This opportunity is closed for applications

The deadline was Wednesday 28 April 2021
Ministry of Defence

CCT 991 Security Assurance Coordinator to SMOps Interoperability Deployed (Radio) in Defence Digital

7 Incomplete applications

7 SME, 0 large

10 Completed applications

10 SME, 0 large

Important dates

Published
Wednesday 21 April 2021
Deadline for asking questions
Friday 23 April 2021 at 11:59pm GMT
Closing date for applications
Wednesday 28 April 2021 at 11:59pm GMT

Overview

Specialist role
Cyber security consultant
Off-payroll (IR35) determination
Summary of the work
The Security Assurance Coordinator (SAC) will be the main focal point for all Security Assurance related support tasks; dependant on the business need. Checks and balances must be maintained and monitored in accordance with policy and standards and supported by production of a formal document set to achieve accreditation.
Latest start date
Monday 10 May 2021
Expected contract length
9 months with an option to extend for a further 12 months
Location
South West England
Organisation the work is for
Ministry of Defence
Maximum day rate
£766.71, including VAT, any agency fees and travel & subsistence

HMRC employment status check returns - inside off-payroll working rules so (IR35) will apply

About the work

Early market engagement
Who the specialist will work with
Civilian, Military and contractors within the MOD and wider Defence industry
What the specialist will work on
Act as the principal Security Assurance professional for SMOPs Interoperability Deployed (RADIO).
Work closely with each Service Manager, Service Stakeholders, MSP and Authority Security Assurance governance to achieve accreditation and through life management of all live services.
Establish and Chair Security Working Groups to review Security Assurance functions and assure risk is appropriately managed with the correct tools.
Review, assess, address and evidence effective security controls for threats facing the programme through the life of the service.
Support all live services with the production of a formal document set to be maintained in line with policy standards and reviewed annually

Work setup

Address where the work will take place
Defence Digital, Ministry of Defence Corsham

However, at-the-time of-writing, government measures to reduce Covid-19 are in operation and as-such, work should be done remotely and in observance of social distancing and shielding guidance. MOD will continue to observe all government advice in the coming months aimed at reducing the spread of the disease.
Working arrangements
Work onsite 4/5 days a week in Corsham as agreed with the Project Manager in order to support Project Teams in all of their Security Assurance activities.

Currently with Covid19 until the foreseeable future all activity is likely to be remote. Unless it is to attend sight to carryout work on systems not available remotely, but this would be managed in accordance with site COVID policies, Head of Establishment and Head of Department approval and at line management discretion.
Security clearance
Valid SC clearance must be in place prior to the contract starting.

Additional information

Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Have a minimum of three years’ experience within the last five years in an IA role in a similar sized organisation 10%
  • Evidence of high- level plan to your approach for identifying and managing Security Risks, Issues and Dependencies in mature business/project area, including evidence of managing RMADS, managing TSIs 10%
  • Evidence how you have provided Security Assurance documentation to enable an organisation to continue the route to full rollout and adoption of policies and templates within delivery areas 10%
  • Demonstrate experience of conducting Technical security reviews / approvals of Supplier and MoD Design and Test documentation to ensure that it is compliant with Defence Security policy 10%
  • Demonstrate experience of Defence Digital and/or MOD Security Accreditation and MOD Security Assurance process 10%
  • Demonstrate previous working experience of Coordinating technical security documentation in support of CyDR (previously ISS DAIS) to support achievement of accreditation 10%
  • Certified Cyber Professional (CCP) – at least SIRA Practitioner level 10%
Nice-to-have skills and experience
  • Certified Information Systems Security Professional (CISSP) Qualification or Certificate in Security Management (CISM) 5%
  • Associate Member of the Institute of Chartered Institute of Information Security (CIISEC) 5%
  • Member of the British Computer Society 5%
  • Experience of ICT Projects in a similar sized organisation 5%
  • Knowledge of JSP440 & JSP604 5%
  • Specific project experience such as cloud security, apps security 5%

How suppliers will be evaluated

All suppliers will be asked to provide a work history.

How many specialists to evaluate
3
Cultural fit criteria
  • Has experience of delivery in a complex defence IT environment, understanding the challenges and approaches to delivery (25%)
  • Worked as a team with our organisation and other suppliers, including knowledge and experience of scaled Agile ways of working (25%)
  • Remain transparent and collaborative when making decisions (25%)
  • Excellent communication, presentation, collaboration and client/stakeholder engagement skills with a wide variety of grades/positions. (25%)
Additional assessment methods
  • Reference
  • Interview
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

1. Is there an incumbent and will they be applying?
There is no incumbent
2. Is there an incumbent and will they be applying?
There is no incumbent
3. Will the assignment be deemed outside of IR35?
As stated in the advert the assignment is deemed inside IR35.
4. Is there a current incumbent or preferred supplier for this programme of work?
There is no current incumbent or preferred supplier for this role.
5. Is Wed 28 Apr for submission correct? 5 working days is a very tight turnaround for a Digital Marketplace submission.
Wed 28 Apr is correct deadline. In accordance with Digital Marketplace timelines the requirement will be advertised for 7 days.
6. This rate is too low for someone of this skillset and clearance level if it falls inside of IR35. Is there any flexibility or has a mistake been made on the stated budget?
Rate is correct and has been increased to the maximum to meet requirements.
7. Can the specialist apply for a DV clearance if awarded the bid or do they need this to apply for the role?
A valid SC clearance must be in place prior to the contract starting.
8. Are the MOD able to sponsor the successful candidates DV Clearance?
No
9. For clarity you’ve have stipulated that the role is inside. Can candidates work through umbrella as well as PAYE?
This is a decision for the successful supplier. So long as this is compliant with HMRC rules.
10. Can we reactivate dormant SE & DV clearance for this contact?
Re-activate dormant SC only – but would prefer someone with clearance, due to current delays in clearance.
11. Is there any movement regards rate please? The rate is very low for an inside IR35 and with the knowledge and skills required. We have 3 or 4 specialists who would excel and bring value for money to this role but the cost for this type of specialist far exceeds the stated budget. Please advise.
There is no flexibility on the rate.