BACKGROUND INFORMATION

As part of multi-country support for National Cybersecurity Strategy (NCS) development projects coordinated by the ITU, the Senior National Cybersecurity Strategy Consultant will provide on-demand expertise to assist countries in formulating and implementing their national cybersecurity strategies. He/she will play a key role in ensuring that each supported country develops a robust, inclusive, and actionable cybersecurity strategy in line with international best practices and the ITU’s guidance and coordination.

TERMS OF REFERENCE

Under the guidance of the ITU Project Manager and in close collaboration with the ITU Senior Cybersecurity Coordinator and national counterparts, the Consultant will carry out the following activities for each country assignment:

• Strategic Assessment: Conduct a thorough assessment of the country’s current cybersecurity posture. This includes reviewing existing national cybersecurity strategies or related policies (if any), analysing institutional structures (such as governance bodies or agencies responsible for cybersecurity at the national level), and evaluating the overall cyber threat environment and readiness level.
• Policy and Legal Review: Review and analyse the national policy and legal landscape related to cybersecurity. Examine existing laws, regulations, and policies on areas such as data protection, critical infrastructure protection, and digital governance to identify gaps or outdated elements. Provide recommendations to ensure the national framework aligns with international standards and best practices.
• Stakeholder Engagement: Identify and engage key stakeholders across government, private sector, academia, and civil society who should contribute to the strategy’s development and implementation. Organize and facilitate stakeholder consultations, interviews, and workshops to gather diverse inputs and foster buy-in.
• Risk and Infrastructure Mapping: Map out the nation’s critical information infrastructure and assess key cyber risks. Evaluate threats, vulnerabilities, and potential impacts across different sectors (e.g., telecom, energy, finance, health). Identify national critical assets and current cybersecurity capabilities or gaps. This risk assessment will inform the strategy’s priorities, helping to address interdependencies and strengthen overall cyber resilience.
• National Strategy Drafting: Support national stakeholders in the development the National Cybersecurity Strategy document and associated action plans, such as supporting work to define the vision, guiding principles, strategic objectives, and priority initiatives of the strategy. Ensure that the content reflects good global practices and is tailored to the country’s context and needs.
• Validation and Refinement: Organize and lead validation workshops or meetings to review the draft NCS with the country’s stakeholders.
• Capacity Building and Training: Develop and deliver training sessions or workshops to support the strategy’s development and implementation.

CONCRETE DELIVERABLES

• Cybersecurity Assessment and Gap Analysis Report: Submission of a detailed report of the country’s current cybersecurity situation. This document will cover the findings from the strategic assessment, including an overview of existing national strategies and policies, the legal and regulatory framework, institutional capacity, and identified gaps or weaknesses. It will serve as a baseline analysis to inform the development of the NCS.
• Stakeholder Consultation Summary: Delivery of a report summarizing the stakeholder engagement process and outcomes. It will document the key stakeholders consulted, their inputs and perspectives, and how those inputs have been considered in shaping the strategy. This ensures transparency and demonstrates broad consultation in strategy development.
• Submission of a detailed report on National Cybersecurity Strategy and Action Plan/Roadmap drafting and next steps: The Consultant will produce a comprehensive report on the progress on development of the NCS and Action Plan including next steps and anticipated risks and possible mitigation pathways. If the NCS is not expected to be completed within the Consultant’s tenure, the report should specifically identify an anticipated completion date range.
• National Cybersecurity Strategy (Draft): delivery of a draft NCS document for review and a finalized NCS document upon completion of the validation process.
• Action Plan / Roadmap: Submission of a practical implementation roadmap accompanying the strategy. This document will break down the NCS into actionable steps, specifying short, medium and long-term initiatives, responsible entities for each action, indicative timelines, and resource considerations (human, financial, and technical). It will provide guidance to the country on how to operationalize the strategy’s recommendations, emphasizing the importance of allocating necessary resources for the full lifecycle of the strategy (development, implementation, and revision).
• Training Materials and Delivery Report (if applicable): If the assignment includes capacity-building or training sessions, the Consultant will provide the training content and a brief report on the training delivered. The report should include topics covered, participants, and an evaluation of the training outcomes.

COMPETENCIES

• Effective technical and analytical problem-solving skills including a demonstrated ability to understand and analyse project priorities.
• Effective communication and writing skills with strong drafting and documentation skills to produce high-quality policy and procedural documents.
• Ability to work independently and as part of a team, maintaining efficient working relationships, while demonstrating sensitivity to ITU's multi-cultural, multi-ethnic environment and respect for diversity.

QUALIFICATIONS REQUIRED

Education:

Advanced university degree in cybersecurity, information security, computer science, public policy, or a related field OR education from a reputed college of advanced education, with a diploma of equivalent standard to that of an advanced university degree in one of the fields above.
Professional certifications or training in cybersecurity strategy, cyber policy, or incident management (e.g., CISM, CISSP, ISO 27001, or similar) would be an asset.

Experience:

At least seven (7) years of progressively responsible experience in cybersecurity strategy development, cyber policy advisory, or national CSIRT/CIRT establishment, including at least three at the international level. This should include hands-on experience formulating or implementing national-level cybersecurity policies or strategies.
Proven experience working  in a multicultural environment with the ability to coordinate with diverse stakeholders (government agencies, private sector, international organizations) to achieve common goals.
Experience in conducting monitoring and assessing   projects for effective implementation.

A Doctorate in a related field can be considered as a substitute for three years of working experience.

Languages:

Knowledge of English at advanced level. Knowledge of another official language of the Union (Arabic, Chinese, French, Russian, Spanish) would be an advantage.

REMUNERATION INFORMATION

Between USD 280 and USD 450 per working day to be defined according to the work experience of the consultant and the complexity of the assignment.