Terms of Reference (TOR)

For Information security consulting services

Background information

The Young Women’s Christian Association of Zambia is a Non-Governmental, non-profitable Organization dedicated to the promotion of Human Rights for the empowerment of the community especially women and children for a better society.

YWCA’s mission is to empower and protect women, youth and children through right based approaches and transformative leadership to attain a just society”.

YWCA envisions a safe and gender sensitive Zambia with equitable opportunities for Women, Youth and Children

Due to the robust nature of the YWCAs work, data management is one of the key areas of output.  Be it clients that wall through our drop-in centres for free community services and our robust SRH programming which seeks to provide information and services on Sexual Reproductive Health products and services we come into contact with a wide range of community members ranging from women, men, youths and children.  Being a membership-based institution, we manage our members data. It is for this reason as an association data management and cyber security is key as we solidify our goal to safe guard the welfare of our beneficiaries and membership.

Objective of the Assignment

To tackle the ever-changing information management landscape. Security Awareness for the organizations  understanding of cyberattack risks . This will also strengthen the organizations safeguarding measure with regard to data management and beneficiaries  we work with.

Scope of Work

Description

The Information Security consultant will be responsible for  a three days training that will :

• Support YWCA to enhance organizational resilience against cyber threats in staff.
• Create a shift in employee mindset and behavior change towards information security.
• Generate buy-in and commitment towards cyber security initiatives
• Improve audit results and demonstrate regulatory compliance.
• Reduce human error and mitigate security risks for data management.

RESPONSIBILITIES

Information Security Consultant would be responsible for providing training that will address the following skills in staff:

• Capacitate staff to monitor a variety of services and tools (including firewalls, internal account activity tools and threat information services) in order to predict, detect and diagnose threats and direct or participate in the mitigation of these threats to the organization.
• Capacitate staff to detect cyber threats and respond to cyber threats and finally to remediate information security threats and vulnerabilities.
• Review the current procedures in information security, Technical Incident Response Planning and Business Continuity Planning and advice whether they require revision.
• Support staff to understand front-line defense of networks, protect information from unauthorized access and violations.
• Enhance the capacity of staff to analyze and assess potential security risks, develop plans to deal with such incidents by putting measures in place such as firewall, IPS encryption, monitoring and auditing systems for abnormal activity, and executing corrective actions.

Prepare technical reports.

• Creating an understanding in YWCA staff to respond to threats to the security of all information, networks, and computer systems, whether on premises or cloud.

Competencies

• Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
• Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
• Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.
• Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.  A minimum of a degree in computer studies and certification in cyber security.

Work Experience

• Minimum five years of experience working daily with network or host-based threat detection technologies.
• Must be pro-active and a self-starter as this position requires a lot of independent work.
• Knowledge of networking technologies and protocols, including Ethernet, VLANs, TCP/IP and routing.
• Experience with security technologies including: Vulnerability Scanning, Firewalls & Log Analysis, Host-based detection tools, Security Event and Incident Management (SEIM), Antivirus, Network Packet Analyzers, malware analysis and forensics tools.
• Experience in analyzing audit logs, router logs, firewall logs, IDS logs and TCP/IP headers.

Reporting requirements/deliverables

The Information Security Consultant will need the following reporting requirements/deliverables, but not limited to:

1. Inception report. The inception report should mainly include: how the firm understands/interprets the ToRs; any additions/clarifications to the ToRs; a refined methodology to be adopted; action plan; expectations from AGF; and the preferred payment schedule.

2. Work plan of the cyber security training

3. Progress reports.

4. Vulnerability assessment technical review report.

6. Business Continuity review report.

7. Cybersecurity policy and procedure analysis report

8. Any other report, as required.

Confidentiality

By accepting to take part in the invitation, you agree to keep in confidence all information provided to you, whether written or oral, in relation to the invitation and/or in relation to the organization’s business generally which is not already in the public domain, to use it only for the purposes of this bid and for no other reason and not to disclose any of the said information to any third party.

Application

Please submit (through the email below) your Technical Proposals (including CVs of proposed staff), Financial Proposal (including proposed payment schedules) to the following address, on or before September 27, 2024 Email subject: “IT Security consultant application” to procurement@ywcazambia.org CC grace.muleya@ywcazambia.org.

Safeguarding statement

YWCA is an organization that is committed to the safeguarding of all, and has zero tolerance for incidents of violence or abuse including sexual exploitation or abuse, committed by either employees or others affiliated with their work.  Therefore, YWCA does not hire service providers whose background is not suitable for working with children or vulnerable adults, even if their role does not interact directly with them.