Long-Term Agreement (LTA) of Individual Consultant as SecureAccess and PKI Consultant, ICTD Digital Core, PSD, Hybrid: Valencia, Spain and Off-Site/Remote

  • Contract
  • Spain
  • Posted 10 months ago

un-jobs.net

UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential.

Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone.

And we never give up.

For every child, a connected world

The overarching strategic goal of UNICEF’s Information and Communication Technology Division (ICTD) is to transform and build partnerships with our stakeholders to successfully implement UNICEF programmes globally through the use of innovative technology-enabled solutions.

UNICEF ICT CORE recognizes the need for secure remote access to its network resources and has identified the implementation of a robust and reliable VPN solution as a critical requirement. ICTD CORE has decided to engage a consultant to provide expertise in the areas of secure remote access, specifically in the implementation and management of Absolute Secure Access, Zero Trust Network Access (ZTNA), and Secure Socket Extension (SSE) and Secure Access Service Edge (SASE) frameworks. Experience with Microsoft Always On VPN and Microsoft DirectAccess is desirable, Additionally, the organization aims to maintain a robust Public Key Infrastructure (PKI) through the utilization of Microsoft Active Directory Certificate Services (AD CS) for enhanced security and authentication.

How can you make a difference?

The purpose of this assignment is to engage a consultant who will provide on-demand services for the implementation, migration, and operational support of Certificate Services and PKI. Furthermore, the consultant will offer expertise and guidance in the architecture and operation of the CloudWAN SecureAccess Cloud-based global VPN. The objective is to ensure the organization’s remote access infrastructure is secure, efficient, and aligned with industry best practices.

The programme area of this assignment focuses on enhancing ICTD PSD CORE’s remote access infrastructure and security. The specific project area includes the implementation and migration of Certificate Services and PKI, as well as providing operational and architecture support for the CloudWAN SecureAccess Cloud-based global VPN.

Objectives:

  • Advisory on maintaining a secure and reliable remote access solution utilizing Microsoft Always On VPN, Microsoft DirectAccess, Absolute Secure Access, ZTNA, SSE, and SASE frameworks.
  • Advisory on maintaining a robust and scalable PKI infrastructure using Microsoft AD CS for enhancedsecurity and authentication.
  • Advisory on maintaining existing Certificate Services and PKI infrastructure.
  • Advisory on provisioning of operational and architecture support for the CloudWAN SecureAccess Cloud-based global VPN.
  • Advisory on compliance with industry standards and best practices for remote access security.

Major tasks to be accomplished:

  • On-demand, assess the current remote access infrastructure and identify security vulnerabilities andgaps.
  • On-demand, contribute to Design and implement the necessary components of Microsoft Always On VPN, Microsoft DirectAccess, Absolute Secure Access, ZTNA, SSE, and SASE frameworks to establish a comprehensive and secure remote access solution.
  • On-demand, help plan and execute the migration of Certificate Services to the new PKI infrastructure based on Microsoft AD CS.
  • On-demand, provide operational and architecture support for the CloudWAN SecureAccess Cloudbased global VPN, including configuration, troubleshooting, and performance optimization.
  • On-demand, collaborate with ICTD Core for knowledge transfer
  • On-demand, conduct training sessions and participate in workshops for the organization’s staff to increase awareness and understanding of the implemented solutions and best practices for secure remote access.

Responsibilities of the Consultant:

  • Assess the current remote access infrastructure and identify security vulnerabilities and gaps.
  • Design and implement Microsoft Always On VPN, Microsoft DirectAccess, Absolute Secure Access,
  • ZTNA, SSE, and SASE frameworks.
  • Plan and execute the migration of Certificate Services to the new PKI infrastructure.
  • Provide operational and architecture support for the CloudWAN SecureAccess Cloud-based global VPN.
  • Collaborate with the organization’s IT team for knowledge transfer and transition.
  • The consultant will work with his/her own IT resources (i.e. laptop)

Responsibilities of UNICEF:

  • Provide access to relevant network infrastructure and systems for assessment and implementation.
  • Collaborate with the consultant in defining requirements and priorities.
  • Allocate necessary resources and personnel to support the implementation and migration processes.
  • Participate in knowledge transfer sessions

Deliverables:

S.

No.

category

(if applicable)   

Deliverable

 

1.  

CloudWAN and SecureAccess VPN Advisory on Technology, Architecture, and Operational Support

This deliverable encompasses the provision of on-demand advisory services by the consultant in the areas of CloudWAN and SecureAccess VPN technology, architecture, and operational support. The consultant will offer expert guidance and recommendations to the organization based on their variable demand. The deliverable includes but is not limited to the following:

  • Technology Advisory: The consultant will assess the organization’s existing CloudWAN and SecureAccess VPN infrastructure, identify areas for improvement, and provide recommendations for enhancing its technology stack. This will involve evaluating different technologies, analyzing their compatibility with the organization’s requirements, and advising on the best solutions to meet their variable demand.
  • Architecture Advisory: The consultant will assist in designing and optimizing the architecture of the CloudWAN and SecureAccess VPN infrastructure: They will provide guidance on designing a scalable and secure network architecture, ensuring high availability, redundancy, and efficient connectivity. The consultant will work closely with the organization to align the architecture with their variable demand and future growth plans.
  • Operational Support: The consultant will offer on-demand operational support for the CloudWAN and SecureAccess VPN infrastructure. This will involve assisting with configuration, troubleshooting, performance optimization. The consultant will collaborate with the organization’s ICTD PSD CORE, providing expertise, workshops and knowledge transfer to ensure smooth operations and address any issues that arise

2.

Certificate Services and PKI Operational Support and Advisory on Migration and Implementation

This deliverable entails the provision of on-demand operational support and advisory services by the consultant for the organization’s Certificate Services and Public Key Infrastructure (PKI). The consultant will offer their expertise and guidance based on the organization’s variable demand. The deliverable includes but is not limited to the following:

  • Operational Support: The consultant will provide on-demand operational support for the organization’s Certificate Services and PKI infrastructure. This will involve managing certificate lifecycles, issuing and revoking certificates, troubleshooting operational issues, and ensuring the availability and reliability of the PKI infrastructure. The consultant will assist the organization’s IT team in handling day-to-day operational tasks and addressing any challenges that arise.
  • Advisory on Migration and Implementation: The consultant will provide guidance and advisory services for the migration and implementation of Certificate Services and PKI. They will assist in designing and planning the migration process, ensuring a smooth transition from the current infrastructure to the new PKI. The consultant will advise on best practices, security considerations, and compliance requirements, aligning the migration and implementation with the organization’s variable demand and specific needs.

3.

Other Organizational Support from Consultant SME Portfolio, including Cloud Architecture, Networking, and Security

This deliverable encompasses on-demand support and expertise from the consultant’s Subject Matter Experts (SMEs) in various areas including Cloud Architecture, Networking, and Security. The consultant will provide assistance based on the organization’s variable demand. The deliverable includes but is not limited to the following:

  1. Cloud Architecture Support: The consultant’s SMEs will offer guidance and support in designing and optimizing cloud architecture solutions. They will assist in selecting appropriate cloud platforms, defining cloud migration strategies, and ensuring scalability, security, and cost-effectiveness. The consultant will align their support with the organization’s variable demand and specific cloud requirements.
  2. Networking Support: The consultant’s SMEs will provide expertise in networking, assisting the organization with network design, optimization, and troubleshooting. They will offer on-demand support for configuring network devices, ensuring connectivity, and addressing any network-related issues. The consultant will collaborate with the organization’s IT team to align networking support with their variable demand and specific networking needs.
  3. Security Support: The consultant’s SMEs will offer guidance and advisory services in the area of security

Financial proposal: Download File Financial Bid template_SecureAccess and PKI.docx

Payment Schedule:

The LTA to be signed will have a fixed fee rate for a maximum of three years. However, UNICEF does

not warrant that any quantity of services will be purchased during the term of the LTA, as this will depend on forthcoming needs.

Estimated duration of the LTA:

This Consultancy is Hybrid with a combination of on-site services in Valencia, Spain and off-site/remote and expected to have a maximum duration of 36 months from the start date. Also, Consultants in this new LTA modality may also be required to participate and facilitate in Workshops.

However, the contract will be delivery based and paid based on deliverables requested explicitly and on demand based on variable needs.

Travel:  

If there is a need to engage in something extremely complex that can not be achieved remotely, travel to Valencia, (Spain) might be involved. 

UNICEF will pay for the travel fare to Valencia (economy travel) and for the official UN DSA valid at the travel period.

To qualify as an advocate for every child you will have… 

Academic Degrees:

• Bachelor’s Degree in Information Systems or Computer Science desirable (not required)

Required Experience:

• A minimum of 4 of relevant professional experience in working with or providing specialized IT Consultancies in Always-On VPN technologies like DirectAccess, Windows Always On VPN, Azure VPN and Azure WAN, Public Key Cryptography, NetMotion, SecureAccess, Microsoft Azure.

Desirable Experience and skills:

• Industry Certifications 

Language Requirements: 

  • Fluency in English is required.  

  • Knowledge of another official UN language (Arabic, Chinese, French, Russian or Spanish) or a local language is an asset.

For every Child, you demonstrate… 

UNICEF’s values of Care, Respect, Integrity, Trust, Accountability, and Sustainability (CRITAS). 

 To view our competency framework, please visit here

Remarks:

The application to be submitted through the online portal should contain four separate attachments:

1. A Cover letter explaining the motivation for applying and explaining how the qualifications and skillset

of the candidate (to be uploaded online)

2. Curriculum Vitae (CV) (to be uploaded online)

3. Three Work Samples – This includes three previously written human-interest stories / reports /

advertising materials / content created / proposal. (to be uploaded online)

4. A financial proposal indicating professional fee as per the above template. Please do not forget to specify your name in the file while saving. (To be uploaded under other supporting documents).

Important Note: Please do not indicate financials anywhere else than in the online application form, and mark “n/or 00” under the fee-related questions in the online application form.

Without all the above 4 documents your application will be considered incomplete and invalid and will not be considered further.

• Any attempt to unduly influence UNICEF’s selection process will lead to automatic disqualification of the applicant.

• Joint applications of two or more individuals are not accepted.

• Please note, UNICEF does not charge any fee during any stage of the process.

• Female candidates meeting the requirements are strongly encouraged to apply.

• UNICEF is committed to diversity and inclusion and encourages qualified candidates from all backgrounds including persons living with disabilities to apply.

Only shortlisted candidates will be contacted and advance to the next stage of the selection process. 

Individuals engaged under a consultancy or individual contract will not be considered “staff members” under the Staff Regulations and Rules of the United Nations and UNICEF’s policies and procedures, and will not be entitled to benefits provided therein (such as leave entitlements and medical insurance coverage). Their conditions of service will be governed by their contract and the General Conditions of Contracts for the Services of Consultants and Individual Contractors. Consultants and individual contractors are responsible for determining their tax liabilities and for the payment of any taxes and/or duties, in accordance with local or other applicable laws. 

The selected candidate is solely responsible to ensure that the visa (applicable) and health insurance required to perform the duties of the contract are valid for the entire period of the contract. Selected candidates are subject to confirmation of fully-vaccinated status against SARS-CoV-2 (Covid-19) with a World Health Organization (WHO)-endorsed vaccine, which must be met prior to taking up the assignment. It does not apply to consultants who will work remotely and are not expected to work on or visit UNICEF premises, programme delivery locations or directly interact with communities UNICEF works with, nor to travel to perform functions for UNICEF for the duration of their consultancy contracts. 

Apply now
To help us track our recruitment effort, please specify on the application form/indicate in your cover letter where (un-jobs.net) you saw this job posting.

Job Location