Remote NATO ICT role mapping support (NS)

Deadline Date: Friday 8 November 2024

Requirement: NATO ICT role mapping support

Location: Off-Site

Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)“. Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs

Period of Performance: 2025 BASE: As soon as possible, but not later than 6 January 2025 – 31 December 2025 with the possibility to exercise following options:

2026 Option: 1 January 2026 until 31 December 2026

2027 Option: 1 January 2027 until 31 December 2027

Start date as soon as possible but not later than 6 January 2025.

Required Security Clearance: NATO SECRET

1. INTRODUCTION

At present, NATO does not have a standardized way to describe professional roles in the domain of Information and Communication Technology (ICT), nor are the Knowledge, Skills and Attitudes that are required to perform each of these roles successfully standardized.

Building on the previous year’s mapping of NATO Cybersecurity Roles, the aim of this project is to expand the mapping of all ICT roles to the SFIA Framework.

A ‘NATO ICT Role’ refers to a specific function within NATO that individuals occupy and execute. These roles are defined based on the SFIA framework, which serves as an industry-standard for standardizing language and categorizing skills. The scope of this mapping project includes all professionals in NATO who are involved in designing, developing, implementing, managing, and protecting the data and technology that power the digital world.

The project includes the creation of a database with all the acquired NATO ICT roles. The database will allow the identification of required trainings for each NATO ICT role and further analysis, for instance in supporting the forecasting of future training efforts.

2. OBJECTIVES

The scope of all activities is the NATO Enterprise unless otherwise indicated. At its conclusion, this project aims to deliver:

An inventory of all NATO ICT roles

A mapping of NATO ICT roles to the SFIA framework

A mapping of ‘Role to training recommendations’ for NATO ICT roles;

An implemented and accredited platform that enables hosting, analysing and managing all above mappings and creation of visual overviews and mapping reports per role, that can be used for insertion in / adjustment of NATO Job Descriptions (note: adjustment of the actual Job Descriptions is out of scope of this project)

3. SCOPE OF WORK in 2025

The following activities require support in 2025 under this SOW:

Where needed, finalize existing mappings, which focuses on NATO Cybersecurity roles and support the loading of these mappings in to the platform that was selected as Proof of Concept (Lexonis)

Build an inventory of NATO ICT roles and associated ICT Job Descriptions.

For all persona’s and 50% of all NATO ICT roles map the duties to the associated competencies and proficiency levels in the SFIA framework, create references to existing NATO and commercial training programs, and develop an annex and visual overviews to describe the SFIA mappings and training recommendations

Across all mapped NATO ICT roles: generate a cross-entity picture of ICT role training recommendations

Support the evaluation of the 2024 Proof of Concept of the mapping platform (Lexonis), pertaining to the platform’s ability to host, manage and analyse mappings, generate visual and usable reporting, identify required trainings for each NATO ICT role and further analysis, for instance in forecasting future training efforts and conducting competency assessments and function and to be accredited in the NATO IT system landscape, adhering to the associated security policies

Based on the evaluation outcomes, support the acquisition and/or implementation of the selected tool to host and manage all NATO CS and CSI role mappings to industry frameworks

Support the loading of all mappings between NATO ICT roles and industry frameworks to the selected platform

The contractor will work remotely, providing services during Core working hours of the NCI Academy team (Oeiras / PRT).

The measurement of execution for this work is sprints, with each sprint planned for a duration and due date as outlined in table 1 of Section 4 – Deliverables and Payment Milestones.

4. DELIVERABLES AND PAYMENT MILESTONES

The following deliverables are expected from the work on this statement of work:

2025 BASE: 01 January 2025 to 31 December 2025

Deliverable:  Up to 6 Sprints (Number of sprints is estimated considering a starting date of 1 January 2025. This will be adjusted depending on the actual start date.)

Payment Milestones: Upon completion of each sprint and at the end of the work.

The NCI Academy team reserves the possibility to exercise a number of options within the year 2025, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex A) including the EBA Receipt number.

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex A) signed by the Contractor and line manager.

See below for the schedule of 2025 deliverables:

Sprint 1: All missing mappings of NATO Cybersecurity roles from the 2024 PoW have been completed and validated and loaded on the platform that was selected as Proof of Concept (Lexonis) - 1 March 2025

Sprint 2: Evaluation finalized of the 2024 Proof of Concept of the mapping platform (Lexonis) + recommended way forward (i.e. accreditation of Lexonis OR explore other platform options) - 1 April 2025

Sprint 3: Up to 25% of all NATO ICT roles have been mapped to SFIA including training recommendations - 1 June 2025

Annexes and visual overviews have been developed to describe the SFIA mappings and training recommendations – Scope: 25% of all NATO ICT roles - 1 June 2025

All mappings of the 2024 project (focussing on NATO Cybersecurity roles) have been updated where needed - 1 June 2025

Sprint 4: Up to 50% of all NATO ICT roles have been mapped to SFIA including training recommendations - 1 Oct 2025

Annexes and visual overviews have been developed to describe the SFIA mappings and training recommendations – Scope: 50% of all NATO ICT roles - 1 Oct 2025

Overview of activities, work plan and engagement plan for the follow-on work in 2026 - 1 Oct 2025

Sprint 5: Across all mapped NATO ICT roles: generate a cross-entity picture of ICT role training recommendations - 1 Nov 2025

Sprint 6: All mappings between NATO ICT roles and industry frameworks have been loaded to the selected platform (depending on platform availability) - 1 Dec 2025

Final report describing the 2025 mapping outcomes - 1 Dec 2025

2026 OPTION: 01 January 2026 to 31 December 2026

Deliverable: Up to 6 sprints as described on above Table 1 section 4

Payment Milestones: Upon completion of each sprint and at the end of the work.

2027 OPTION: 01 January 2027 to 31 December 2027

Deliverable: Up to 6 sprints as described on above Table 1 section 4

Payment Milestones: Upon completion of each sprint and at the end of the work.

The NCIA team reserves the possibility to exercise a number of options in the respective option years, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.

The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex A) including the EBA Receipt number.

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex A) signed by the Contractor and the project authority.

5. COORDINATION AND REPORTING

The contractor shall participate in status update meetings, sprint planning, and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to line manager’s instructions.

For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report will be aligned with the line manager mentioning briefly the work held and the development achievements during the sprint.

Acceptance of each sprint completion will be documented in Annex A – Delivery Acceptance Sheet.

6. SCHEDULE

This task order will be active immediately after signing of the contract by both parties.

The BASE period of performance is as soon as possible but not later than 6 January 2025 and will end no later than 31 December 2025.

If the 2026 option is exercised, the period of performance is 01 January 2026 to 31 December 2026.

If the 2027 option is exercised, the period of performance is 01 January 2027 to 31 December 2027.

7. CONSTRAINTS

All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the line manager.

All documentation will be stored under configuration management and/or in the provided NCI Agency tools.

All the deliverables of this project will be considered NATO UNCLASSIFIED.

Part of the work may involve handling classified networks, therefore, a security clearance at the right level is expected for the contractor(s) undertaking this service, although the contractor may start working already while the clearance process is ongoing.

8. SECURITY

The security classification of the service will be up to NATO SECRET.

The contractor providing the services under this SOW is required to hold a valid NATO SECRET security clearance

9. PRACTICAL ARRANGEMENTS

The work shall be primarily conducted remote, e.g. at the contractor’s premises, with occasional travel.

Travel costs are out of scope and will be borne by the NCI Agency separately in accordance to the provisions of the AAS+ Framework Contract. He or she will work under the direction and guidance of the NCI Academy Technical Capability Support Section Head or their designated representative.

10. QUALIFICATIONS

[See Requirements]

10. QUALIFICATIONS

The contractor should have the following experience:

Education:

• Master’s degree in Communications, Public Relations, Security related field, and/or multi-year experience doing Digital Transformation in an international environment, OR;
• Bachelor of Education/MSc degree in Human / Organizational Performance, OR;
• Bachelor of Science (BSc) degree in Electronics Engineering, Computer Science/ Software Engineering/ Mathematics/ Electronics or related discipline at a nationally recognized/certified University, with 5 years post related experience, OR:
• A lower academic qualification combined with the demonstration of particular abilities or experience of relevance to this work, with a minimum of 8 years relevant experience.
• Certification in ITIL 4 and/or Agile Project Management
• Demonstrable high level of Digital Literacy and a Cybersecurity certification

Experience:

• More than 6 years’ NATO experience in Education and Training, and more than 6 years’ industry experience in change management and Learning & Development related posts.
• Knowledge of / practical user experience with NATO Cybersecurity Education and Training design and delivery.
• Experience with mapping competencies to industry standard frameworks.
• Experience with mapping NATO specific Cybersecurity job roles to the NICE and SFIA frameworks and related training offerings.
• Experience with working with NCI Agency, NATO Support and Procurement Agency (NSPA) and NATO Enterprise entities (including the NATO Office of the chief Information Officer (OCIO).
• Experience with technical platforms to support competency based talent management / job role mapping (e.g. Lexonis).
• Demonstrable strong and recent existing networks in NATO ACT MDFD, NATO ACT CAP DEV, NATO SHAPE J6, NATO SHAPE J2, NCISG, NATO HQ entities (including JISD) and the NATO Education and Training Facilities (NETFs) community.
• Demonstrated ability to deliver a Learning Architecture and experience with SFIA and NICE frameworks.
• Strong project management skills.
• The candidate has a NATO SECRET security clearance, provided by the national security organization valid at the time of submission of the bid and covering the period of the contract
• Experience with working in an international environment comprising both military and civilian elements.
• Excellent written and verbal communication skills
• Demonstrable experience of working with NATO International Staff (IS) Human Resources (HR) and NATO International Military Staff (IMS) HR with regards to the mapping of Cybersecurity roles
• Demonstrable experience of NATO Lessons Learned process (for the purpose of quality  ssurance).
• Demonstrable experience with collaboration with NATO Enterprise entities in their implementation of the NATO Enterprise Digital Transformation Action Plan.

Language Proficiency

• Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level)