The New York State Office of the State Comptroller (“OSC”) intends to procure one Senior Security Solutions Architect (“Consultant”) to assist the OSC Division of the Chief Information Officer’s Information Security Office (“ISO”) and Enterprise Architecture unit (“EA”). The Consultant will help develop and implement IT-related architectural policies and standards that will align with OSC security policies and standards and current best practices for IT architecture. OSC will procure these services pursuant to its discretionary purchasing authority under State Finance Law §163(6). This procurement opportunity is limited to New York State small businesses as defined in State Finance Law §160(8), businesses certified pursuant to Article 15-A of the New York State Executive Law, and businesses certified pursuant to Article 17-B of the New York State Executive Law.

STATEMENT OF WORK

The Consultant shall perform the following:

1. Evaluate current OSC IT architecture policies and standards by:

• Reviewing existing OSC IT architecture policies;
• Reviewing existing OSC IT architecture standards;
• Identifying gaps in OSC IT architecture policies; and
• Identifying gaps in OSC IT architecture standards.

1. Use identified gaps to:

• Determine required IT architecture policies to be created; and
• Determine required IT architecture standards to be created.

1. Assist OSC to:

• Develop required IT architecture policies; and
• Develop required IT architecture standards.

4. Assist OSC to create IT architecture governance processes and procedures by:

• Determining necessary IT architecture governance process; and
• Creating necessary IT architecture governance documentation.

5. Assist OSC with security requirements for Cloud Security (“CS”) services by:

• Reviewing current CS security requirements;
• Determining CS security requirements; and
• Documenting CS security requirements.

6. Assist OSC with Public Key Infrastructure (“PKI”) services by:

• Reviewing the current state of the PKI infrastructure;
• Determining PKI security requirements;
• Documenting recommendations and guidance for OSC’s PKI infrastructure; and
• Providing guidance implementing PKI recommendations.

7. Assist OSC ISO with the Information Security Program by:

• Conducting security-related research;
• Assisting with security awareness training;
• Determining security requirements for new systems or applications;
• Reviewing compliance issues;
• Assessing security risk;
• Creating, reviewing, and updating security policies and standards;
• Mapping the internal network;
• Evaluating firewall rules;
• Determining best security practices for Office 365; and
• Performing other security program-related work.

MINIMUM QUALIFICATIONS

The Consultant must possess the following minimum qualifications:

1. A Bachelor’s Degree;
2. Valid Certified Information Systems Security Professional (“CISSP”) Certification;
3. Five years of experience as a Security Enterprise Architect working within an organization that employs National Institute of Standards and Technology (“NIST”) as its security framework;
4. Five years of experience architecting and implementing PKI;
5. Five years of experience architecting and implementing cloud security requirements; and
6. Five years of experience creating and reviewing organizational architecture governance, policies and standards, and procedures.

Provide the experience described in the minimum qualifications above, including specific NIST-related security experience, within a resume or as an attachment to a resume.

PREFERRED QUALIFICATIONS

OSC will give preference to candidates with the following qualifications:

1. Ten years of experience as a Security Enterprise Architect within an organization that employs NIST as its security framework;
2. Strong communication skills, working with both technical and non-technical people, including:

• Strong presentation and verbal skills demonstrating the ability to communicate complex security architectures to a non-technical audience;
• Strong written skills with proven ability to document security and network architectures, procedures, and reports for a non-technical audience;
• Strong instructional skills for mentoring and knowledge transfer; and

3. Five years of project management methodology experience with information technology projects. Experience may include serving as the focal point of contact for project status, meetings, reporting requirements, scope changes/extensions, scope issues, and concerns raised by staff or project stakeholders.

Provide the experience described in the preferred qualifications above, including specific NIST-related security experience, within a resume or as an attachment to a resume.

ADDITIONAL INFORMATION

In addition, the Consultant shall:

• Work approximately 30 hours a week during regular OSC business hours, between 8:00 AM and 5:00 PM ET Monday through Friday, excluding State holidays. There will be no off-hours work required.
• Work at OSC's office building located at 110 State Street in Albany, NY, as directed by OSC. The Consultant may be allowed to work remotely up to 50% of their schedule, at OSC’s discretion and with prior OSC approval. The Consultant may be required to work fully onsite during a probationary period as determined by OSC.
• Report directly to the Information Security Officer or their designee.

OSC will provide all necessary IT equipment.

SUBMISSION REQUIREMENTS

Interested vendors may submit no more than one candidate in response to this solicitation.

Interested vendors should submit a resume for the candidate and a completed and signed Candidate Submission Sheet (“CSS”) to RFP@osc.ny.gov (preferred) or via hard copy mail to:

Director of Finance
Office of the State Comptroller
110 State Street, Stop 13-2
Albany, NY 12236-0001

The CSS is a two-page document on which the vendor will provide the candidate’s name and hourly rate along with the contact information for the vendor.

The CSS and all other documents related to this procurement are available on the OSC website at: https://www.osc.state.ny.us/procurement .

The CSS and resume must be received by OSC no later than the deadline contained in this advertisement.

The resume should clearly demonstrate that the candidate submitted meets all minimum qualifications. The proposed hourly rate must be inclusive of all labor, licenses, insurance, administration, overhead, travel, and any other applicable expenses required to meet the applicable project requirements.

During the qualification process, candidates will be interviewed in-person or via video conference. Telephone interviews will not be permitted. Candidates who interview via video conference may be asked to show picture identification during the call. If a candidate interviewed via video conference is selected, they will be subject to an on-site interview and other reviews to verify their identity and qualifications upon the first day of starting work.

The proposer must be willing to enter into an agreement substantially in accord with the terms of the Draft Contract posted to the OSC website should the proposer be selected for contract award.

NOTE: Procurement documents may, from time to time, be amended or addenda issued. It is the Proposer’s responsibility to become aware of any such amendments and/or addenda prior to submission of a response. All amendments and/or addenda to procurements will be posted to the OSC website at https://www.osc.state.ny.us/procurement .

Proposers should review the OSC website prior to submission of a response to ensure that they have all information required to submit a complete response.

This procurement is subject to, and shall be conducted in accordance with, the OSC Executive Order on Procurement Integrity and OSC’s Procurement Integrity Procedures, both of which are available in full on the OSC website noted above, or upon email request. All inquiries concerning this procurement must be addressed to the Contracting Officer or designee(s) at OSC, via email (preferred) to RFP@osc.ny.gov or via hard copy mail to:

Director of Finance
Questions for Contract #C001169
Office of the State Comptroller
110 State Street, Stop 13-2
Albany, NY 12236-0001

Questions regarding this procurement opportunity must be received by OSC by at 4:00 p.m. ET on 3/1/2023. The comprehensive list of questions and responses will be posted to the OSC website on or about 3/15/2023 This listing will not include the identities of the vendors submitting the questions; those vendors will remain anonymous to the extent allowed by law.