2025-0158 NATO Enterprise ICT Role Mapping (NS) REMOTE - 28 May

Deadline Date:  Wednesday, 28 May 2025
 
Requirement:   NATO Enterprise ICT Role Mapping
 
Location:  Off-Site
 
Not to Exceed:  2025 BASE EUR 113,400, 2026 Options, 2027 Options
 
Period of Performance:  2025 BASE 25 June 2025
 
Required Security Clearance:  NATO SECRET
 
Introduction:

• The NATO Communications and Information (NCI) Academy conducted a proof-of-concept ‘NATO Enterprise Cybersecurity Role Mapping’ initiative in 2023 and 2024as a part of a strategic cybersecurity Learning & Development (L&D) programme for the NATO Enterprise, led by the NATO Office of the Chief Information Officer (OCIO).
• The aim of this initiative was to identify commercial and NATO L&D training solutions via the mapping of NATO Enterprise cybersecurity Job Descriptions (JDs) to the following two industry-standard competency frameworks:
  • National Institute for Cybersecurity Education (NICE)
  • Skills For the Information Age (SFIA)
• NATO is currently standardising the way it describes Information and Communication
  Technology (ICT) roles1 in terms of skills. The NCI Academy is mapping each NATO
  Enterprise ICT role to the SFIA framework, in order to describe the respective skills
  along with their corresponding responsibility levels; and associated L&D training
  solutions.

• Provide Consultancy services to map NATO Enterprise ICT Roles to SFIA, at scale. This includes the subsequent alignment of the SFIA mappings to commercial and NATO L&D training solutions.
• Provide and maintain a secure, Commercial Off-The-Shelf (COTS) web- based platform for hosting NATO ICT role mappings for up to 5000 NATO ICT role profiles. The platform shall support skills analysis, L&D training solution recommendations, review/ validation, quality assurance, and reporting functions. The COTS web-based mapping platform must meet the technical requirements outlined in Annex A.

• Building on the existing mappings of NATO cybersecurity roles, the contractor shall carry out specific tasks for two distinct Work Packages (WPs), as per the respective.

• The contractor shall participate in status update meetings using conference call capabilities, according to the line manager’s instructions.
• For each WP to be considered as complete and payable, the contractor must report the outcome of their work, first verbally during the retrospective meeting and then in writing within three (3) days after the WP due date
• Coordination and progress checks shall be conducted at least twice per month during the period of performance with metrics reporting the work completed and work remaining, and during final report phase. These periodic checks can be accomplished remotely as required.
• All documentation shall be stored under configuration management. The contractor
  shall store files locally and not utilise cloud-based review/ collaboration features. File
  sharing between the contractor and NCI Academy shall take place via methods
  specified by NCI Academy.

• This is a deliverable-based contract.
• The work shall be conducted 100% offsite (e.g. at the contractor’s facilities), no travel
  required.

• Some contractor tasks under this SOW may require handling of information at the
  NATO Restricted (NR) level, in which case a REACH NR laptop will be provided.
  Consequently, in order to accomplish such tasks should these occur, the contractor
  is required to hold a NATO SECRET facility clearance and all contractor personnel
  providing the services under this SOW are required to hold a NATO SECRET security
  clearance, valid for the duration of this contract.
• Therefore, prior to contract award the Contractor shall either:
  • provide the required NATO SECRET security clearance(s) for its staff, OR
  • provide proof to the Purchaser that the required NATO SECRET security
    clearance(s) have been formally requested in accordance with national
    procedures.

• Experience with creating skills-based job profiles for ICT roles using the SFIA
  framework.
• SFIA accredited partner.
• Represented on SFIA Foundation’s Council.
• Experience with mapping job roles in large international organisations to the SFIA framework and relevant organisation specific AND commercial training offerings.
• Experience with operating secure online COTS technical platforms to support competency based talent management/ job role mappings in a large international organisation with a (partially) military staff.
• Experience with visualising SFIA job profiles and associated L&D training recommendations.
• Able to provide a job and competency library that incorporates all functional areas of an organisation, including non-digital skills.
• Mapped learning catalogues to SFIA skills and the capability to map others using AI-enabled tools.
• Demonstrate a close working relationship with the Chartered Institute of Information Security (CIISec) and supports the use of the CIISec framework.
• Demonstrable experience of working with large international organisations and extensive and recent experience with SFIA8 mapping.
• The organisation must demonstrable previous experience of hosting SFIA8 mappings in a secure, online platform, with access limited to users with appropriate credentials and permissions.
• Strong project management skills.