Posted Date : November 30,2022
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : CSE-14105
Government Authority located in Lenexa, Kansas; USA based organization looking for expert vendor for virtual information security (vISO) services.
[A] Budget: Looking for Proposal
[B] Scope of Service:
(1) Vendor needs to provide virtual information security officer (vISO) and managed security services, including email, phone, and on-site support to the government authority located in Lenexa, KS.
- The vISO will proactively collaborate with business units to develop and implement an information security management program, including policies and procedures, which meet the defined standards for information security and cyber security strategy.
• Cyber Security Strategy:
- Develop a cyber security strategy for agency, incorporating relevant elements of the NIST CSF, NIST SP 800-53, and critical infrastructure as they apply to the environment.
• Policies:
- Update and develop agency security policies to align with the security strategy.
• Policy Implementation:
- Coordinate and collaborate with information technology and business units to implement the policy requirements.
• Audit Remediation:
- Assist business units developing solutions to remediate internal and external audit findings.
• Executive Support:
- Provide subject matter expertise to executive management on information security standards, best practices, and compliance requirements.
• Investigations:
- Perform cyber security investigations and coordinate with external resources as needed.
• Incident Response:
- Assist and oversee incident response efforts. Provide recommendation and guidance for and evaluation of an incident response plan specific to agency’s environment. Conduct tabletop exercises to practice incident response.
• Management Reporting:
- Establish security metrics and develop the processes necessary to regularly report security metrics to senior management.
• Project Support:
- Provide subject matter expertise to project teams by offering strategic and tactical security guidance across agency projects, new technology solutions, and other areas as needed, to ensure that the development of new products and services take security design into account from the beginning.
• Security Awareness Program:
- Develop and implement a security awareness program to increase security awareness across the organization.
• Security Monitoring:
- Coordinate and collaborate with information technology to implement, optimize, and monitor security monitoring solutions.
• Support Coordination:
- Assist with identification, review, and delivery of services from external security service providers.
• Procurement:
- Assist with development of procurement guidelines related to information security
• Vendor Risk Management:
- Assist the organization performing vendor assessments, audits, and contract reviews.
• Vulnerability Management:
- Establish a vulnerability management program.
• Emergency Operations:
- Participate in agency emergency operations training regarding information security and simulated cyber incidents. Assist agency with developing and updating emergency operations policies and procedures related to information security and response to cyber incidents.
(2) All questions must be submitted no later than December 2, 2022.
(3) Contract term will be three years.
[C] Eligibility:
- Onshore (USA Organization Only);
[D] Work Performance:
NA
Budget :
Deadline to Submit Proposals: December 30,2022
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$
Product (RFP/RFQ/RFI/Solicitation/Tender/Bid Etc.) ID : CSE-14105
Government Authority located in Lenexa, Kansas; USA based organization looking for expert vendor for virtual information security (vISO) services.
[A] Budget: Looking for Proposal
[B] Scope of Service:
(1) Vendor needs to provide virtual information security officer (vISO) and managed security services, including email, phone, and on-site support to the government authority located in Lenexa, KS.
- The vISO will proactively collaborate with business units to develop and implement an information security management program, including policies and procedures, which meet the defined standards for information security and cyber security strategy.
• Cyber Security Strategy:
- Develop a cyber security strategy for agency, incorporating relevant elements of the NIST CSF, NIST SP 800-53, and critical infrastructure as they apply to the environment.
• Policies:
- Update and develop agency security policies to align with the security strategy.
• Policy Implementation:
- Coordinate and collaborate with information technology and business units to implement the policy requirements.
• Audit Remediation:
- Assist business units developing solutions to remediate internal and external audit findings.
• Executive Support:
- Provide subject matter expertise to executive management on information security standards, best practices, and compliance requirements.
• Investigations:
- Perform cyber security investigations and coordinate with external resources as needed.
• Incident Response:
- Assist and oversee incident response efforts. Provide recommendation and guidance for and evaluation of an incident response plan specific to agency’s environment. Conduct tabletop exercises to practice incident response.
• Management Reporting:
- Establish security metrics and develop the processes necessary to regularly report security metrics to senior management.
• Project Support:
- Provide subject matter expertise to project teams by offering strategic and tactical security guidance across agency projects, new technology solutions, and other areas as needed, to ensure that the development of new products and services take security design into account from the beginning.
• Security Awareness Program:
- Develop and implement a security awareness program to increase security awareness across the organization.
• Security Monitoring:
- Coordinate and collaborate with information technology to implement, optimize, and monitor security monitoring solutions.
• Support Coordination:
- Assist with identification, review, and delivery of services from external security service providers.
• Procurement:
- Assist with development of procurement guidelines related to information security
• Vendor Risk Management:
- Assist the organization performing vendor assessments, audits, and contract reviews.
• Vulnerability Management:
- Establish a vulnerability management program.
• Emergency Operations:
- Participate in agency emergency operations training regarding information security and simulated cyber incidents. Assist agency with developing and updating emergency operations policies and procedures related to information security and response to cyber incidents.
(2) All questions must be submitted no later than December 2, 2022.
(3) Contract term will be three years.
[C] Eligibility:
- Onshore (USA Organization Only);
[D] Work Performance:
NA
Budget :
Deadline to Submit Proposals: December 30,2022
Cost to Download This RFP/RFQ/RFI/Solicitation/Tender/Bid Document : 5 US$