Requirement: Cybersecurity Scorecard Assessment and Coordination Support
Location: Offsite: NATO Country (70%), On-site: NHQ Brussels (25%), Site-visits: Various NATO Countries (5%)
Cost Not to Exceed: EUR 194,400 (maximum, if all optional units exercised)
Period of Performance: 2026 BASE: 13 July (tentative) to 31 December 2026
Required Security Clearance: NATO SECRET
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Special Terms and Conditions: Non-disclosure agreement must be signed
Objective:
- The objective of this engagement is to provide assessment and coordination support for enterprise
cybersecurity governance activities, specifically supporting the NATO Enterprise Cybersecurity
Scorecard (The Scorecard) process. - The contractor will assist CDT in performing assessments, coordinating stakeholders, supporting
analytical and reporting activities and ensuring that Scorecard process is executed in a structured,
consistent and traceable manner.
The contractor shall support the execution of the annual NATO Cybersecurity Scorecard Assessment
(the Scorecard) cycle by assisting CDT with planning, coordination, oversight, data consolidation and
reporting activities.
In addition to coordination and governance support activities, the contractor shall also perform the
cybersecurity assessments required for the Scorecard cycle, including conducting interviews or
workshops with relevant stakeholders, collecting assessment inputs and documenting assessment
results.
Activities within the scope include:
- Supporting preparation of the annual Scorecard execution approach and planning
documentation - Preparing assessment materials, including questionnaires, interview guidance and data
collection templates - Coordinating and conducting cybersecurity assessments of the identified entities through
remote sessions and on-site engagements - Engaging with relevant stakeholders to collect assessment inputs and supporting information
- Documenting assessment results and maintaining structured records of assessment outputs
- Maintaining tracking documentation for the Scorecard, including assessment progress and
identified issues. - Maintaining oversight documentation such as tracking dashboards, issue logs and status
summaries - Consolidating assessment inputs and maintaining structured datasets supporting Scorecard
scoring and analysis - Supporting preparation of Scorecard reports and presentation materials
- Proposing improvements to Scorecard methodology, KPIs, survey questions or scoring logic for
CDT's consideration.
Deliverables section of this Statement of Work.
Work Execution:
- The services will primarily be executed remotely.
- The contractor is expected to maintain a regular on-site presence at NATO Headquarters (Brussels),
estimated at approximately one week per month, to support coordination with the Scorecard team
and related activities. - In addition, the contractor shall perform on-site engagements as required, including visits to
participating NATO Entities to support maturity assessments, surveys and related activities. - Occasional travel to the Hague may be required for project coordination purposes, as directed by NCIA
PM in consultation CDT. - The Contractor's personnel is expected to follow the Purchaser's working hours—Monday to Thursday
from 08h30 until 17h30 and Friday from 08h30 until 15h30 and observe Purchaser's official holidays.
The Purchaser's official holidays may differ from the public holidays in the Host Nation. - This Task Order requires scheduled travel as detailed above, consisting of up to 4 visits to NCIA The
Hague (1 per quarter) for a maximum of 1 working day each visit. The travel, lodging and associated
expenses for travel are included in the price of the bid (NTE), such that the purchaser shall not be
invoiced. - Extraordinary Travel (Purchaser Directed Travel) may be required to other NATO or non-NATO
locations as necessary. In the event of such unforeseen travels being called, the cost of all travel and
subsistence will be addressed through a contract amendment. - Extraordinary Travel expenses will be reimbursed in accordance with Article 5.5 of AAS+ Framework
Contract. Such costs will be set as a separate PO line with a not to exceed value to cover and reimburse
of actual expenses upon submissions of all receipts and invoices in line with NCIA processes.
- Expertise in Cyber Security: Minimum 5 years of professional experience in cyber security with a focus on analytical assessment, scorecard development and performance metrics, including a strong understanding of Cyber Incident Management, Defensive Cyberspace Operations, Enterprise Risk Management and Cyber Threat Intelligence Analysis and Sharing.
- Experience in Metrics and Measures Development: Minimum 3 years of experience in developing meaningful and actionable cybersecurity metrics and measures.
- Methodology Development Skills: Minimum 3 years of experience in developing, refining and updating methodologies for assessing cybersecurity maturity and performance.
- Data Analysis and Visualization Proficiency: Strong skills in data analysis and the ability to create insightful visualizations for complex data sets. Familiarity with modern data visualization tools is essential, particularly PowerBI.
- Communication Skills: Strong written and verbal communication skills for engaging with various stakeholders and facilitating enterprise-wide assessments.
- Autonomous Working Capability: Capable of performing effectively and efficiently with minimal supervision.
