UNDP Jobs - 88707- International Consultant (Data Security Expert)-UN

International Consultant (Data Security Expert)-UNDP- LOTFA TFMU, Governance for Peace Unit

Location :

KABUL, AFGHANISTAN

Type of Contract :

Individual Contract

Starting Date :

15-Dec-2019

Application Deadline :

03-Dec-19 (Midnight New York, USA)

Post Level :

International Consultant

Duration of Initial Contract :

22 working days

Languages Required :

English

Expected Duration of Assignment :

22 working days

UNDP is committed to achieving workforce diversity in terms of gender, nationality and culture. Individuals from minority groups, indigenous groups and persons with disabilities are equally encouraged to apply. All applications will be treated with the strictest confidence. UNDP does not tolerate sexual exploitation and abuse, any kind of harassment, including sexual harassment, and discrimination. All selected candidates will, therefore, undergo rigorous reference and background checks.

Background

UNDP is committed to augmenting the capacity of the GIROA to administer Rule of Law and improve security and justice service-delivery for all Afghan citizens. As the lead Rule of Law institution in the country, improving the ability of the Ministry of Interior Affairs (MOIA) to fulfill its mandate remains critical to the overall stability of Afghanistan and its people. As the UN’s primary development agency, and a longstanding development partner to GIROA’s Rule of Law and Security sector, UNDP Afghanistan plays a leading role in facilitating institutional reform and development of MOIA;

UNDP has operated the LOTFA since 2002. LOTFA was created to support the establishment, payment, equipment and training of the police force in Afghanistan. The central goal is to support the GIROA in achieving a paid, professional Afghan National Police (ANP) and staff of the General Directorate for Prison and Detention Centres (GDPDC) that deliver essential services to the Afghan people for improved public trust, safety and security and to support improved rule of law enforcement;

Based on consultations conducted between UNDP, the GIROA and donors during 2017, a growing view emerged that the scope of LOTFA should be expanded to include the entire justice chain (police, courts and prisons) and cover all institutions across the entire Rule of Law sector, with an increased focus on anti-corruption. Simultaneously, the LOTFA structure has been revised to bring it more in line with international standards and best practices on Trust Fund management and administration;

Following the approval of the new LOTFA Multi Partner Trust Fund Terms of Reference (TOR) and Strategic Framework by the LOTFA Steering Committee in November 2018, a robust M&E system for LOTFA was established. This system measures progress and impact over-time of Trust Fund interventions and so informs LOTFA stakeholders based on empirical quantitative and qualitative data on the direction of the Trust Fund planning and programming.

Duties and Responsibilities

SCOPE OF WORK AND DELIVERABLES

Objective of the assignment:

UNDP Afghanistan has recently started developing a LOTFA analytical dashboards for real-time data collection and analysis, visualization and reporting. Analytical dashboards cover activities across all LOTFA thematic windows, serves as a data collection and storage platform, various levels of reporting for LOTFA stakeholders and support communication outreach activities for all LOTFA;

Currently the dashboards are accessible only by UNDP Afghanistan staff and is protected by login/password combination, data is stored on servers located in Nairobi and managed by ONA, a third-party private company. In the future, the access to the analytical dashboards will be provided to the relevant Afghan ministries, the donor/international community, and other key stakeholders;

As a primary objective of this assignment, the consultant is expected to review existing data and security policies, data sharing and classification requirements and prepare recommendations on improvement of overall security policies for LOTFA analytical dashboards;

Under direct guidance of the LOTFA M&E Team Leader, the International Consultant will be responsible for the following tasks.

Tasks:

Engage with key stakeholders to assess and review the following:

Data sharing requirements;
Data classification requirements.

Review all existing data policy documents (UNDP/MPTF data protection policy and UNDP digital strategy, data classification/security policy within the ministries and key donors), identify gaps and provide recommendations on data sharing policies in line with best practices and data protection/sharing laws and guidelines where applicable. This should include at least the following:

End-user acceptable use policies;
Third-party data-sharing policies;
Data classification policies.

Review the architecture and operation of the data analytics platform and identify any immediate data protection concerns and vulnerabilities. Make recommendations on future data and information security requirements and assessment criteria. This should include:

Secure storage and transmission of data;
End-user and administrative data access controls;
Auditing of data access, especially relating to any sensitive data;
Risk assessments and recommendation of mitigation measures.

The assignment shall be no more than 22 working days with the following proposed breakdown:

5 days for initial preparation and documentation review;
7 days Kabul for meetings with key stakeholders and ICT departments in UNDP, relevant ministries, donors, etc;
3 days discussion with Ona (home-based) on data security and data protection requirements and measures;
7 days – Report writing with recommendations on how LOTFA data sharing/protection architecture should be designed as well as improvement and further development of current draft LOTFA Data Protection and Sharing Policy which was developed in conjunction with ONA.

EXPECTED DELIVERABLES

Deliverable 1 – Inception report - 5 working days; 20%

Inception report outlining results of the literature review, preparation and approved work plan.

Deliverable 2 – Final report - 17 working days; 80%

Final report summarising findings of threat and risk assessment of potential abuse of sensitive data by end-users, data providers, system integrators/developers and other third parties; recommendations on how LOTFA data sharing/protection architecture should be designed as well as improved, comprehensive LOTFA Data Protection and Sharing Policy in line with UNDP’s corporate policy and guidelines.

Payment Modality. Payments under the contract will be linked to the deliverable and made on receipt of the specific milestones indicated above according to the UNDP procurement formats for individual contractors.

WORKING ARRANGEMENTS

Institutional Arrangements:

Under the overall guidance of the Head of Governance for Peace unit, the international consultant will work under the overall supervision of the LOTFA M&E Team Leader and LOTFA senior M&E Advisor. The Consultant shall also work in close collaboration with the other members of the LOTFA M&E Team.

Duration of the Work:

The performance under the contract shall take place over total contract duration of 22 working days within a 1-month duration.

Duty Station:

Homebased, with one in-country visit to Kabul, Afghanistan. When in Kabul, the contractor will report regularly to the Governance for Peace Unit (UNOCA) during the working hours, security conditions permitting. The contractor will follow the working hours and weekends as applicable to UNDP CO staff. Contractor’s movement for meetings and consultations shall be coordinated by the Governance for Peace Unit. The contractor is at all times required to observe UNDP security rules and regulations.

PRICE PROPOSAL AND SCHEDULE OF PAYMENTS;

The Contractor shall submit a price proposal as below

Daily Fee –. The Consultant shall propose a daily fee which should be inclusive of his/her professional fee, local communication cost, insurance (inclusive of medical health and medical evacuation etc.), equipment, and other costs required for performance of the contract but excluding travel, visa and DSA. The number of working days for which the daily fee shall be payable under the contract is 22 working days over a contract duration of 1 month.
DSA – The Consultant shall be separately paid the DSA as per applicable UNDP rate for stay in Kabul and travel to other locations as per actual number of nights spent in Kabul or other locations. Deductions from DSA shall be made as per applicable UNDP policy when accommodation and other facilities are provided by UNDP. An estimated provision in this regard shall be included in the contract. The consultant needs not quote for DSA in Financial Proposal.
Accommodation in Kabul - The Consultants are NOT allowed to stay in a place of their choice other than the UNDSS approved places in Kabul, Afghanistan. UNDP will provide accommodation to the Consultant for the duration of the stay in duty station (Kabul) in UNDSS approved places. Deductions in this regard shall be made from DSA payment as per applicable UNDP Policy.
Travel – The Consultant shall include lumpsum cost of travel including one trip for Home-Kabul-Home and one trip Home-Nairobi-Home in the Financial Proposal. Any other travel for work, originating from Kabul shall be payable by UNDP separately as per applicable Policy.
Visa – UNDP shall facilitate visa requirements and reimburse the visa cost, if any;
Payment schedule - Payments towards fee shall be deliverable-based and shall be made upon submission and acceptance of the deliverables and certified timesheet. Payment towards travel shall be made on an instance of actual travel and shall be cost-reimbursable limited to the amount quoted in Financial Proposal. Payments towards DSA, Visa, etc. shall be cost-reimbursable, as specified above.

Competencies

Core competencies:

Promotes ethics and integrity and creates organizational precedents;
Builds support and political acumen;
Builds staff competence and creates an environment of creativity and innovation;
Builds and promotes effective teams;
Creates and promotes environment for open communications;
Leverages conflict in the interest of UNDP and sets standards;
Shares knowledge across the organization and builds a culture of knowledge sharing and learning.

Required Skills and Experience

Required expertise and experience:

Master’s Degree in Computer and Information Security, or related fields;
Extensive experience (at least 10 years) with specific focus on information security;
Experience working with governments, multi-national clients and donor organizations;
Experience in designing and implementation of secure network perimeter defences, endpoint protection solutions and incident response services;
Experience with conducting analysis and assessments of security architectures;
Experience in developing security policies, procedures and standards.

Language:

Excellent command of written and oral English.

EVALUATION METHOD AND CRITERIA;

Individual consultant will be evaluated based on the following methodology:

Cumulative analysis

The award of the contract shall be made to the individual consultant whose offer has been evaluated and determined as:

Responsive/compliant/acceptable; and;
Having received the highest score out of a pre-determined set of weighted technical and financial criteria specific to the solicitation.

Technical Criteria weight 70%;

Financial Criteria weight 30%.

Only candidates obtaining a minimum of 49 points (70% of the total technical points) would be considered for the Financial Evaluation.

Technical Criteria 70 points

Qualification and Experience (30 marks) [evaluation of CVs for shortlisting]

Educational Qualification (5 marks);
Experience relevant to the assignment (15 marks);
International experience in developing data protection policies and procedures (10 marks).

Technical proposal (40 marks)

This explains the understanding of the objectives of the assignment and approach to the services, methodology for carrying out the activities and obtaining the expected output.

Documents to be included when submitting the proposals:

Interested individual consultants must submit the following documents/information to demonstrate their qualifications in one single PDF document:

Financial proposal: that indicates the all-inclusive fixed total contract price, supported by a breakdown of costs, as per template provided Financial Proposal Template using the template provided by UNDP (Annex II) to be completed by consultant at application stage.
Personal CV, indicating all past experience from similar projects, as well as the contact details (email and telephone number) of the Candidate and at least three (3) professional references.
Technical Proposal and Methodology This explains the understanding of the objectives of the assignment and approach to the services, methodology for carrying out the activities and obtaining the expected output.

Annexes (click on the hyperlink to access the documents):

Annex 1 - IC Contract Template (for information);
Annex 2 - Financial Proposal Template using the template provided by UNDP (to be completed by consultant at application stage);
Annex 3 – IC General Terms and Conditions (for information);
Annex 4 – RLA Template (if consultant wishes to be recruited through an employer) - (for information).

Note: Incomplete applications will result in automatic disqualification of candidate.