Awarded to BAE Systems Applied Intelligence Limited

Start date: Wednesday 3 June 2020
Value: £279,000
Company size: large
Highways England Company Limited

Information Rights and Security Outcomes

28 Incomplete applications

24 SME, 4 large

41 Completed applications

29 SME, 12 large

Important dates

Friday 13 March 2020
Deadline for asking questions
Tuesday 17 March 2020 at 11:59pm GMT
Closing date for applications
Friday 20 March 2020 at 11:59pm GMT


Specialist role
Cyber security consultant
Summary of the work
As Industry leading partners to work with us to manage and maintain the confidentiality, integrity and availability of data and information assets, through definition, implementation and maintenance of information policies and operational controls at Highways England resulting in robust Information Rights and Information Security services.
Latest start date
Monday 6 April 2020
Expected contract length
12 months approximately
South West England
Organisation the work is for
Highways England Company Limited
Maximum day rate

About the work

Early market engagement
Who the specialist will work with
Chief Data Officer, Chief Information Officer, Senior Information Risk Officer, IT senior leadership team, Risk, monitor and audit roles, Economic & finance roles, Senior customers of Information & Technology products and services, Project managers, NCSC, DFT, Cabinet Offices GDS team, Information Commissioners Office. Information Rights Team members and Information Security Team members.
What the specialist will work on
As an industry leader, review organisational compliance with relevant Information Rights/Security standards/legislation and monitor requirements. Including but not limited to FOI/DPA/ NISD/PSN as provider of Critical National Infrastructure.
Using industry standards to assess/review resource/demand management of information and Security Services ensuring provision/ maintenance of sufficient management systems/lead resources to prevent, detect, respond to/mitigate threats preventing loss of confidentiality/integrity/availability of information assets.
Using industry standards and best practice to review, assess/implement policies, processes and systems to manage the continuity of information services and the recovery of information systems, services in the event of crisis, disaster or other unforeseen circumstances

Work setup

Address where the work will take place
Base location Manchester or Bristol with travel to other locations such as Birmingham, Leeds, London, Bedford, Guildford.
Working arrangements
Monday to Friday with a base at either Manchester or Bristol, as many of the Key Contacts are in these locations. Travel will be required between these sites and Birmingham. Travel to other locations may be necessary. Face to face and video calls will be required, travel may be required 2-3 days a week depending on base location.
Security clearance
Security Check (SC)

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Provides an expert understanding, ability to apply security concepts to a technical level, at the highest levels of risk complexity
  • Able to effectively translate and accurately communicate security and risk implications at the most senior levels across technical and non-technical stakeholders, and able to respond to challenge.
  • Able to manage stakeholders’ expectations across high-risk and complexity or under constrained timescales
  • Ensures data governance supports changes to the organisational strategy. Aligns data governance with wider governance (e.g. budget).
  • Assures corporate services by understanding key risks and mitigation through assurance mechanisms.
  • Detailed knowledge in information security, able to design, quality review, quality assure solutions/services with security controls embedded, specifically engineered as mitigation against security threats as core part of solutions/services.
  • Strong knowledge of system architectures. Able to understand and articulate impact of vulnerabilities on existing/future designs, systems and how easy or difficult it will be to exploit these vulnerabilities.
  • Capable of shaping and influencing government strategy.
  • Develops and sets data standards across multiple subject areas.
  • Knowledge and experience of Network and Information Systems Directive, ISO27001, General Data Protection Act (including ROPA), Freedom of Information Act
  • To provide technical support to the Information Technology Directorate working for the Chief Data Officer.
Nice-to-have skills and experience
  • Understands how metadata repositories can support different areas of the business. Promotes and communicates the value of metadata repositories.
  • Designs data architecture dealing with problems that span different business areas. Draws links between problems to reach common solutions. Works across multiple subject areas, a single large/complicated subject area.

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

How many specialists to evaluate
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Take responsibility for their work
  • Challenge the status quo
  • Be comfortable standing up for their discipline
  • Keep ourselves and others safe, above all else
  • Open, honest and professional, respect and value the contribution others make, do what we say, always do the right thing
  • Work together effectively to achieve our goals, work efficiently and flexibly, listen to others and communicate clearly
  • Take accountability, learn from failure and celebrate success, agree stretching goals and delivering them, maintain focus on our imperatives
Additional assessment methods
  • Reference
  • Interview
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. There is another active opportunity with similar requirements from Highways England. Are these two different roles? Please see:
These are different roles.
2. Referring to the question posted earlier- and your response. The other previous role has been taken down, so are we correct to assume this has replaced the previous Head of Information role??
3. will SC be sponsored for suitable candidates
Canditiates for this service should be SC cleared before commencing.
4. Will you support SC clearance for an SC eligible candidate?
Candidates for this service should be SC cleared before commencement.
5. Is there an incumbent delivering this role? If there is, will the incumbent be involved in the assessment, review or selection of suppliers for this specialist role?
There is an incumbent. Depending on timescales they may be involved in the assessment, review of suppliers.
6. Are expenses from a base location included in the day rate?
Travel expenses will be paid on top of the day rate, if travel is necessary to other locations.
7. Do you have an incumbent for this role currently?
8. Is the start date of 6th April a certain or is it likely it will be later than this due to it already being so close – taking onboarding time into account etc.
Our specialist is available from 27th April, will this be too late?
The 6th April is the preferred start date, or as near to this date as possible.
9. Will travel and expenses be excluded from the £1200 day rate? Also, is the £1200 excluding VAT?
Reasonable Travel expenses will be paid on top of the day rate, if travel is necessary to other locations in line with the Highways England Travel and Subsistence policy. The £1200 figure is net, before VAT.
10. Will this role be outside IR35?
Yes, outside IR35
11. Is the role deemed to be Outside of IR35 ?
12. What is the IR35 Status of this contract?
This role is outside IR35
13. Is the role inside or outside of IR35?
Outside IR35
14. Is the position inside or outside of IR35?
Outside IR35
15. Is this specialist role considered outside IR35?
Yes, outside IR35
16. Is it outside IR35?
17. Is opportunity Inside or Outside IR35?
Outside IR35
18. "The 1st question (below) has a link which directs to the same job – there is no difference in the job specs and impossible to differentiate between the two – could the other opportunity be more explicit?
1. There is another active opportunity with similar requirements from Highways England. Are these two different roles? Please see:
there is only one role active:
19. Could you please confirm the IR35 determination for this role?
Outside IR35
20. Will the incumbent be reapplying for this role in competition with specialists who will be applying?
We don't know who will apply or not.
21. Referring to the incumbent & how this has replaced the previous head of information rights.
Is the reason for this role that the incumbent is going on maternity leave?
The requirement for the role is to work on reviewing organisational compliance with relevant Information Rights/Security standards/legislation as specified in the opportunity.
22. Is Highways England currently accredited or working towards accreditation to a particular security management standard?
We are not ISO 27001 certified
23. Will the work involve assessing specific technical systems for compliance with security management policy and procedure?