MoD
Cyber Attack Recovery Planning (CARP) Cyber Security Business Analyst
7 Incomplete applications
6 SME, 1 large
11 Completed applications
10 SME, 1 large
Important dates
- Published
- Tuesday 3 May 2022
- Deadline for asking questions
- Thursday 5 May 2022 at 11:59pm GMT
- Closing date for applications
- Tuesday 10 May 2022 at 11:59pm GMT
Overview
- Specialist role
- Business analyst
- Off-payroll (IR35) determination
- Supply of resource: the off-payroll rules will apply to any workers engaged through a qualifying intermediary, such as their own limited company
- Summary of the work
- There is a requirement to deliver short-term outputs/gains to develop MOD capability to 'Recover' from a Cyber-Attack. The Discovery Phase for Cyber Attack Recovery Planning (CARP) highlighted 14 areas where immediate benefit can be realised in defence recovery. The requirement involves enabling an improved stance against these areas.
- Latest start date
- Wednesday 25 May 2022
- Expected contract length
- The resource is required until the 31st October 2022
- Location
- South West England
- Organisation the work is for
- MoD
- Maximum day rate
About the work
- Early market engagement
- Who the specialist will work with
-
Resilient by Design Project Board
Theme Lead
Cyber Attack Recovery Planning Project Manager
Principal Technical Consultant
Cyber Security Consultant
Defensive Cyber Future - Project Manager - CRP
Policy team - CRP - What the specialist will work on
-
1. Assess the maturity of existing systems and processes based on whether they meet a set of identified recovery best practices (Short Term Gains).
2. Support the Cyber Security Consultant in delivering the technical strategy for enabling an improved stance against the recovery best practices to reduce cyber risk and to improve MOD capability to recover from a cyber attack.
3. Data capture from system owners to measure and report on performance.
Work setup
- Address where the work will take place
- MoD Corsham, MoD London or Remotely
- Working arrangements
-
Your primary location will be a hybrid of remote working, MOD Corsham and possibly MOD Main Building London .
Expenses will be within your daily rate for your regular work location. Additional travel expenses will be available should you need to travel to other sites beyond MOD Corsham,. The MOD supports flexible working (when possible), at the discretion of the programme manager. - Security clearance
- Active SC clearance is required by the start date of the contract and this will not be sponsored by the MOD.
Additional information
- Additional terms and conditions
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
- Essential skills and experience
- Have proven experience within MOD (or a similar sector) and comprehensive knowledge of Cyber security NIST Framework
- Nice-to-have skills and experience
-
- . Worked on similar projects within the cyber 'Recover' space.
- BSc/BA in Computer Science, Engineering or relevant field; graduate degree.
How suppliers will be evaluated
All suppliers will be asked to provide a work history.
- How many specialists to evaluate
- 7
- Cultural fit criteria
-
- Work as a team with our organisation and other suppliers
- Be transparent and collaborative when making decisions
- Have a no-blame culture and encourage people to learn from their mistakes
- Take responsibility for their work share knowledge and experience with other team members
- Additional assessment methods
- Interview
- Evaluation weighting
-
Technical competence
50%Cultural fit
15%Price
35%
Questions asked by suppliers
- 1. Is this inside or outside ir35?
- inside
- 2. Could we know if there is an incumbent consulting partner who has conducted the review culminating in the 14 areas for focus?
- The 14 areas for focus were delivered by a previous delivery partner. There is currently no incumbent.
- 3. Has MoD already conducted a table top exercise to generate these known areas for focus? Are we assuming that the role is concerned with execution activities, please? Many thanks!
- The areas were derived from industry best practices. The role will involve executing a strategy to implement these.