This specific tender is managed via the new supplier portal system of UNDP Quantum. If you are interested in submitting a bid for this tender, you must subscribe following the instructions in the user guide. If you have not registered a profile with this system, you can do so by following the link for Supplier Registration.

If you already have a supplier profile, please access the negotiation using quicklink or please login to the Supplier Portal, then search for the negotiation using the reference number UNDP-PHL-00921, following the instructions in the user guide.

Introduction

Description of the Assignment:

Objectives

The overall objective of the Cybersecurity Specialist is to strengthen PS‑DBM’s institutional cybersecurity framework by establishing clear, coherent, and risk‑informed cybersecurity guidelines, protocols, and governance arrangements that support secure and consistent implementation of digital initiatives across the agency.

1. Assess PS‑DBM’s cybersecurity posture at the institutional level

Establish a baseline understanding of PS‑DBM’s cybersecurity posture by reviewing existing cybersecurity policies, frameworks, protocols, and governance arrangements, and identifying key gaps, risks, and priority areas for improvement.

2. Develop and refine cybersecurity guidelines and standard protocols for PS‑DBM

Develop, refine, and align agency‑wide cybersecurity guidelines and standard protocols, covering principles, minimum requirements, roles, and responsibilities, to guide consistent cybersecurity implementation in line with applicable laws, regulations, and standards.

3. Strengthen cybersecurity risk management and governance practices

Define a risk‑based approach to cybersecurity that supports informed decision‑making, clarifies accountability, and ensures that cybersecurity considerations are systematically addressed across systems, data, and business processes.

4. Ensure integration of cybersecurity considerations into digital systems, data, and processes

Provide guidance to ensure that cybersecurity requirements are embedded by design into digital platforms, data governance practices, and codified business processes, without assuming responsibility for day‑to‑day security operations.

5. Support institutional capacity building and adoption of cybersecurity frameworks

Strengthen institutional understanding, coordination, and ownership of cybersecurity practices through targeted capacity‑building activities, reference materials, and knowledge transfer to support effective adoption and sustainability of the cybersecurity guidelines.

Qualification:

Education

At least a Bachelor’s degree in Computer Science, Information Technology, Information Security, Cybersecurity, Engineering, or a related field; with relevant professional certifications.

Experience

At least eight (8) years of relevant professional experience in cybersecurity, information security, IT risk management, or related fields. Demonstrated experience in developing cybersecurity policies, frameworks, guidelines, or governance arrangements for public sector institutions, government agencies, or large organizations. Experience supporting institutional or enterprise‑level cybersecurity initiatives, including cybersecurity posture assessments, governance design, or advisory engagements.

Relevant Project Experience

Direct authorship or lead technical contribution in at least three (3) institutional-level cybersecurity projects or cybersecurity‑related outputs, such as: Cybersecurity or information security framework development; Cybersecurity policy, standards, or protocol development; Institutional cybersecurity posture or readiness assessments; Cybersecurity governance or risk management advisory engagements; Capacity-building materials to cybersecurity governance.

Experience working in government, public sector, or regulated environments is an advantage.

Submission of at least three (3) relevant sample works or portfolio links demonstrating the Offeror’s direct authorship or lead technical contribution to institutional‑level cybersecurity outputs, such as:

a. Cybersecurity or information security frameworks, strategies, or governance models

b. Cybersecurity policies, guidelines, standards, or standard protocols

c. Institutional cybersecurity posture, readiness, or risk assessments

d. Cybersecurity governance or risk management advisory outputs

e. Training, reference, or capacity‑building materials related to cybersecurity governance or institutional adoption

Language

Fluency in spoken and written English and Filipino as indicated in the CV

Period of assignment/services: 90 working days spread across the period of 25 May 2026 – 8 January 2027, unless revised in a mutually agreed upon timetable by the UNDP and the Consultant

Proposal should be submitted directly in the portal no later than indicated deadline.

Any request for clarification must be sent in writing via messaging functionality in the portal. UNDP will respond in writing including an explanation of the query without identifying the source of inquiry.

http://supplier.quantum.partneragencies.org using the profile you may have in the portal. In case you have never registered before, you can register a profile using the registration link shared via the procurement notice and following the instructions in guides available in UNDP website: https://www.undp.org/procurement/business/resources-for-bidders. Do not create a new profile if you already have one. Use the forgotten password feature in case you do not remember the password or the username from previous registration.

Diversity, Equity and Inclusion are core principles at UNDP: we value diversity as an expression of the multiplicity of nations and cultures where we operate, we foster inclusion as a way of ensuring all personnel are empowered to contribute to our mission, and we ensure equity and fairness in all our actions. Taking a ‘leave no one behind’ approach to our diversity efforts means increasing representation of underserved populations. People who identify as belonging to marginalized or excluded populations are strongly encouraged to apply.

UNDP is committed to achieving workforce diversity in terms of gender, nationality and culture. Women, individuals from minority groups, indigenous groups and persons with disabilities are equally encouraged to apply. All applications will be treated with the strictest confidence.

UNDP does not tolerate sexual exploitation and abuse, any kind of harassment, including sexual harassment, and discrimination. All selected candidates will, therefore, undergo rigorous reference and background checks.