Her Majesty's Passport Office

Her Majesty's Passport Office - Cyber Security Architect

Incomplete applications

10
Incomplete applications
9 SME, 1 large

Completed applications

10
Completed applications
8 SME, 2 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 20 June 2018
Deadline for asking questions Friday 22 June 2018 at 11:59pm GMT
Closing date for applications Wednesday 27 June 2018 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Specialist role Cyber security consultant
Summary of the work Design & deliver, secure (agile driven), cloud based, security architecture. Ensure that specified security controls/counter-measures mitigate, minimise, or treat discovered risks are pragmatic, appropriate and cost effective
Technical assurance of projects to ensure they comply with the security architecture, covers both new systems and their integration with legacy.
Latest start date Tuesday 31 July 2018
Expected contract length 24Months total-Initial 12months-further period up to 12months depending on business need&performance
Location London
Organisation the work is for Her Majesty's Passport Office
Maximum day rate The maximum day rate has been left blank intentionally; we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with You will work as part of a Technical Design Authority who are responsible for specific domains.
They will need to collaborate closely with delivery teams in a multi-supplier environment.
What the specialist will work on 1. Defining the security architecture for our digital platform (Platform, endpoints, networks & application)
2. Demonstrating how security architecture addresses technical risks identified by independent IA team
3. Assuring end to end technical security where shared solutions are being used
4. Focus is on cloud architectures but will also include Crown Hosted solutions where applicable

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place London, Westminster
Working arrangements Typically on-site with wider team and clients in an Agile environment. Some site visits. Use of Confluence, Jira and ardoq are the tools used to track progress against deliverables.
Security clearance SC Clearance is required. HM Passport Office will support the clearance process.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Have proven track record of designing accredited cloud based security architectures for large and complex organisations
  • Have in depth knowledge of AWS security tools, open source security controls and experience of Automated security testing tools
  • In depth understanding of cloud technologies. Specifically, secured cloud solutions previously on cloud platforms (e.g. MS, AWS, Google, Skyscape )
  • Experience of a broad range of networks and underlying IT technologies and environments (e.g. container technologies like Docker and Kubernetes)
  • In depth understanding of cloud based, open source and traditional security technologies, controls and an in depth understanding of security specific protocols (e.g. TLS, Kerberos and SAML)
  • Lead IA/Security Architect (LCCP) and Certified Senior Information Risk Adviser (SCCP)
Nice-to-have skills and experience
  • Experience of HMPO systems or similar government operational systems and scale
  • Experience of GDS best practices

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many specialists to evaluate 3
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Be transparent and collaborative
  • Be comfortable standing up for their discipline
  • Have a no-blame culture and take responsibility for their work
Assessment methods Work history
Evaluation weighting

Technical competence

65%

Cultural fit

15%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. What is the IR35 status? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.
2. Does the Architect need to hold BOTH Lead IA and Senior SIRA qualifications, or one of? Yes, the Architect needs to hold BOTH Lead IA and Senior SIRA qualifications.
3. Can the Architect hold Senior IA certificate instead of Lead Status? The Architect needs to have lead status.
4. Is this role full time? Yes
5. Can you confirm you need the individual to hold Senior SIRA status? Would ex-CLAS be sufficient? The individual needs to hold Senior SIRA status. ex-Class is NOT sufficient.
6. Is there a current incumbent with his/her contract coming to an end? There is currently an incumbent currently in the role.
7. Could you please confirm the pay rate for the Cyber Security Architect role. The day rate has been left blank intentionally; we will assess the day rate for suppliers using the evaluation weighting we have disclosed on the requirements.
8. Please can you advise if the incumbent consultant is permitted to submit a response to this requirement? The present incumbent supplier can submit a response for this opportunity should they wish.