1 Executive Summary

The purpose of the services is to provide Professional service and align IT services with CLIENT business strategy, business objectives and targets. This document gives details of Renewal of Cyber Security Support Services which Includes Network Security Device Management, Daily IT/OT Security Operation of CLIENT Network Security Infrastructure.

2 Project Overview

CLIENT is looking for a well-established Professional service provider who can provide development and support for Cyber Security Operation.

Also, the proposed service includes replacement resources to continue operational support for 1 month during any planned annual leave. The replacement engineer shall come onsite and take a handover before the annual leave to ensure proper handover.

The vendor has to confirm the following:

The vendor has to sign the compliance sheet to confirm their acceptance and compliance of the scope of work.

3 Guidelines

3.1 Proposal content / format The vendor should organize their responses based on PR NO 229013 to facilitate the evaluation process. To secure vendor information in a form that ensures the evaluation criteria can be systematically applied, vendor must meet the following:

a. SOW.

4 Scope of Work

4.1 Key Accountabilities:

? Designing, implementing, and configuring, migrating and fine-tuning the security devices and conducting health checks on the security devices.

? Participates in evaluation, and selection of IT security products, such as, firewalls, intrusion detection/prevention systems, anti-virus, anti-spyware, Email Security, VPN, remote access devices, web content filtering servers, proxy appliances, IT Security

appliances, Multi-factor authentication, SSL-VPN, Forensic analysis tools, Anti-Malware systems, etc.; and Participates in the planning and the implementation of all computing and network infrastructure projects (i.e., upgrades, enhancements, etc.) to ensure compliance with the IT Security architecture.

? Conducts forensic analysis and fraud investigation related to electronic data of client the event of any breach or suspicious activity,

? Keeps the Senior Management informed and maintains confidentiality in the matter.

? Working with client  Initiatives and projects as per client VP-IT provide nomination name upon client request.

? Investigates, Monitors, and identifies any actual or potential information security violations/risks. Reports to Management all actual and potential security violation/risks and recommends appropriate solutions to eliminate or minimize their potential impact.

? Conducts and overlooks professional Risk Assessment exercise as per client IT Security guidelines Identifies potential risks and affected assets,

? Collates and compiles reports on current risk state of the organization and evaluates it at regular intervals & devised timelines,

? The Risk assessment conducted will be in two phases including vulnerability assessment and Penetration tests, the Procedures and the extent of penetration and various mechanisms are to be devised & governed by the IT Security Officer,

? Governs and overlooks the SOC environment and their findings to collate and compile reports and mitigate threats & Risks.

? Provide 24/7 support to handle the issues related the Infrastructure and handling the operational tasks.

? Handling OT (Operational Technology) Network Security projects and activity.

? Performs other related duties as assigned by Department Manager such as , ensuring completion and accuracy of documentation/reports necessary for project development and project management, training junior employees including determining needs, recommending appropriate programs and monitoring progress, providing specialist technical expertise and consultancy on advanced development.

strategies to end users/Information Technology Division’s Management, providing guidance to work associates to translate business requirements into IT solutions and ensuring completeness, correctness, and quality of the delivered product, keeping abreast of latest development in the field, etc.

? Designs and implements the IT security architecture and infrastructure to ensure data protection and data integrity across all IT verticals, according to best practices and recognized Information Security standards.

? Evaluates and recommends improvements to existing IT Security Architecture and Infrastructure,

? Designs and continuously improves the Security Architecture based on best practices and latest trends/requirements.

? Implements end to end Security to cover all IT verticals (Applications, Database, Systems, Servers, Networks, etc.),

? Analyzes business process changes and liaises with IT strategy team to study scope and impact analysis to ensure that these changes are compliant with the Security guidelines and objectives and adhere to CLIENT IT Security policy & practices.

? Leads the CLIENT initiative for security framework and compliance achievement,

? Prepares Standards and Procedures to achieve and maintain the required compliance level,

? Continuously monitors the compliance state and audit to maintain the compliance level once achieved.

? Continuously monitors the operation state and maintains the security appliances at CLIENT.

? Develops IT Security policy, processes, and Security standards, and assists in implementing the policies and standards across CLIENT,

? Constantly revises and develops the IT Security policies, procedures, and standards to keep abreast with business requirements and latest trends/security requirements,

? Works closely with HR and Legal department to imply Security concerns and matters.

4.2 Budgets

? Provide input for preparation of the Department budgets and assist in theimplementation of the approved Budget and work plans to deliver Section objectives.

? Investigate and highlight any significant variances to support effective performance andcost control

4.3 Policies, Systems, Processes & Procedures

? Implement approved Department policies, processes, systems, standards and proceduresin order to support execution of the Section’s / Department work programs in line with Company and International standards.

4.4 Performance Management

? Contribute to the achievement of the approved Performance Objectives for the Section /Department in line with the Company Performance framework.

4.5 Health, Safety, Environment (HSE) and Sustainability

? Comply with relevant HSE policies, procedures & controls and applicable legislation and sustainability guidelines in line with international standards, best practices and CLIENT Code of Practices.