Cybersecurity Scorecard Assessment and Coordination Support

Duties

• Supporting preparation of the annual Scorecard execution approach and planning documentation.
• Preparing assessment materials, including questionnaires, interview guidance and data collection templates.
• Coordinating and conducting cybersecurity assessments of the identified entities through remote sessions and on-site engagements.
• Engaging with relevant stakeholders to collect assessment inputs and supporting information.
• Documenting assessment results and maintaining structured records of assessment outputs.
• Maintaining tracking documentation for the Scorecard, including assessment progress and identified issues.
• Maintaining oversight documentation such as tracking dashboards, issue logs and status summaries.
• Consolidating assessment inputs and maintaining structured datasets supporting Scorecard scoring and analysis.
• Supporting preparation of Scorecard reports and presentation materials.
• Proposing improvements to Scorecard methodology, KPIs, survey questions or scoring logic for CDT’s consideration.
• A structured plan describing the execution approach for the annual Scorecard cycle.
• Operational dashboard used to track progress of Scorecard assessments.
• Preparation of the documentation and tools required for collecting the Scorecard survey inputs from entities.
• Workshops introducing the Scorecard methodology and explaining the survey completion process to participating entities.
• Periodic engagement with each entity to obtain a completed survey.
• Structured log documenting questions, clarifications and guidance provided to entities during the survey completion period.
• Reports documenting the maturity assessment sessions conducted during on-site Scorecard assessments.
• Structured spreadsheets containing aggregated results derived from the survey responses and maturity assessment inputs.
• Analytical dashboard used to visualize the aggregated results of the Scorecard assessments.
• Analytical documentation identifying key observations and trends derived from the Scorecard results.
• The final Scorecard report summarizing the results and key findings of the Scorecard cycle.
• Presentation material summarizing the key findings of the Scorecard process for governance stakeholders.
• At the end of each milestone, the Contractor shall report the completion and achievements to the NCIA POC via email for each resource providing services under this SoW.

Requirement

• Contractor personnel must have a minimum 5 years of professional experience in cyber security with a focus on analytical assessment, scorecard development and performance metrics.
• Personnel must demonstrate a strong understanding of the cybersecurity processes such as Cyber Incident Management, Defensive Cyberspace Operations, Enterprise Risk Management and Cyber Threat Intelligence Analysis and Sharing.
• Contractor personnel must have a minimum 3 years of experience in developing meaningful and actionable cybersecurity metrics and measures.
• Contractor personnel must have a minimum 3 years of experience in developing, refining and updating methodologies for assessing cybersecurity maturity and performance.
• Contractor’s personnel must have strong skills in data analysis and the ability to create insightful visualizations for complex data sets.
• Familiarity with modern data visualization tools is essential – particularly PowerBI.
• Contractor personnel must demonstrate strong written and verbal communication skills for engaging with various stakeholders and facilitating Enterprise-wide assessments.
• The contracted individual must be capable of performing effectively and efficiently with minimal supervision.
• The resource(s) providing services under this SOW must be in possession of a security clearance of NATO SECRET or above.