Defence Online

Type of document: Contract Notice
Country: United Kingdom

1. Title: CRP – SECURE AT REACH – CYBER SECURITY SPECIALIST A
2. Awarding Authority: Strategic Command (UKStratCom) part of the Ministry of Defence (MoD), GB. Web:
3. Contract type: Service contract
4. Description: Specialist role Cyber security consultant
Off-payroll (IR35) determination Supply of resource: the off-payroll rules will apply to any workers engaged through a qualifying intermediary, such as their own limited company
Summary of the work Support the project with strategic technical implementation of cyber risk assessment and solution proposals to mitigate or remediate cyber risks.
5. CPV Code(s): 72000000, 72212730
6. NUTS code(s): UKK, UKK1, UKK15, UKI
7. Main site or location of works, main place of delivery or main place of performance: Location No specific location, for example they can work remotely
Work setup
Address where the work will take place London / Corsham (DD CRP) / Occasional Work at UK Military Sites.
8. Reference attributed by awarding authority: Not provided.
9. Estimated value of requirement: Maximum day rate £1125.41 (exc VAT) Daily Rate
10. Closing date for applications 25.1.2023 (23:59:00).
11. Address to which they must be sent: For further information regarding the above contract notice please visit:
12. Other information: Deadline for asking questions Wednesday 18 January 2023 at 11:59pm GMT
Latest start date Monday 6 March 2023
Expected contract length 12 months, with an option to extend by a further 6 months, subject to financial approvals.
About the work
Early market engagement Not applicable.
Who the specialist will work with Working with Project Manager and Project Technical Lead. Specialist will be part of the core team and will work within the core team to establish work streams that will involve different suppliers where applicable.
What the specialist will work on To develop a proven & robust process, backed up with policy and technology that will provide cyber risk identification and reduction in the deployed environment. This also include the provision of high priority risk reduction where required.
Working arrangements Hybrid working, where the core team will meet at least once every week (London) and work with assessment locations, e.g. base station of an operation. This will be determined based on the work being undertaken.
Security clearance Minimum of SC level clearance, DV-held preferred. Clearance must be in place prior to the contract start date and remain valid for the contract duration.
Additional information
Additional terms and conditions T&S will be reimbursable when travelling to alternate locations (to be confirmed). All expenses must be pre-agreed between the parties and must comply with the MOD Travel and Subsistence (T&S) Policy.
Off-payroll working rules apply (IR35 in-scope). Any Personal Services Company (PSC) candidates will require to come through an umbrella company.
Risk Assessment Ref: RAR-639719124
Cyber risk profile: High
Potential bidders are required to complete a Supplier Assurance Questionnaire (SAQ) against the security controls appropriate to the risk level. Tenderers should complete their SAQ using the form in the following link:
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
Essential skills and experience
Proven track record of delivering defined cyber security consultancy services [5%]
Experience of implementing cyber security controls and solutions within an operational technology (OT) environment [7.5%]
Providing cyber security guidance on critical infrastructure within broad or targeted range of complex systems through normal vs. abnormal contexts of operation [7.5%]
Providing cyber security governance, performing cyber security assessments, and providing risk assessment methodologies with outcomes to determine cost effective solution [7.5%]
Experience in development of controls, procedures, policies to provide cyber security risk mitigations whilst meeting both operational and regulatory requirements [7.5%]
MoD Background or Military with joint effects background preferred [5%]
Nice-to-have skills and experience
Have critical national infrastructure projects experience) [2.5%]
Proven experience / expertise in Assessment of Operational Technology / Internet of Things systems using IEC 62443 or relevant frameworks e.g. NIST CSF, CAF or others [5%]
Assured Consultant certified through the NCSC [+Security+Consultancy] [5%]
Management of multiple external stakeholders to the project and resolve any impediments around prioritisation of work required alongside other competing priorities.[5%]
Relevant Certified Cyber Professional (CCP) qualifications [2.5%]
How suppliers will be evaluated
All suppliers will be asked to provide a work history.
How many specialists to evaluate 3
Cultural fit criteria
Work as a team with our organisation and other suppliers [collaboration across defence and its service providers] [5%]
Be transparent and collaborative when making decisions [Recording all artefacts that support the decision making / rational] [5%]
Take responsibility for their Work [Accountability – ability to identify potential blockers, working with multiple stakeholders / contributors to transparently achieve resolution] [5%]
Share knowledge and experience with other team members [Building the project knowledge based through sharing of information / artefacts / documentation to support onboarding and growth within organisation. [5%]
Additional assessment methods Interview
Evaluation weighting
Technical competence
60%
Cultural fit
20%
Price
20%
Questions asked by suppliers
Is there a current incumbent or preferred supplier for this role? There is no incumbent or preferred supplier for this requirement.
Is there an incumbent? There is no incumbent supplier for this requirement.
Is this definitely inside of IR35? The requirement is inside IR35, Ref the advert: Off-payroll (IR35) determination: Supply of resource: the off-payroll rules will apply to any workers engaged through a qualifying intermediary, such as their own limited company.
TKR-2023112-EX-1530435