1. Activity Background:

The purpose of the US Agency for International Development (USAID) Cybersecurity for Critical Infrastructure in Ukraine Activity is to strengthen the resilience of Ukraine’s critical infrastructure from cyberattacks by establishing trusted collaboration between key cybersecurity stakeholders in the government, private sector, academia, and civil society. The activity aims to achieve this goal by implementing the following activity components:

Component 1: Strengthen the cybersecurity enabling environment

The legal, regulatory, and institutional framework for national cybersecurity in Ukraine needs to be strengthened and aligned with international standards and best practices. This component will strengthen the cybersecurity resilience of Ukraine’s critical infrastructure sectors by addressing legislative gaps, promoting good governance, enabling collaboration between stakeholders, and supporting cybersecurity institutions. This component will also build the technical capacity of key sectors through increased access to cybersecurity technology and equipment.

Component 2: Develop Ukraine’s cybersecurity workforce

Ukraine suffers from a severe shortage of cybersecurity professionals. This component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity will address workforce gaps through activities that develop new cybersecurity talent and build the capacity of existing talent. These activities will address the entire workforce pipeline, the quality of education received by cybersecurity specialists, and industry training programs to rapidly upskill Ukraine’s workforce to respond to immediate cybersecurity vulnerabilities.

Component 3: Build a resilient cybersecurity industry

A growing cybersecurity industry in Ukraine will contribute directly to national security and prosperity. This component will seek to build trust and collaboration between the public and private sector to develop innovative solutions for future cybersecurity challenges; spur investment and growth in the broader cybersecurity market in Ukraine through greater access to financing; support smaller cybersecurity companies to rapidly increase the number of local cybersecurity service providers; and offer mechanisms for Ukrainian firms to connect with industry partners to enable better access to innovations and business opportunities.

2. Context:

  The State Service for Special Communications and Information Protection (SSSCIP) is a specialized central executive body and is among Government of Ukraine authorities that play a role in ensuring Ukraine’s cybersecurity. Specifically, SSSCIP is responsible for developing and implementing government policy to protect the information resources and critical information infrastructure.

In October 2019, SSSCIP embarked on a reform aimed at optimizing its structure and functions to be more effective, efficient, and capable of protecting critical infrastructure objects from cyber threats. As part of our support for broader cybersecurity reforms in Ukraine, the Activity is providing assistance and expertise needed to SSSCIP as part of their reform process.  There is a plan announced by the GOU stakeholders to split governmental communications, information protection and cybersecurity functions for improving cybersecurity governance, reducing management risks, increasing transparency and accountability.  The Activity seeks to build the capacity of the SSSCIP to managing reforms by providing the assistance of the embedded Project Manager responsible for the planning, creation and management of the implementation plan for the SSSCIP restructuring reform needs.

The Project Manager will serve in a dedicated (embedded) capacity to SSSCIP, while working under the oversight of the Enabling Environment Lead and COP in close coordination with the Implementing Partners. 

 SSSCIP has specifically requested assistance in developing the following:

• A comprehensive project plan to support the proposed restructuring of the organization
• Development and monitoring of a list of priority processes and procedures to improve organization, transparency, and coordination with other stakeholders
• Development of methodologies, guidelines policies for the change management implementation, training staff for performing new cybersecurity work roles / functions.

3. The scope of work for this effort will include the following:

• Review and analyze previous audits and available information of the existing cybersecurity functions (protection, regulation, administrative) of SSSCIP and their relevance to the development of cybersecurity governance as managed service framework
• Develop a presentation for change management clearly defining and assigning regulatory and administrative functions/responsibilities, improving cybersecurity governance, reducing management risks, increasing transparency and accountability
• Develop a detailed project plan based on needs as articulated by SSSCIP, DAI, and other stakeholders, as well as an understanding of the available resources
• Contribute to the development of the legislative agenda in support of the roadmap endorsed by GOU stakeholders change management vision (restructuring plan)
• Manage project progress and adapt work as required (adherence to the project implementation plan, risk management, change management, etc.)
• Ensure projects meet deadlines, timely escalation of issues and red flags within implementation and delivery processes
• Development of methodologies, guidelines policies for successful implementation of the projects, and train SSSCIP staff as appropriate to ensure continuity
• Conduct reviews, customize, facilitate coordination and monitoring of key administrative processes
• Coordinate and facilitate relevant working groups to support project activities, contribute to the preparation of the dedicated round-tables/workshops, deliver presentations
• Carry out project monitoring activities, collection and analysis of necessary data, providing regular progress reports to the Enabling Environment Lead and SSSCIP
• Preparation of slides for presentations, infographics on the project implementation progress.

Recommendation Handouts. The Project Manager is required to prepare a separate document containing the recommendation statements related to the development of cybersecurity governance as managed service framework. It is expected to be a short (two-page maximum) briefing handout that can be distributed to Ukrainian policy makers that can help guide their work in developing restructuring plan. 

Presentation of the Results. The Project Manager shall prepare and deliver a presentation for changed management clearly defining and assigning regulatory and administrative functions/responsibilities, improving cybersecurity governance, reducing management risks, increasing transparency and accountability to the USAID Mission representatives, Activity team and identified interested stakeholders tentatively March 15 – March 30, 2021. Electronic version of the presentations in PowerPoint shall be delivered, branded with requirements of the USAID Cybersecurity Activity.

4. Required Qualifications:

• MA in Business or Business Administration, Management, Technology, Law, Public Administration
• Minimum 5 (five) years professional experience in technological (information protection, cybersecurity, digital) policy development, and implementation, public governance reforms in Ukraine
• Experience with international projects, preferably with the GOUs stakeholders
• Excellent written and spoken English and Ukrainian language skills required.

Qualified candidates should send their CV and cover letter to [email protected]. Only short-listed candidates will receive notice requesting additional information.