interpret large quantity of data from different sources,
- Strong analytical skills to assess and describe complex problems with multiple variables and develop adequate concepts and solutions,
- Expert communication and writing skills in English with the ability to develop and present complex concepts in a clear and succinct way,
- Strong skills in the creation of information sharing mechanisms including SharePoint and portals,
- Excellent writing skills to produce high-quality reports and deliverables, including presentation of results at meetings,
- Experience (proven record) in authoring studies and analyses in the relevant field.
11. DESIRABLE PROFILE
The candidate should also ideally have knowledge and experience in the following areas:
- Experience in working with NATO.
- Experience of working with NATO Communications and Information Agency.
- Experience of working with national Defence or Government entities.
- Experience of MS Power BI.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Business Intelligence C Clearance NATO Risk management Scrum Security Clearance SharePoint Vulnerability management
Perks/benefits: Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.