Security Specialist (Cyber Security, Identity & Access Management, BCM

Our client is overhauling its IT systems and the way that is processes and resources are managed. As these systems evolve, the threats to the security of their information, and associated risks, will also evolve. It is essential that our client understands these threats and risks and where necessary, plans measures to mitigate them.

Specifically, our client needs to know how their Cyber Security, Identity & Access Management (IdAM) and Business Continuity Management (BCM) environments (referred to as the, security environments, for the remainder of this document) will be affected by the changed IT landscape and how they will need to develop to ensure that the security of our client assets.

Over the years elements of these 3 security environments have often been implemented in direct response to a particular need. This has resulted in a somewhat fragmented system. In addition, as our Client moves towards a more outsourced and offshored model of service delivery to the business, the current systems are unlikely to be fully fit for purpose. A further consequence of the changed service delivery model will be new threats and vulnerabilities.

Accordingly, our Client will need a blended and integrated approach to security provision which will consist of integrated sets of tools, processes and procedures that will effectively manage and control the associated risks arising from the threats and vulnerabilities.

Lastly, this engagement will not be a purely academic exercise. Once any analysis is complete and reported, then these findings will be used to identify actual practical security requirements. Then an implementation plan will be developed so that by no later than Q4 2015, these controls will be in operational use having been implemented, tested and proven as effective.

Our client's Cyber security environment is currently being evaluated and a list of critical vulnerabilities and technical recommendations shall be available by November 2014.

The contractor shall collect and consolidate all the necessary information about the current and future planned IT landscape and the 3 security environments. The contractor shall use this to identify future functional security requirements for each of the 3 environments. These functional requirements shall be developed to identify specific security requirements that shall be used to manage and control security risks in a risk management plan. The contractor shall provide a solution design and implementation plan that, once complete, shall deliver environments that shall assure the confidentiality, integrity and availability of our client's information.

The Contractor shall evaluate IdAM requirements, identify and evaluate BCM requirements and include cyber security in a single solution design and implementation plan per environment. Based on the solution design the contractor shall recommend a suite of products that meets international and industry standards, best practice that can be implemented. Optionally, for these products a technical requirement document shall be delivered that can be used for the tender of the recommended products.