Technical Advisor/Montenegro - Critical Infrastructure Digitalization and Resilience (CIDR) Program

CONSULTANCY TITLE: CIDR/Montenegro Technical Advisor

REPORTS TO: Senior Regional Cybersecurity Advisor

LOCATION: Montenegro

LEVEL OF EFFORT: Up to 30 days

PERIOD OF PERFORMANCE: February– July 2024

ORGANIZATION & VALUES

DAI is a global development company with corporate offices in the United States, the United Kingdom, EU, Nigeria, Pakistan, and Palestine and project operations worldwide. We tackle fundamental social and economic development problems caused by inefficient markets, ineffective governance, and instability. DAI works on the frontlines of global development. Transforming ideas into action—action into impact. We are committed to shaping a more livable world.

PROJECT BACKGROUND

The Critical Infrastructure Digitalization and Resilience (CIDR) program is a five-year regional program managed by DAI for the U.S. Agency for International Development (USAID)’s Bureau for Europe and Eurasia. CIDR assists partner governments and in-country organizations to work with key stakeholders and experts to assess cybersecurity gaps and priorities, make recommendations, and map courses of action to improve the cybersecurity of critical infrastructure and key institutions.

CIDR operates in the Western Balkans, Black Sea Region, and South Caucasus, where countries in recent years have come under more diverse and complex cyberattacks. CIDR is currently providing assistance in Albania, Georgia, Kosovo, Moldova, North Macedonia, and Serbia. This includes assistance in workforce development, cybersecurity assessment, cybersecurity governance, and information sharing of cyberattacks, threats, and solutions.

POSITION OVERVIEW

The CIDR program seeks to engage an independent consultant for two primary objectives. The first is to assess the Montenegrin cybersecurity needs of a public organization, focusing on enhancing the resilience and protection of its public-facing websites and online services against cyber-attacks. The second is to develop a comprehensive proposal for establishing an online cybersecurity training platform. This platform will include interactive courses on cyber hygiene, aimed at increasing employee awareness and understanding of cybersecurity.

The consultant's responsibilities include drafting detailed specifications for these planned interventions. With regards to enhancing web security, responsibilities are to develop detailed proposals for implementing Web Application Firewall (WAF) functionalities and for services and tools for conducting continuous and/or periodical security assessments through a web application scanning service and tools. Related to these services, the consultant will also be tasked to define detailed requirements for specialized training for employees at the organization, that will be provided by an external training center.

The consultant is responsible for detailing the technical and functional specifications for the online training platform, including course descriptions, cybersecurity topics, and interactive delivery methods for the courses to be developed and integrated into the platform, as part of achieving the second objective.

TASKS

• Conduct Pre-intervention Assessments: Evaluate interventions and activities within the Scope of Work at the recipient public institution before implementation.
• Develop Intervention Specifications: Collaborate with the CIDR Technical Team to create detailed specifications for interventions, ensuring alignment with project goals.
• Implementation Support and Monitoring: Provide support and closely monitor the implementation by vendors; Prepare comprehensive reporting documentation to track progress and outcomes.
• Additional Program Activities: Assist in implementing additional program activities as agreed upon, ensuring seamless integration with the overall project framework.
• Contribute to Stakeholder Meetings: Play a key role in preparing for and facilitating meetings with critical infrastructure stakeholders. Actively contribute to discussions with government, private sector, academia, civil society, international donors, and other actors across cybersecurity organizations.
• Prepare Technical Materials: Collaborate with partners or other staff to prepare technical materials required for project activities.
• Representation and Engagement: Represent CIDR in meetings with stakeholders, showcasing expertise and contributing to strategic discussions. Engage with various stakeholders, including government, private sector, academia, civil society, international donors, and other cybersecurity organizations.
• Additional responsibilities may be assigned as project needs evolve.

DELIVERABLES

Tasks

1. Inception report and activities plan

Delivery Date: 1 week after the contract start date

2. WAF needs Assessment

Delivery Date: 1 month after the contract start date

3. Web Application Scanning (WAS) Assessment

Delivery Date: 1 month after the contract start date

4. After Technical Team approval, presentation to government stakeholder to explain findings and plan forward

Delivery Date: 6 weeks after the contract start date

5. Determination of specs for WAF and WAS

Delivery Date: 6 weeks after the contract start date

6. Determination of specs for online platform and online interactive training courses

Delivery Date: 6 weeks after the contract start date

7. Stakeholder list and contact information for all contacts

Delivery Date: Monthly update

8. Meeting notes

Delivery Date: Weekly compilation

QUALIFICATIONS

• Bachelor’s degree with at least seven years of relevant technical, or professional experience
• Podgorica-based position, ability to travel outside of Podgorica may be needed;
• Experience working with or supporting Montenegrin government stakeholders;
• Previous experience with donor-funded cybersecurity and/or critical infrastructure strengthening programming is preferred.
• Previous experience in designing and/or managing activities aimed at raising cybersecurity awareness and building capacity is preferred.
• Excellent spoken and written English and Montenegrin.
• Experience and ability to establish and maintain relationships with diverse stakeholders.
• Experience serving as client-facing liaison for technical projects preferred.
• Possession of the professional internationally recognized certification in the field of cybersecurity, networking, or security testing is preferred.
• Ability to work in a cross-functional team.

EQUAL EMPLOYMENT OPPORTUNITY
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran.

DAI and its employees are committed to confronting discrimination in all forms, nurturing respect for our interpersonal relationships, and holding ourselves accountable for positive change within the company and in the communities, cultures, and countries in which we live and work. DAI is committed to attracting and retaining the best employees from all races, ethnicities, and backgrounds in our continued effort to become a better development partner.

DAI upholds the highest ethical standards. We are committed to the prevention of sexual exploitation, abuse, and harassment as well as other ethical breaches. All our positions are therefore subject to stringent vetting and reference checks.