Awarded to LHi Group Ltd

Start date: Thursday 27 August 2020
Value: £66,825
Company size: SME
Scottish Enterprise

P21-0045 Cyber Security Specialist

21 Incomplete applications

21 SME, 0 large

44 Completed applications

43 SME, 1 large

Important dates

Monday 6 July 2020
Deadline for asking questions
Wednesday 8 July 2020 at 11:59pm GMT
Closing date for applications
Monday 13 July 2020 at 11:59pm GMT


Specialist role
Cyber security consultant
Summary of the work
SE has recently completed a CyberEssentialsPlus(CE+) MaturityAudit and is seeking to progress to CE+accreditation in October2020. You will support the development and implementation of the actionplan to secure and maintain accreditation at level 3 – effective application of controls - across our systems and development across our Organisation
Latest start date
Monday 3 August 2020
Expected contract length
5 months with an optional 3 month extension
Organisation the work is for
Scottish Enterprise
Maximum day rate
£800 excluding VAT and including all expenses

About the work

Early market engagement
Who the specialist will work with
Working within an Agile service design, delivery and support team of circa 30 people responsible for digital transformation activities across the organisation. It’s a multidisciplinary team with software developers, testers, designers, user researchers, Dynamics developers, service designers, project managers and product owners. The Cyber Specialist will work on all areas of the security controls required to maintain and secure our real estate
What the specialist will work on
Will support the development and implementation of SE’s CE+ Implementation Plan to secure accreditation in October 2020. Primarily the role will initially focus on:

Information Governance – this will include the relevant policies and procedures required and will work alongside our DPI Governance Officer

Technical Development – this will include the requirements for our Solutions Architects, DevOps and QA teams to meet CE+ standards

Policies and Procedures related to the secure management of our services – this will include both our existing services as well as the approach to new services including guidance for the procurement of goods and services.

Work setup

Address where the work will take place
Initial work will take place remotely while offices are closed due to the Covid -19 pandemic restrictions.
When available work will take place at
Scottish Enterprise
Atlantic Quay ( Security clearance required)
150 Broomielaw
G2 8LU
Scottish Enterprise
Atrium Court
50 Waterloo Street
G2 6HQ
Working arrangements
The supplier is expected to supply a resource to work as part of the Service Assurance team. A core team is based in Glasgow city centre and work standard working hours of 9-5 Mon-Fri. It is expected that the resource would be available for physical (post covid-19 restrictions) and online meetings and co-working at regular scheduled times, but remote working is available as long as delivery is not affected.

This role is outwith IR35 (it doesn't apply)
Security clearance
Baseline Personnel Security Standard level clearance is required for this role.

Additional information

Additional terms and conditions
SE has identified that; the Supplier will be a controller for the purposes of the Data Protection Law, for any and all personal data it provides in support of its bid (including but not limited to contact details and CVs). Suppliers must therefore ensure that it has a lawful ground under the Data Protection Law to share such personal data with SE for the purposes of this bid and provision of the Services. SE will be the controller of any personal data it processes in accordance with this procurement process.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Experience and strong understanding and appreciation of a digital services design and development cycle
  • Expert knowledge of cyber security and cyber security technologies and experience of the Cyber Essentials Plus standards in digital service design and delivery
  • Proven track record and experience in developing cyber security policies and procedures, as well as successfully executing programs that meet business objectives
  • Establishing the requirements for ongoing service monitoring of threats and vulnerabilities
  • Excellent communication and engagement skills working at all levels from senior stakeholders to technical teams
  • Strong team player
  • Able to respectfully challenge and advise on ways to improve business practices where this impacts the effectiveness and security of ongoing service delivery
  • Excellent problems solving and analytical skills and able to collect information, analyse, report and advise on evidence-based changes
  • Strong risk management approach to delivery and able to apply risk methodologies within an agile development environment
Nice-to-have skills and experience
  • Experience and strong understanding and appreciation of Azure Cloud based environments and inbuilt security tools
  • Experience of the Umbraco web platform
  • Experience of Microsoft Dynamics
  • Understanding of Enterprise Architecture implications of information security controls
  • Experience of the preparation of security focussed procurement requests for goods and services
  • Experience of incident management processes
  • Knowledge of Digital First Service Assessment standards
  • Sound understanding of SE’s business objectives, processes and structure etc
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
  • Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

How many specialists to evaluate
Cultural fit criteria
  • Work as part of an agile team, helping others with priority tasks as required.
  • Be transparent and collaborative in decision making
  • Take responsibility and ownership of tasks
  • Challenge the status quo
Additional assessment methods
  • Reference
  • Interview
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Is there an incumbent already in the role?
If there is – how likely are you to replace them?
There is no incumbent in place
2. The spec mentions security clearance is required to be onsite in the location and then highlights only BPSS level clearance is required.
For the avoidance of doubt can you please confirm the minimum and ideal level of clearance needed for this post?
The minimum would be BPSS, any additional clearance will be an extra but we will just compare against BPSS.
3. Is there any flexibility in the number of days worked each month? For example, working 4 days/week?
As it’s a short sharp focus we have a preference for FTE of 5 days per week. Given our current working pattern from home though happy if the contracted hours was divided over 4 days.
4. To clarify on days worked – if the specialist were to undertake 40 hours/week over 4 days and doing so didn't impact the delivery of services, this would be acceptable?
5. Has the recently advertised vacancy for a Cyber Security Specialist (closing date 7th July) been filled at SE? If so, where will this person fit in with the consultancy requirement?
Not yet (in shortlisting) this is a permanent recruitment and the contractor will work alongside the security specialist for the duration of the contract.
6. What cyber security services delivery capability is in place for Scottish Enterprise currently? (In-house/outsourced/non existent?)
A mix of SE specialists and via the Security Operations Centre (SOC) delivered by our partnership from Enterprise IS (EIS).