2024-0193 ACPV Programme Management (NS) - FRI 25 Oct

Brussels, Brussels, Belgium

Applications have closed

Deadline Date: Friday 25 October 2024

Requirement: ACPV Programme Management

Location: Brussels, BE

Full Time On-Site: No

Time On-Site: 80% on-site, 20% remote

Period of Performance: 2024 BASE: As soon as possible but not later than 18 November 2024 until 20 December 2024 with the possibility to exercise the following option:

2025 OPTION: 01 January 2025 until 31 December 2025.

Start date is as soon as possible but not later than 18 November 2024.

Required Security Clearance: NATO SECRET

 

1. PURPOSE

The objective of this statement of work (SoW) is to outline the scope of work and deliverables for the Asset, Configuration, Patching and Vulnerability (ACPV) Programme Management Support to be conducted by the selected company.

This work package will provide support to the ACPV management function. It will also provide advice on best practice and methodology to support effective management.

The purpose of the work package is to provide support to CSU Brussels to fulfil identified ACPV management activities more effectively.

2. BACKGROUND

ACPV supports the NATO strategic objective to enhance cyber defence and resilience. It directly contributes to NATO’s cybersecurity posture, proactively challenging adversarial freedom of manoeuvre in cyberspace, countering malicious cyber activities on the Alliance and contributing to Enterprise cyberspace situational awareness in a dynamic environment.

NATO needs to continuously improve its Enterprise vulnerability management process as part of its aim to operate at the high security levels which ensure its effectiveness and reliability. The ACPV Core System is expected to provide the NATO cybersecurity ecosystem with adequate ACP management for vulnerability assessment information within the NATO Enterprise, ensuring that NATO CIS are understood, monitored, patched and actioned properly, in order to improve their protection against the full spectrum of current and future cyber threats.

To support CSU Brussels for the execution of this work package, the NCI Agency is looking for subject matter expertise in the delivery of complex, foundational and novel CIS capability.

This contract is to provide consistent support on a deliverable-based (completion-type) contract, to NCIA CSU Brussels contributing to its POW based on the deliverables that are described in the scope of work below.

3. SCOPE OF WORK

The aim of this contract is to support CSU Brussels with technical expertise specifically related to ACPV management and CSU Brussels patching procedures.

The requestor expects additional work in 2025, thus has planned an option which could be executed in addition to the base work for 2024 with effective planning, research, writing, holding external and internal discussions, modifying documents (including after each meeting), reporting progress, including meetings.

Therefore, this contract includes an optional scope extension with deliverables to be executed in 2025, pending NCIA exercises this option.

Under the direction / guidance of the CSU Brussels Point of Contact, the Contractor will be supporting the following activities:

1) The processes for integrating discovery products:

(Such as Lansweeper and BMC Discovery, with the BMC Remedy CMDB)

a) Contribute to the design and implementation of efficient processes that seamlessly integrate discovery products like Lansweeper and BMC Discovery with the BMC Remedy CMDB,

b) Ensure accurate and up-to-date configuration management data,

c) Analyse the capabilities and data structures of Lansweeper and BMC Discovery,

d) Identify and map relevant data elements from the discovery products to corresponding CI types in the BMC Remedy CMDB (ver. 20.02 and newer),

e) Collect information and will apply the BMC CMDB best practices,

f) Create the integrations design and defining the integration processes and procedures,

g) Describe all discovery interfaces, interaction between them, navigation and usage of the ITAM information and user functionalities,

h) Implement the feedbacks/corrections to the content,

i) Record the relevant parts in the SharePoint processes workspace,

2) The structure of basic IT services and applications:

(Within the CMDB to support service-based operations, specifically focusing on service and application availabilities)

a) Identify and define key IT services and applications based on business needs and technical architecture,

b) Determine the relationships and dependencies between services and applications,

c) Create or modify Service, Application and Relationship CIs and attributes to accurately represent IT services and applications in the local BMC CMDB and BMC Asset Management systems (ver. 20.02 or newer),

d) Establish hierarchical relationships between services and their constituent components (e.g., applications, infrastructure),

e) Document between 50-100 services/applications (including but not limited to the VMware Hosting Service, Printing Service, Internet Access Service, Core Network Services (DNS, DHCP, etc.), Network Switching Infrastructure, Network Load Balancing Service, and SharePoint Infrastructure Service, as well as some of the business applications such PMIS (HR), ERP, etc.)

f) Demonstrate the completed CMDB structure for business services and applications.

3) The maintenance, development and integrations of the CMDB:

a) Contribute to the development and integration of the BMC CDMB,

b) Contribute to the development and integrations of BMC Asset Management (ver.20.02 or newer),

c) Support the operations of BMC ITSM, BMC CMDB, BMC Asset Management, BMC Discovery (ver.20.02 or newer) with expertise.

4) The accuracy, actuality and consistency of data within the CMDB:

a) Maintain the BMC Asset Management (ver. 20.02 and newer), BMC CMDB (ver. 20.02 and newer), BMC Discovery (ver. 20.02 and newer) and Lansweeper to be accurate, up to date, and consistent across all systems,

b) Collaborate with other IT teams to ensure that the CMDB is aligned with the overall IT infrastructure and service management processes,

c) Establish rules and validation mechanisms to maintain data integrity and consistency between the discovery products and the CMDB,

d) Implement data cleansing and normalization processes to address potential discrepancies or inconsistencies.

The contractor will work 20% remotely, providing services during Core working hours of the ACPV Programme Management Function team (NATO HQ - Brussels / BEL).

The measurement of execution for this work is sprints, with each sprint planned for a duration of 1 week.

4 DELIVERABLES AND PAYMENT MILESTONES

The following BASE deliverables are expected from the work on this SoW in 2024:

Deliverable:  5 sprints

Payment Milestones: Upon completion of all sprints (at the end of the work).

The NCIA reserves the possibility to exercise a number of options in the year 2024, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority.

2025 OPTION: 01 January 2025 to 31 December 2025

Deliverable: Up to 44 sprints

Payment Milestones: Upon completion of each fourth sprint and at the end of the work.

The NCIA reserves the possibility to exercise a number of options in the year 2025, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the project authority.

5. COORDINATION AND REPORTING

The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via digital means using conference call capabilities, according to the manager’s / team leader’s instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCI Agency Project Manager mentioning briefly the work held and the development achievements during the sprint.

At the end of the project, the Contractor shall provide a Project Closure Report that is summarizing the activities during the period of performance at high level.

6. SCHEDULE

This task order will be active immediately after signing of the contract by both parties.

The BASE period of performance is as soon as possible but not later than 18 November 2024 and will end no later than 20 December 2024.

If the 2025 OPTION is exercised, the period of performance is 01 January 2025 to 31 December 2025.

7. CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.

All documentation etc. will be stored under configuration management and/or in the provided NCI Agency tools.

8. SECURITY AND NON-DISCLOSURE AGREEMENT

The candidate has to be in possession of a valid NATO SECRET security clearance at contract start in order to facilitate follow-on engagements and coordination at NATO venues.

The signature of a Non-Disclosure Agreement between the contractor contributing to this task and NCIA will be required prior to execution.

9. PRACTICAL ARRANGEMENTS

The contractor will be required to work approximately 20% remote, 80% onsite in Brussels, BEL as part of this engagement. The ACPV Programme Management Function Team is located in BRUSSELS / BEL, with working hours to be adjusted accordingly.

The contractor will be required to work within a NATO country, following the rules and regulations applicable for the operations of NATO CIS.

The contractor may be required to travel to other NATO locations as part of his role. Travel expenses for missions to other NATO/NCIA locations rather than NATO HQ in Brussels will be reimbursed to the individual directly (outside this contract) under NATO rules.

Regular travel costs to and from main location of the work (NATO HQ) are out of scope and will be borne by the contractor.

This work must be accomplished by one contractor.

The Purchaser will provide the Contractor with the following Purchaser-Furnished Equipment (PFE):

Access to NATO sites, as required, for the purpose of executing this SOW.

Workspace (needed business IT for both on- and off-site work, hot-desk at NATO HQ facility).

NCIA “REACH” laptop to be used by the contractor for the execution of the contract.

10. REQUIRED PROFILE

[See Requirements]

11. DESIRABLE PROFILE

[See Requirements]

Requirements

8. SECURITY AND NON-DISCLOSURE AGREEMENT

  • The candidate has to be in possession of a valid NATO SECRET security clearance at contract start in order to facilitate follow-on engagements and coordination at NATO venues.

10. REQUIRED PROFILE

The contractor(s) that is going to perform the identified tasks as BMC Remedy CMDB Expert must have demonstrated skills, knowledge and experience as listed below.

The objective of the work is to design, create, and implement processes that ensure the data in the BMC Remedy CMDB is up to date and accurate by integrating with discovery products, normalizing and reconciling data, and implementing rules and automation where possible.

  • Experience (proven record) in designing and creating processes for integrating discovery products, such as Lansweeper and BMC Discovery, with the BMC Remedy CMDB.
  • Experience (proven record) in creating or updating the structure of basic IT services and applications in the CMDB to enable service-based operations, such as service and application availabilities.
  • Ability to deduce the structure of the service/application and to define the hierarchical and functional links in the CMDB for CIs. This involves creating or updating other aspects of the documentation, such as Visio diagrams and metadata on the Service Documentation Portal.
  • Ability to document between 50-100 services/applications, including but not limited to the VMware Hosting Service, Printing Service, Internet Access Service, Core network services (DNS, DHCP, etc.), Network Switching Infrastructure, Network Load Balancing Service, and SharePoint Infrastructure Service, as well as some of the business applications such PMIS (HR), ERP, etc.
  • Experience (proven record) in developing and implementing rules for normalization and reconciliation of data in the CMDB.
  • Ability to ensure that data in the CMDB is accurate, up to date, and consistent across all systems.
  • Ability to develop and to implement automation for the processes to reduce manual effort and increase efficiency.
  • Ability to collaborate with other IT teams to ensure that the CMDB is aligned with the overall IT infrastructure and service management processes.
  • Ability to provide technical guidance and to support to other team members and stakeholders.
  • Good communication and writing skills in English.

Itis important to note that this profile does require in-depth application knowledge of following:

  • In-depth application knowledge of BMC CMDB 20.02
  • In-depth application knowledge of BMC ITSM 20.02
  • In-depth application knowledge of BMC Discovery 20.02
  • In-depth application knowledge of BMC SRM 20.02
  • In-depth application knowledge of BMC ATRIUM Integrator 20.02.

11. DESIRABLE PROFILE

The candidate should also ideally have knowledge and experience in the following areas:

  • Experience in working with NATO.
  • Experience of working with NATO Communications and Information Agency.
  • Experience of working with national Defence or Government entities.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  4  0  0

Tags: Automation C Clearance DNS ERP IT infrastructure NATO Scrum Security Clearance SharePoint VMware Vulnerability management

Perks/benefits: Gear Startup environment

Region: Europe
Country: Belgium

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.