TERMS OF REFERENCE FOR A CONSULTANT IN CYBER SECURITY AND NETWORK SUPPORT

Purpose  

The purpose of the work is to ensure that professional and quick-response support services are offered by a local consultant (Company or Individual Consultant) to East Africa Exchange Ltd (EAX) Information Communication Technology (ICT) and market data department. The below Terms of References (TOR) define the scope of work the selected consultant will be asked to perform in cyber security, internet network access support, and the security of information stored in servers within EAX IT infrastructure.

Contract duration  

One year (12 months)

Background

EAX is a regional commodity exchange, which began its trading operations through auctions and spot trades in June 2013. EAX was established to link smallholder’s famers to the wider agricultural markets; to secure competitive and fair prices for their produce; and to facilitate their access to finance. Trading operations are powered by NASDAQ OMX trading system hosted at the EAX headquarters with replications and backup located at the data center. The current EAX Local Area network (LAN) configured with Virtual Local Area Network (VLAN) architecture includes the following:

• CISCO Firewalls
• CISCO Routers
• CISCO Switches
• CISCO access points
• Servers
• Computers and laptops
• Primarily Internet Line
• Backup Internet Line

Figure 1: EAX Network design

Scope of duties and responsibilities

Specifically, the Cyber security and network support consultant will be required to:

• To implement computer security incident response and network management solutions which target to prevent and remediate cyber security issues.
• Implementation of 24/7/365 monitoring and alerting systems for information security threats at EAX network environment.
• Internal and External Penetration testing – Attempt to compromise found vulnerabilities to DDoS and propose the ongoing remediation solution.
• Management and implementation of security mechanisms of the network firewalls, Intrusion Prevention System (IPS) / Intrusion Detection System (IDS), web application securities and identity management of internal computing devices.
• Network threats and vulnerability assessment  
• Unlimited remote/onsite support on network and internet troubleshooting and security remediation.
• Adding IP blocks to Access Control List (ACL) in the firewalls for any malicious source or destination IP addresses.
• Running Antivirus scans on potentially compromised internal computing devices.
• Disconnecting a compromised machine from the network to isolate a threat.
• Ensure the development of solutions for network management, network security including Virtual private network access.  
• Provides weekly Information security advisory reports about detailed security alerts and recommendation of remediation steps for each IT network devices attached.
• Provide annual report on cyber security.  
• During the course of implementation of this consultancy work, any change requested by EAX ICT and Market Data department in respect to the scope of work outlined above, will be executed by the Consultant without any further cost to the annual or monthly quotation. Monthly payments will be subject to the EAX ICT and Market data department approval of the quality of deliverables.

Deliverables

• Detailed weekly report
• Annual report on cyber security
• Monthly onsite visits – 8 hours/Month
• Unlimited hours for physical work in case of Incident Response or downtime of the network.

Management

The Cyber security and network support consultant will work under the guidance and direct supervision of EAX Head of ICT and Market Data.

Qualifications

The Cyber security and network support consultant should have minimum qualification of a Bachelor’s Degree in Computer Science or Computer Engineering, Information Technology or Information Systems or Software Engineering or a related field with hands on cyber security work experience of a minimum of 5 years.  A Master’s Degree in a related field is preferred. In addition, the consultant must have professional certification in cisco routing and switching, security, and server systems.  Mandatory qualifications are NS4, CCNP, CISSP,DevNet and SNCF.

Submission of financial and technical proposals

Interested Information & network security service provider must submit technical and financial proposals and detailed CV listing at least three references to: eax.procurement@ea-africaexchange.com " style="box-sizing: border-box; color: rgb(49, 158, 98); text-decoration: none; font-family: Roboto, sans-serif;">eax.procurement@ea-africaexchange.com 

 or in hard copy at EAX Offices located at Silverback Mall Building, 4th Floor | KK 15 Rd, Sonatube, Kicukiro,

Kigali, Rwanda

Phone: +250 788 197 000, E-mail: info@ea-africaexchange.com

Deadline of submission is Friday, 31^st January 2025. 

Quotations received after this date will not be considered