Role Description The objective of this engagement is to provide governance and coordination support for enterprise cybersecurity governance activities, specifically supporting the Cyber Lessons Learned (LL) and NATO Enterprise Cybersecurity Scorecard (Scorecard) processes. The contractor will assist CDT in coordinating stakeholders, supporting reporting activities, and ensuring that cybersecurity governance processes are executed in a structured, consistent, and traceable manner. The engagement focuses on supporting two main work packages: - Cyber Lessons Learned coordination and process support - Cybersecurity Scorecard oversight The contractor will provide coordination and documentation support but will not perform operational cybersecurity activities or entity-level assessments. Qualifications - Expertise in Cyber Security: Extensive experience in cyber security with a focus on analytical assessment, scorecard development, and performance metrics. - Methodology Development Skills: Proficiency in developing, refining, and updating methodologies for assessing cybersecurity maturity and performance. - Experience with Lessons Learned or Knowledge Management Processes: Experience supporting Lessons Learned, knowledge management, or continuous improvement processes, including capturing lessons, structuring information, and tracking improvement actions. - Communication Skills: Strong written and verbal communication skills for engaging with various stakeholders and facilitating Enterprise-wide assessments. - Autonomous Working Capability: Capable of performing effectively and efficiently with minimal supervision. Requirements - Required Security Clearance: NATO SECRET - Special Terms and Conditions: Non-disclosure agreement must be signed Deliverables Deliverables are structured under two WPs corresponding to the two workstreams of the assignments. All deliverables will be assessed according to the criteria described in General Acceptance Criteria. Work Package I – Cyber Lessons Learned Coordination Support - Deliverable WP1-D1: Lessons Learned Coordination Plan - Deliverable WP1-D2: Lessons Learned Capture Template - Deliverable WP1-D3: Lessons Learned Register - Deliverable WP1-D4: Lessons Learned Workshop Summary Reports - Deliverable WP1-D5: Lessons Learned Consolidation Report Work Package II – Scorecard Oversight Deliverables - Deliverable WP2-D1: Scorecard Oversight Tracking Dashboard - Deliverable WP2-D2: Contractor Deliverable Review Report Payment Schedule - WP1-D1: 7% of total contract value. Due: 2026 Q3. - WP1-D2: 5% of total contract value. Due: 2026 Q3. - WP1-D3: 30% of total contract value. Due: 2026 Q3. - WP1-D4: 20% of total contract value (5% each). Due: 2026 Q3–Q4. - WP1-D5: 23% of total contract value. Due: 2026 Q4. - WP2-D1: 5% of total contract value. Due: 2026 Q3–Q4. - WP2-D2: 10% of total contract value (2.5% each). Due: 2026 Q4. Work Execution The work will be executed remotely; no travel is considered. The Contractor's personnel are expected to follow the Purchaser's working hours and observe the Purchaser's official holidays. Reporting At the end of each milestone, the Contractor shall report the completion and achievements to the Purchaser POC via email for each resource providing services under this SoW. Period of Performance The service is expected to start on 03 August 2026 (tentative) and end no later than 31 December 2026. Security and Non-Disclosure Agreement The resource providing services under this SoW must be in possession of a security clearance of NATO SECRET or above. The signature of a Non-Disclosure Agreement between the contractors contributing to this task and NCIA will be required prior to execution.