2026-0089 Cybersecurity Scorecard Assmt. and Coordination (NS) BELGIUM - 18 Jun

Deadline Date: Thursday 18 June 2026
 
Requirement: Cybersecurity Scorecard Assessment and Coordination Support
 
Location: Offsite: NATO Country (70%), On-site: NHQ Brussels (25%), Site-visits: Various NATO Countries (5%)
 
Cost Not to Exceed: EUR 194,400 (maximum, if all optional units exercised)
 
Period of Performance: 2026 BASE: 13 July (tentative) to 31 December 2026
 
Required Security Clearance: NATO SECRET
 
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:

1. Current National or NATO SECRET clearance
2. Nationality of one of the NATO member countries
3. Current work visa for the specific location if applying for an in-country position

Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
 
Special Terms and Conditions: Non-disclosure agreement must be signed
 
Objective:

• The objective of this engagement is to provide assessment and coordination support for enterprise
  cybersecurity governance activities, specifically supporting the NATO Enterprise Cybersecurity
  Scorecard (The Scorecard) process.
• The contractor will assist CDT in performing assessments, coordinating stakeholders, supporting
  analytical and reporting activities and ensuring that Scorecard process is executed in a structured,
  consistent and traceable manner.

Scope of Work:
 
The contractor shall support the execution of the annual NATO Cybersecurity Scorecard Assessment
(the Scorecard) cycle by assisting CDT with planning, coordination, oversight, data consolidation and
reporting activities.

In addition to coordination and governance support activities, the contractor shall also perform the
cybersecurity assessments required for the Scorecard cycle, including conducting interviews or
workshops with relevant stakeholders, collecting assessment inputs and documenting assessment
results.

Activities within the scope include:

• Supporting preparation of the annual Scorecard execution approach and planning
  documentation
• Preparing assessment materials, including questionnaires, interview guidance and data
  collection templates
• Coordinating and conducting cybersecurity assessments of the identified entities through
  remote sessions and on-site engagements
• Engaging with relevant stakeholders to collect assessment inputs and supporting information
• Documenting assessment results and maintaining structured records of assessment outputs
• Maintaining tracking documentation for the Scorecard, including assessment progress and
  identified issues.
• Maintaining oversight documentation such as tracking dashboards, issue logs and status
  summaries
• Consolidating assessment inputs and maintaining structured datasets supporting Scorecard
  scoring and analysis
• Supporting preparation of Scorecard reports and presentation materials
• Proposing improvements to Scorecard methodology, KPIs, survey questions or scoring logic for
  CDT's consideration.

The above activities will directly contribute to the production of the deliverables listed in the
Deliverables section of this Statement of Work.
 
Work Execution:

• The services will primarily be executed remotely.
• The contractor is expected to maintain a regular on-site presence at NATO Headquarters (Brussels),
  estimated at approximately one week per month, to support coordination with the Scorecard team
  and related activities.
• In addition, the contractor shall perform on-site engagements as required, including visits to
  participating NATO Entities to support maturity assessments, surveys and related activities.
• Occasional travel to the Hague may be required for project coordination purposes, as directed by NCIA
  PM in consultation CDT.
• The Contractor's personnel is expected to follow the Purchaser's working hours—Monday to Thursday
  from 08h30 until 17h30 and Friday from 08h30 until 15h30 and observe Purchaser's official holidays.
  The Purchaser's official holidays may differ from the public holidays in the Host Nation.
• This Task Order requires scheduled travel as detailed above, consisting of up to 4 visits to NCIA The
  Hague (1 per quarter) for a maximum of 1 working day each visit. The travel, lodging and associated
  expenses for travel are included in the price of the bid (NTE), such that the purchaser shall not be
  invoiced.
• Extraordinary Travel (Purchaser Directed Travel) may be required to other NATO or non-NATO
  locations as necessary. In the event of such unforeseen travels being called, the cost of all travel and
  subsistence will be addressed through a contract amendment.
• Extraordinary Travel expenses will be reimbursed in accordance with Article 5.5 of AAS+ Framework
  Contract. Such costs will be set as a separate PO line with a not to exceed value to cover and reimburse
  of actual expenses upon submissions of all receipts and invoices in line with NCIA processes.

Qualifications:

• Expertise in Cyber Security: Minimum 5 years of professional experience in cyber security with a focus on analytical assessment, scorecard development and performance metrics, including a strong understanding of Cyber Incident Management, Defensive Cyberspace Operations, Enterprise Risk Management and Cyber Threat Intelligence Analysis and Sharing.
• Experience in Metrics and Measures Development: Minimum 3 years of experience in developing meaningful and actionable cybersecurity metrics and measures.
• Methodology Development Skills: Minimum 3 years of experience in developing, refining and updating methodologies for assessing cybersecurity maturity and performance.
• Data Analysis and Visualization Proficiency: Strong skills in data analysis and the ability to create insightful visualizations for complex data sets. Familiarity with modern data visualization tools is essential, particularly PowerBI.
• Communication Skills: Strong written and verbal communication skills for engaging with various stakeholders and facilitating enterprise-wide assessments.
• Autonomous Working Capability: Capable of performing effectively and efficiently with minimal supervision.