2026-0094 Cyber Governance Support - Lessons Learned Scorecard (NS) - MON 6 Jul

About the role

Deadline Date: Monday 06 July 2026 Requirement: Cyber Governance Support - Lessons Learned and Scorecard Oversight Location: Offsite in a NATO Country Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states "Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at-home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs. Period of Performance: 2026 BASE: 03 August 2026 (tentative) to 31 December 2026 Required Security Clearance: NATO SECRET Special Terms and Conditions: Non-disclosure agreement must be signed 1. OBJECTIVE The objective of this engagement is to provide governance and coordination support for enterprise cybersecurity governance activities, specifically supporting the Cyber Lessons Learned (LL) and NATO Enterprise Cybersecurity Scorecard (Scorecard) processes. The contractor will assist CDT in coordinating stakeholders, supporting reporting activities and ensuring that cybersecurity governance processes are executed in a structured, consistent and traceable manner. The engagement focuses on supporting two main work packages: Cyber Lessons Learned coordination and process support Cybersecurity Scorecard oversight The contractor will provide coordination and documentation support but will not perform operational cybersecurity activities or entity-level assessments. 2. SCOPE OF WORK The contractor shall provide governance support services across two distinct Work Packages (WP). 2.1 Work Package I - Cyber Lessons Learned Support The contractor shall support the implementation and operationalization of the Cyber Lessons Learned process among relevant cybersecurity stakeholders, ensuring that lessons related to cybersecurity activities are systematically identified, captured, structured, coordinated and tracked. In support of this objective, the contractor shall assist CDT in coordinating stakeholders involved in the relevant enterprise cybersecurity processes and facilitating the capture and documentation of lessons learned. Activities within the scope include: Supporting the implementation and operationalization of the Cyber Lessons Learned process across relevant cybersecurity stakeholders Engaging stakeholders involved in the relevant cybersecurity processes Coordinating the capture and structuring of lessons learned information Supporting documentation of changes made to procedures or documentation resulting from lessons learned Supporting the organization and documentation of Lessons Learned coordination meetings and workshops Supporting the maintenance of templates, repositories or portals used to capture lessons learned information The contractor will act as a coordinator supporting stakeholders involved in the Lessons Learned process. 2.2 Work Package II - Cybersecurity Scorecard Oversight Support The contractor shall provide coordination and oversight support related to the execution of the annual NATO Cybersecurity Scorecard Assessment (Scorecard) cycle, ensuring visibility of progress and alignment with Lessons Learned processes. Activities within the scope include: Supporting coordination of the Assessment Team (including contractors) performing Scorecard activities Reviewing contractor outputs and providing quality assurance observations to CDT Maintaining oversight documentation such as tracking dashboards, issue logs and status summaries Scorecard outputs may also be used as inputs to support the Cyber Lessons Learned process. 3. DELIVERABLES Deliverables are structured under two WPs corresponding to the two workstreams of the assignments. All deliverables will be assessed according to the criteria described in General Acceptance Criteria. Where relevant, additional deliverable-specific criteria are defined below. 3.1 Work Package I - Cyber Lessons Learned Coordination Support The contractor shall provide the following deliverables supporting the Cyber Lessons Learned process. 3.1.1 Deliverable WP1-D1 Deliverable Name: Lessons Learned Coordination Plan Description: Documentation describing the approach for coordinating the Cyber Lessons Learned process among relevant cybersecurity stakeholders. Contents: Stakeholder engagement approach; Description of the Lessons Learned workflow; Coordination structure supporting the process Format: Process documentation report Acceptance Criteria: Stakeholder engagement approach documented and aligned with identified cybersecurity stakeholders; Lessons Learned workflow clearly defined from capture through closure; Roles, responsibilities and coordination structure documented; Process supports traceability of lessons through implementation; Document delivered by agreed milestone; Accepted by CDT Technical Lead without material rework KPIs: KPI 1.1 - Timely Delivery: Coordination Plan delivered by agreed due date: 100%. KPI 1.2 - Completeness: Mandatory sections comple

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at EMW, Inc.? Share your experience