Type of document: Contract Notice
Country: United Kingdom
1. Title: RIIO-2 CYBER SECURITY SUBMISSIONS REVIEW – ROLE 2 – PROJECT PMO SUPPORT/ANALYST – SHORT DEADLINE
2. Awarding Authority: Gas & Electricity Markets Authority (Ofgem), GB. Web:
3. Contract type: Service contract
4. Description: Understand and map cyber security control requirements (i.e. NIS regulations, industry best practice) against OES’s RIIO-2 submissions.
Review OES’s submission costs, security improvement plans & project timelines.
Perform security reviews, facilitate workshops, producing high quality decision reports covering the assigned OES scope, aligned with compliance & regulatory requirements.
5. CPV Code(s): 72000000, 72700000
6. NUTS code(s): UKI, UKI4, UKI42
7. Main site or location of works, main place of delivery or main place of performance: Location London
Address where the work will take place The majority of the reviews will take place on Ofgem’s premises at 10 South Colonnade, Canary Wharf, London E14 4PU
8. Reference attributed by awarding authority: Not provided.
9. Estimated value of requirement: Not provided.
10. Closing date for applications 1.11.2019 (23:59).
11. Address to which they must be sent: For further information regarding the above contract notice please visit
12. Other information: Deadline for asking questions Tuesday 29 October 2019 at 11:59pm GMT
Specialist role Cyber security consultant
Latest start date Monday 25 November 2019
About the work
Opportunity attribute name Opportunity attribute value
Early market engagement
Who the specialist will work with The Specialist will be working with other Cyber Security specialists working on the RIIO2 OES submissions. The NIS Regulations impose new duties on Operators of Essential Services (“OES”) and give relevant Competent Authorities (“CAs”) new powers and responsibilities to ensure OES are meeting those duties. Ofgem is a joint CA with BEIS, for the Downstream Gas and Electricity sectors in Great Britain.
What the specialist will work on Project PMO support / Analyst (x1 resource)
A project PMO/analyst with experience in cyber security, with extreme attention to detail, able to understand and map cyber security control requirements (i.e. NIS regulations, industry best practice) against OES’s RIIO-2 submissions.
Ability to review OES’s submission costs, security improvement plans & project timelines.
This role will require knowledge performing security reviews, facilitating workshops, producing high quality decision reports covering the assigned OES scope and aligned with compliance & regulatory requirements.
Working arrangements The contract will be for total of 50 input days starting in November 2019. The selected company/candidate must be available to commence this assignment on mid November 2019 and be available until late January 2020.
Security clearance Staff visiting Ofgem’s & OEM’s premises shall hold at least a minimum of BPSS (Baseline Personnel Security Standard) level security clearance. The Contractor is responsible for obtaining clearance for all Staff and shall bear all costs associated with the clearance process.
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
Three years’ proven track record of delivery of complex information security control reviews ideally in the industrial cyber security space
have 3 years’ proven track record of cyber security assessments, report writing, programme management, project & budget reviews
Clear evidence of a track record of successful project engagements covering a minimum of 6 of the topics listed below
Industrial cyber security strategy & architecture
Project Planning
Security assessments; d) Budgeting & timelines management
Asset management; f) Programme management responsibilities including tracking timelines, milestones & budgets
Industrial control systems controls & regulations (NIS, NERC-CIP, ISA/IEC 6443, NIST 800-53/8, etc.)
Data protection; i) Application security
Industrial Health & Safety requirements; k) Identity & Access management
Change management; m) Malware & antivirus management
Information Security processes & policies; o) Incident response
Vulnerability management; q) System security
Security awareness and training; s) Security monitoring
Third party vendors & access management; u) Portable media
Resilience and business continuity
Nice-to-have skills and experience
demonstrate their knowledge of the energy sector through direct experience with energy stakeholders
demonstrate a knowledge of agile working practices
How suppliers will be evaluated
How many specialists to evaluate 6
Cultural fit criteria
Be able to engender confidence with OES and Ofgem
Work well under pressure
Take responsibility for delivering successfully
Work well in a transforming environment
Work well in a team and autonomously
Additional assessment methods
Reference
Interview
Presentation
Evaluation weighting
Technical competence
50%
Cultural fit
20%
Price
30%
TKR-20191028-EX-1195376
