System Security Specialist
Abacus Service Corporation | Tallahassee | www.resume-library.com |
This Request for Quote is being issued under (phone number removed)-STC-ITSA
Contract position: System Security Specialist Scope: N/A Job # 6840
PURPOSE
This scope of work is for consulting services to support the development, implementation and life-cycle management of new and existing enterprise technologies required to support the Florida Department of Health, Office of Information Technology, Security Administration Team.
Contractor will provide these services to the Department.
2. TERM
This scope of work will begin on 7/1/2024 or the date on with the purchase order is issued, whichever is later. It will end at midnight, Eastern Time on 6/30/2027. The State of Florida's performance and obligation to pay under this purchase order and any subsequent renewal is contingent upon annual appropriation by the Legislature and satisfactory performance of the Contractor.
3. LOCATION OF WORK :
The worksite for this resulting Scope of Work is the following location(s):
4052 Bald Cypress Way Tallahassee, FL 32399
• Supervisor may approve remote work.
Florida Department of Health Office of Information Technology
4. CRIMINAL BACKGROUND SCREENING
The Department will conduct a criminal history record check, including fingerprinting, on the consultant assigned by the Contractor prior to the consultant commencing work for the Department. The Department retains sole discretion as to whether the results of the criminal
history record check will result in the Contractor's employee being disqualified from performing services pursuant to this agreement.
5CONTRACTOR QUALIFICATIONS AND EXPERIENCE:
Contractor staff assigned to this agreement must possess the following minimum qualifications and experience:
6 years of combined IT and security work experience with infrastructure/network and multi-platform environments including on-premises and cloud environments across IaaS, PaaS, SaaS, VM, bare metal, and other common IT platforms.
4 years of experience in operations and maintenance of endpoint-related security products (AV, EDR, XDR, drive encryption).
2 years of experience in operations and maintenance of Azure Active Directory security (events, incidents, login events, MFA).
2 years of experience in operations and maintenance of Office 365 Security and Compliance (one or all of Exchange online, SharePoint, Teams, OneDrive, Purview).
2 years of experience working in IT security identifying and assessing risks, developing risk management strategies, and implementing risk mitigation measures.
2 years of experience working in IT security operations in all stages of the Identify, Protect, Detect, Respond, and Recover lifecycle.
2 years of experience analyzing and investigating security alerts, events, and logs from various security tools and systems to determine the cause and extent of security breaches.
2 years of experience designing, implementing, and maintaining management systems to track progress of complex IT projects at an enterprise scale, to completion.
2 years of experience working with automated IT performance reporting (any tools).
2 years of experience applying outcomes of incident analysis, risk management, and performance reporting to enable Continual Service Improvement (CSI).
6. CONTRACTOR RESPONSIBILITIES:
SERVICE TASKS : Contractor will perform the following tasks in the time and manner specified, at the direction of the Department:
Technical Analyst for IT Security Continual Service Improvement:
Perform activities within the Plan, Do, Check, Act lifecycle related to the effectiveness of security controls, as directed by the Department.
Service Reviews: maintain inventories of services and infrastructure utilized by the Security Administration Team and review their applicability to accomplishing team goals, as directed by the Department.
Process Evaluations: in coordination with the IT risk management process, evaluate the effectiveness of services by identifying and analyzing metrics and benchmarks in the interest of the Security Administration Team, as directed by the Department.
Initiatives: define initiatives to improve services and processes based on reviews and evaluations, as directed by the Department.
Monitoring: track initiative effectiveness and assist in troubleshooting and refining changes to security operations, as directed by the Department.
Security Analyst for Security Administration Team:
Analyze large amounts of data to identify patterns and potential risks. Use data to make informed decisions and develop mitigation strategies, as directed by the Department.
Perform information security and privacy incident response, as directed by the Department.
Communicate complex technical information to technical and non- technical stakeholders while demonstrating strong written and verbal communication skills, as directed by the Department.
Provide technical expertise to users, management, vendors, and peers for issues involving other Department business offices and vendors, as directed by the Department.
Support and drive continuous service improvement efforts within the risk management process, as directed by the Department.
6. 1.3DATA SECURITY AND CONFIDENTIALITY TASK:
The Contractor, its employees, subcontractors, and agents must comply at all times with all Department data security procedures and policies in the performance of this scope of work as specified in the Data Security and Confidentiality document attached to the purchase order.
6. 2. DELIVERABLES:
Contractor will complete and submit the following deliverables to the Department in the time and manner specified:
1. 1.1. Monthly: Provision of System Security Specialist consulting services in the time and manner specified in Tasks 6.1.1 Through 6.1.2.
9. REQUIREMENTS FOR RFQ RESPONSE
Contractors must address each of the following in its response to this RFQ. Failure to provide all requested information may result in disqualification. The Department reserves the right to reject any response that does not properly address the above requirements, that fails to include the requested information, or that deviates from the requirements of this RFQ in any manner.
With ALL candidate submittals, attach a quote on official letterhead, include the following information: name, State of Florida contract number, address, candidate name, hourly rate, etc. This is required.
With ALL submittals, make sure EACH candidate resume has a skills matrix referencing their years of experience compared to the Required Experience section of the Scope of Work (SOW). This is required.
With ALL candidate submittals, make sure each candidate has completed a current Resume Certification form and the information is authentic and complete. The candidate must sign and both witnesses to the signature must sign the document to be valid.
This is required.
If submitting more than one candidate for the RFQ, combine all documents into separate submittals for each candidate- Submittals should include: quote for each candidate, candidate resume, corresponding skills matrix, and the resume certification form.
Attach documents in Ariba on Demand.
For additional information using the Vendor Information Portal, go to: htt ww. r a
/myfloridamarketplace/mfmp_vendors/training_for_vendors
10. DEPARTMENT'S POINT OF CONTACT
The sole point of contact for all communication regarding this RFQ is:
Florida Department of Health Attention: Natasha Small-Brown
Title: Government Operations Consultant I E-mail:
NOTE: ALL EMAILS TO THE POINT OF CONTACT MUST CONTAIN THE RFQ TITLE IN THE SUBJECT LINE OF THE EMAIL.
SUBMISSION OF RFQ RESPONSES
Responses to this RFQ must be submitted by the date and time specified in the Request for Quote Event in MyfloridaMarketPlace . The Department will ONLY accept electronic responses . It is the Contractor's responsibility to ensure their response is submitted timely.
The Department reserves the right to reject responses delivered after the submission deadline. The Contractor's response to this RFQ must be addressed with the subject line as "[ RFQ TITLE ] and delivered to the individual identified in Section 110 .
Department's Point of Contact. [If accepting electronic responses, please include the following: All required documentation must be included as an attachment to the email. ]
Confidential Response Designation and Redaction Requirements: If the Contractor considers any portion of its Response to be: 1) Confidential Information (which is defined as "confidential and not subject to disclosure pursuant to chapter 119, Florida Statutes., the Florida Constitution, or other authority ); or 2) exempt from disclosure under chapter 119, Florida Statutes, or other authority (Public Records Law), then the Respondent must simultaneously provide the Department with an unredacted version of the materials and a separate redacted copy of the materials.
The Respondent must briefly describe in writing the grounds for claiming exemption from disclosure under chapter 119, Florida Statutes, the Florida Constitution, or other authority, including the specific statutory citation for such exemption.
If providing both a redacted and unredacted version, the Respondent must mark the unredacted version as "Unredacted Version Contains Confidential Information and place such information in an encrypted electronic form or a sealed separate envelope.
The redacted copy will be used to fulfill public records and other disclosure requests and will be posted on the Florida Accountability Contract Tracking System (FACTS) website.
By submitting a Response, the Contractor agrees to protect, defend, and indemnify the Department for all claims arising from or relating to the Contractor's determination that the redacted portions of its Response are Confidential Information or otherwise not subject to disclosure.
If the Contractor fails to submit a redacted copy of its Response, the Department is authorized to produce the entire unredacted Response submitted to the Department to answer a public records request.
If the Contractor is submitting a redacted version of its Response, it must mark the redacted copy with the Respondent's name, the RFQ number, and the words "Redacted Copy. The redacted copy should only redact those portions of material for which the Respondent can legally support a claim that the information is Confidential Information or exempt from disclosure pursuant to Public Records Law.
An entire Response should not be redacted. An entire page or paragraph which contains Confidential Information or exempt material should not be redacted unless the entire page or paragraph is wholly Confidential Information or exempt from disclosure pursuant to Public Records Law.
In the redacted copy, the Contractor must redact and maintain in confidence any materials the Department provides or seeks regarding security of a proposed technology system or information subject to sections (phone number removed), 119.071(1)(f), and 119.071(3), Florida Statutes.
12. 1. Execution of Agreement: The Department reserves the right to award to another Contractor that submits a response to this RFQ if the Department and the selected Contractor are unable to agree on the terms of the resulting Agreement.
This Request for Quote is being issued under (phone number removed)-STC-ITSA
Contract position: System Security Specialist Scope: N/A Job # 6840
PURPOSE
This scope of work is for consulting services to support the development, implementation and life-cycle management of new and existing enterprise technologies required to support the Florida Department of Health, Office of Information Technology, Security Administration Team.
Contractor will provide these services to the Department.
2. TERM
This scope of work will begin on 7/1/2024 or the date on with the purchase order is issued, whichever is later. It will end at midnight, Eastern Time on 6/30/2027. The State of Florida's performance and obligation to pay under this purchase order and any subsequent renewal is contingent upon annual appropriation by the Legislature and satisfactory performance of the Contractor.
3. LOCATION OF WORK :
The worksite for this resulting Scope of Work is the following location(s):
4052 Bald Cypress Way Tallahassee, FL 32399
• Supervisor may approve remote work.
Florida Department of Health Office of Information Technology
4. CRIMINAL BACKGROUND SCREENING
The Department will conduct a criminal history record check, including fingerprinting, on the consultant assigned by the Contractor prior to the consultant commencing work for the Department. The Department retains sole discretion as to whether the results of the criminal
history record check will result in the Contractor's employee being disqualified from performing services pursuant to this agreement.
5CONTRACTOR QUALIFICATIONS AND EXPERIENCE:
Contractor staff assigned to this agreement must possess the following minimum qualifications and experience:
6 years of combined IT and security work experience with infrastructure/network and multi-platform environments including on-premises and cloud environments across IaaS, PaaS, SaaS, VM, bare metal, and other common IT platforms.
4 years of experience in operations and maintenance of endpoint-related security products (AV, EDR, XDR, drive encryption).
2 years of experience in operations and maintenance of Azure Active Directory security (events, incidents, login events, MFA).
2 years of experience in operations and maintenance of Office 365 Security and Compliance (one or all of Exchange online, SharePoint, Teams, OneDrive, Purview).
2 years of experience working in IT security identifying and assessing risks, developing risk management strategies, and implementing risk mitigation measures.
2 years of experience working in IT security operations in all stages of the Identify, Protect, Detect, Respond, and Recover lifecycle.
2 years of experience analyzing and investigating security alerts, events, and logs from various security tools and systems to determine the cause and extent of security breaches.
2 years of experience designing, implementing, and maintaining management systems to track progress of complex IT projects at an enterprise scale, to completion.
2 years of experience working with automated IT performance reporting (any tools).
2 years of experience applying outcomes of incident analysis, risk management, and performance reporting to enable Continual Service Improvement (CSI).
6. CONTRACTOR RESPONSIBILITIES:
SERVICE TASKS : Contractor will perform the following tasks in the time and manner specified, at the direction of the Department:
Technical Analyst for IT Security Continual Service Improvement:
Perform activities within the Plan, Do, Check, Act lifecycle related to the effectiveness of security controls, as directed by the Department.
Service Reviews: maintain inventories of services and infrastructure utilized by the Security Administration Team and review their applicability to accomplishing team goals, as directed by the Department.
Process Evaluations: in coordination with the IT risk management process, evaluate the effectiveness of services by identifying and analyzing metrics and benchmarks in the interest of the Security Administration Team, as directed by the Department.
Initiatives: define initiatives to improve services and processes based on reviews and evaluations, as directed by the Department.
Monitoring: track initiative effectiveness and assist in troubleshooting and refining changes to security operations, as directed by the Department.
Security Analyst for Security Administration Team:
Analyze large amounts of data to identify patterns and potential risks. Use data to make informed decisions and develop mitigation strategies, as directed by the Department.
Perform information security and privacy incident response, as directed by the Department.
Communicate complex technical information to technical and non- technical stakeholders while demonstrating strong written and verbal communication skills, as directed by the Department.
Provide technical expertise to users, management, vendors, and peers for issues involving other Department business offices and vendors, as directed by the Department.
Support and drive continuous service improvement efforts within the risk management process, as directed by the Department.
6. 1.3DATA SECURITY AND CONFIDENTIALITY TASK:
The Contractor, its employees, subcontractors, and agents must comply at all times with all Department data security procedures and policies in the performance of this scope of work as specified in the Data Security and Confidentiality document attached to the purchase order.
6. 2. DELIVERABLES:
Contractor will complete and submit the following deliverables to the Department in the time and manner specified:
1. 1.1. Monthly: Provision of System Security Specialist consulting services in the time and manner specified in Tasks 6.1.1 Through 6.1.2.
9. REQUIREMENTS FOR RFQ RESPONSE
Contractors must address each of the following in its response to this RFQ. Failure to provide all requested information may result in disqualification. The Department reserves the right to reject any response that does not properly address the above requirements, that fails to include the requested information, or that deviates from the requirements of this RFQ in any manner.
With ALL candidate submittals, attach a quote on official letterhead, include the following information: name, State of Florida contract number, address, candidate name, hourly rate, etc. This is required.
With ALL submittals, make sure EACH candidate resume has a skills matrix referencing their years of experience compared to the Required Experience section of the Scope of Work (SOW). This is required.
With ALL candidate submittals, make sure each candidate has completed a current Resume Certification form and the information is authentic and complete. The candidate must sign and both witnesses to the signature must sign the document to be valid.
This is required.
If submitting more than one candidate for the RFQ, combine all documents into separate submittals for each candidate- Submittals should include: quote for each candidate, candidate resume, corresponding skills matrix, and the resume certification form.
Attach documents in Ariba on Demand.
For additional information using the Vendor Information Portal, go to: htt ww. r a
/myfloridamarketplace/mfmp_vendors/training_for_vendors
10. DEPARTMENT'S POINT OF CONTACT
The sole point of contact for all communication regarding this RFQ is:
Florida Department of Health Attention: Natasha Small-Brown
Title: Government Operations Consultant I E-mail:
NOTE: ALL EMAILS TO THE POINT OF CONTACT MUST CONTAIN THE RFQ TITLE IN THE SUBJECT LINE OF THE EMAIL.
SUBMISSION OF RFQ RESPONSES
Responses to this RFQ must be submitted by the date and time specified in the Request for Quote Event in MyfloridaMarketPlace . The Department will ONLY accept electronic responses . It is the Contractor's responsibility to ensure their response is submitted timely.
The Department reserves the right to reject responses delivered after the submission deadline. The Contractor's response to this RFQ must be addressed with the subject line as "[ RFQ TITLE ] and delivered to the individual identified in Section 110 .
Department's Point of Contact. [If accepting electronic responses, please include the following: All required documentation must be included as an attachment to the email. ]
Confidential Response Designation and Redaction Requirements: If the Contractor considers any portion of its Response to be: 1) Confidential Information (which is defined as "confidential and not subject to disclosure pursuant to chapter 119, Florida Statutes., the Florida Constitution, or other authority ); or 2) exempt from disclosure under chapter 119, Florida Statutes, or other authority (Public Records Law), then the Respondent must simultaneously provide the Department with an unredacted version of the materials and a separate redacted copy of the materials.
The Respondent must briefly describe in writing the grounds for claiming exemption from disclosure under chapter 119, Florida Statutes, the Florida Constitution, or other authority, including the specific statutory citation for such exemption.
If providing both a redacted and unredacted version, the Respondent must mark the unredacted version as "Unredacted Version Contains Confidential Information and place such information in an encrypted electronic form or a sealed separate envelope.
The redacted copy will be used to fulfill public records and other disclosure requests and will be posted on the Florida Accountability Contract Tracking System (FACTS) website.
By submitting a Response, the Contractor agrees to protect, defend, and indemnify the Department for all claims arising from or relating to the Contractor's determination that the redacted portions of its Response are Confidential Information or otherwise not subject to disclosure.
If the Contractor fails to submit a redacted copy of its Response, the Department is authorized to produce the entire unredacted Response submitted to the Department to answer a public records request.
If the Contractor is submitting a redacted version of its Response, it must mark the redacted copy with the Respondent's name, the RFQ number, and the words "Redacted Copy. The redacted copy should only redact those portions of material for which the Respondent can legally support a claim that the information is Confidential Information or exempt from disclosure pursuant to Public Records Law.
An entire Response should not be redacted. An entire page or paragraph which contains Confidential Information or exempt material should not be redacted unless the entire page or paragraph is wholly Confidential Information or exempt from disclosure pursuant to Public Records Law.
In the redacted copy, the Contractor must redact and maintain in confidence any materials the Department provides or seeks regarding security of a proposed technology system or information subject to sections (phone number removed), 119.071(1)(f), and 119.071(3), Florida Statutes.
12. 1. Execution of Agreement: The Department reserves the right to award to another Contractor that submits a response to this RFQ if the Department and the selected Contractor are unable to agree on the terms of the resulting Agreement.
ATTACHMENT A PRICE PAGE
Web Applications Programmer
The table below is provided as an example and may be modified so long as at a minimum, it includes: the deliverable description, quantity (or frequency), and price, including the Unit Price and Total Price, is specified. The description must tie directly back to Section 9.
Contractor Responsibilities. The cost table is optional, however, any alternative format used must include at a minimum the criteria specified within the table.
INITIAL TERM PRICING
Year
Deliverable Description
Rate of Pay
(i.e., Hourly Rate/ Unit Rate/ Monthly/Fixed Price-Fee
Quantity (i.e., # of hours)
Total Price
Fiscal Year 24/25
See # 6.2
$
$
RENEWAL TERM PRICING [OPTIONAL]
If renewals are contemplated, the Price Page must include a table that addresses each renewal year of the Agreement. Please note: The resulting Agreement must include the total cost for each year of the Agreement, including renewal years, as proposed by the selected Contractor.
Year
Deliverable Description
Rate of Pay (i.e., Unit Rate/ Monthly/Fixed Price-Fee
Quantity
Total Price
Fiscal Year 25/26
See # 6.2
$
$
Fiscal Year 26/27
See # 6.2
$
$
If you have any questions, please email
Contract position: System Security Specialist Scope: N/A Job # 6840
PURPOSE
This scope of work is for consulting services to support the development, implementation and life-cycle management of new and existing enterprise technologies required to support the Florida Department of Health, Office of Information Technology, Security Administration Team.
Contractor will provide these services to the Department.
2. TERM
This scope of work will begin on 7/1/2024 or the date on with the purchase order is issued, whichever is later. It will end at midnight, Eastern Time on 6/30/2027. The State of Florida's performance and obligation to pay under this purchase order and any subsequent renewal is contingent upon annual appropriation by the Legislature and satisfactory performance of the Contractor.
3. LOCATION OF WORK :
The worksite for this resulting Scope of Work is the following location(s):
4052 Bald Cypress Way Tallahassee, FL 32399
• Supervisor may approve remote work.
Florida Department of Health Office of Information Technology
4. CRIMINAL BACKGROUND SCREENING
The Department will conduct a criminal history record check, including fingerprinting, on the consultant assigned by the Contractor prior to the consultant commencing work for the Department. The Department retains sole discretion as to whether the results of the criminal
history record check will result in the Contractor's employee being disqualified from performing services pursuant to this agreement.
5CONTRACTOR QUALIFICATIONS AND EXPERIENCE:
Contractor staff assigned to this agreement must possess the following minimum qualifications and experience:
6 years of combined IT and security work experience with infrastructure/network and multi-platform environments including on-premises and cloud environments across IaaS, PaaS, SaaS, VM, bare metal, and other common IT platforms.
4 years of experience in operations and maintenance of endpoint-related security products (AV, EDR, XDR, drive encryption).
2 years of experience in operations and maintenance of Azure Active Directory security (events, incidents, login events, MFA).
2 years of experience in operations and maintenance of Office 365 Security and Compliance (one or all of Exchange online, SharePoint, Teams, OneDrive, Purview).
2 years of experience working in IT security identifying and assessing risks, developing risk management strategies, and implementing risk mitigation measures.
2 years of experience working in IT security operations in all stages of the Identify, Protect, Detect, Respond, and Recover lifecycle.
2 years of experience analyzing and investigating security alerts, events, and logs from various security tools and systems to determine the cause and extent of security breaches.
2 years of experience designing, implementing, and maintaining management systems to track progress of complex IT projects at an enterprise scale, to completion.
2 years of experience working with automated IT performance reporting (any tools).
2 years of experience applying outcomes of incident analysis, risk management, and performance reporting to enable Continual Service Improvement (CSI).
6. CONTRACTOR RESPONSIBILITIES:
SERVICE TASKS : Contractor will perform the following tasks in the time and manner specified, at the direction of the Department:
Technical Analyst for IT Security Continual Service Improvement:
Perform activities within the Plan, Do, Check, Act lifecycle related to the effectiveness of security controls, as directed by the Department.
Service Reviews: maintain inventories of services and infrastructure utilized by the Security Administration Team and review their applicability to accomplishing team goals, as directed by the Department.
Process Evaluations: in coordination with the IT risk management process, evaluate the effectiveness of services by identifying and analyzing metrics and benchmarks in the interest of the Security Administration Team, as directed by the Department.
Initiatives: define initiatives to improve services and processes based on reviews and evaluations, as directed by the Department.
Monitoring: track initiative effectiveness and assist in troubleshooting and refining changes to security operations, as directed by the Department.
Security Analyst for Security Administration Team:
Analyze large amounts of data to identify patterns and potential risks. Use data to make informed decisions and develop mitigation strategies, as directed by the Department.
Perform information security and privacy incident response, as directed by the Department.
Communicate complex technical information to technical and non- technical stakeholders while demonstrating strong written and verbal communication skills, as directed by the Department.
Provide technical expertise to users, management, vendors, and peers for issues involving other Department business offices and vendors, as directed by the Department.
Support and drive continuous service improvement efforts within the risk management process, as directed by the Department.
6. 1.3DATA SECURITY AND CONFIDENTIALITY TASK:
The Contractor, its employees, subcontractors, and agents must comply at all times with all Department data security procedures and policies in the performance of this scope of work as specified in the Data Security and Confidentiality document attached to the purchase order.
6. 2. DELIVERABLES:
Contractor will complete and submit the following deliverables to the Department in the time and manner specified:
1. 1.1. Monthly: Provision of System Security Specialist consulting services in the time and manner specified in Tasks 6.1.1 Through 6.1.2.
9. REQUIREMENTS FOR RFQ RESPONSE
Contractors must address each of the following in its response to this RFQ. Failure to provide all requested information may result in disqualification. The Department reserves the right to reject any response that does not properly address the above requirements, that fails to include the requested information, or that deviates from the requirements of this RFQ in any manner.
With ALL candidate submittals, attach a quote on official letterhead, include the following information: name, State of Florida contract number, address, candidate name, hourly rate, etc. This is required.
With ALL submittals, make sure EACH candidate resume has a skills matrix referencing their years of experience compared to the Required Experience section of the Scope of Work (SOW). This is required.
With ALL candidate submittals, make sure each candidate has completed a current Resume Certification form and the information is authentic and complete. The candidate must sign and both witnesses to the signature must sign the document to be valid.
This is required.
If submitting more than one candidate for the RFQ, combine all documents into separate submittals for each candidate- Submittals should include: quote for each candidate, candidate resume, corresponding skills matrix, and the resume certification form.
Attach documents in Ariba on Demand.
For additional information using the Vendor Information Portal, go to: htt ww. r a
/myfloridamarketplace/mfmp_vendors/training_for_vendors
10. DEPARTMENT'S POINT OF CONTACT
The sole point of contact for all communication regarding this RFQ is:
Florida Department of Health Attention: Natasha Small-Brown
Title: Government Operations Consultant I E-mail:
NOTE: ALL EMAILS TO THE POINT OF CONTACT MUST CONTAIN THE RFQ TITLE IN THE SUBJECT LINE OF THE EMAIL.
SUBMISSION OF RFQ RESPONSES
Responses to this RFQ must be submitted by the date and time specified in the Request for Quote Event in MyfloridaMarketPlace . The Department will ONLY accept electronic responses . It is the Contractor's responsibility to ensure their response is submitted timely.
The Department reserves the right to reject responses delivered after the submission deadline. The Contractor's response to this RFQ must be addressed with the subject line as "[ RFQ TITLE ] and delivered to the individual identified in Section 110 .
Department's Point of Contact. [If accepting electronic responses, please include the following: All required documentation must be included as an attachment to the email. ]
Confidential Response Designation and Redaction Requirements: If the Contractor considers any portion of its Response to be: 1) Confidential Information (which is defined as "confidential and not subject to disclosure pursuant to chapter 119, Florida Statutes., the Florida Constitution, or other authority ); or 2) exempt from disclosure under chapter 119, Florida Statutes, or other authority (Public Records Law), then the Respondent must simultaneously provide the Department with an unredacted version of the materials and a separate redacted copy of the materials.
The Respondent must briefly describe in writing the grounds for claiming exemption from disclosure under chapter 119, Florida Statutes, the Florida Constitution, or other authority, including the specific statutory citation for such exemption.
If providing both a redacted and unredacted version, the Respondent must mark the unredacted version as "Unredacted Version Contains Confidential Information and place such information in an encrypted electronic form or a sealed separate envelope.
The redacted copy will be used to fulfill public records and other disclosure requests and will be posted on the Florida Accountability Contract Tracking System (FACTS) website.
By submitting a Response, the Contractor agrees to protect, defend, and indemnify the Department for all claims arising from or relating to the Contractor's determination that the redacted portions of its Response are Confidential Information or otherwise not subject to disclosure.
If the Contractor fails to submit a redacted copy of its Response, the Department is authorized to produce the entire unredacted Response submitted to the Department to answer a public records request.
If the Contractor is submitting a redacted version of its Response, it must mark the redacted copy with the Respondent's name, the RFQ number, and the words "Redacted Copy. The redacted copy should only redact those portions of material for which the Respondent can legally support a claim that the information is Confidential Information or exempt from disclosure pursuant to Public Records Law.
An entire Response should not be redacted. An entire page or paragraph which contains Confidential Information or exempt material should not be redacted unless the entire page or paragraph is wholly Confidential Information or exempt from disclosure pursuant to Public Records Law.
In the redacted copy, the Contractor must redact and maintain in confidence any materials the Department provides or seeks regarding security of a proposed technology system or information subject to sections (phone number removed), 119.071(1)(f), and 119.071(3), Florida Statutes.
12. 1. Execution of Agreement: The Department reserves the right to award to another Contractor that submits a response to this RFQ if the Department and the selected Contractor are unable to agree on the terms of the resulting Agreement.
This Request for Quote is being issued under (phone number removed)-STC-ITSA
Contract position: System Security Specialist Scope: N/A Job # 6840
PURPOSE
This scope of work is for consulting services to support the development, implementation and life-cycle management of new and existing enterprise technologies required to support the Florida Department of Health, Office of Information Technology, Security Administration Team.
Contractor will provide these services to the Department.
2. TERM
This scope of work will begin on 7/1/2024 or the date on with the purchase order is issued, whichever is later. It will end at midnight, Eastern Time on 6/30/2027. The State of Florida's performance and obligation to pay under this purchase order and any subsequent renewal is contingent upon annual appropriation by the Legislature and satisfactory performance of the Contractor.
3. LOCATION OF WORK :
The worksite for this resulting Scope of Work is the following location(s):
4052 Bald Cypress Way Tallahassee, FL 32399
• Supervisor may approve remote work.
Florida Department of Health Office of Information Technology
4. CRIMINAL BACKGROUND SCREENING
The Department will conduct a criminal history record check, including fingerprinting, on the consultant assigned by the Contractor prior to the consultant commencing work for the Department. The Department retains sole discretion as to whether the results of the criminal
history record check will result in the Contractor's employee being disqualified from performing services pursuant to this agreement.
5CONTRACTOR QUALIFICATIONS AND EXPERIENCE:
Contractor staff assigned to this agreement must possess the following minimum qualifications and experience:
6 years of combined IT and security work experience with infrastructure/network and multi-platform environments including on-premises and cloud environments across IaaS, PaaS, SaaS, VM, bare metal, and other common IT platforms.
4 years of experience in operations and maintenance of endpoint-related security products (AV, EDR, XDR, drive encryption).
2 years of experience in operations and maintenance of Azure Active Directory security (events, incidents, login events, MFA).
2 years of experience in operations and maintenance of Office 365 Security and Compliance (one or all of Exchange online, SharePoint, Teams, OneDrive, Purview).
2 years of experience working in IT security identifying and assessing risks, developing risk management strategies, and implementing risk mitigation measures.
2 years of experience working in IT security operations in all stages of the Identify, Protect, Detect, Respond, and Recover lifecycle.
2 years of experience analyzing and investigating security alerts, events, and logs from various security tools and systems to determine the cause and extent of security breaches.
2 years of experience designing, implementing, and maintaining management systems to track progress of complex IT projects at an enterprise scale, to completion.
2 years of experience working with automated IT performance reporting (any tools).
2 years of experience applying outcomes of incident analysis, risk management, and performance reporting to enable Continual Service Improvement (CSI).
6. CONTRACTOR RESPONSIBILITIES:
SERVICE TASKS : Contractor will perform the following tasks in the time and manner specified, at the direction of the Department:
Technical Analyst for IT Security Continual Service Improvement:
Perform activities within the Plan, Do, Check, Act lifecycle related to the effectiveness of security controls, as directed by the Department.
Service Reviews: maintain inventories of services and infrastructure utilized by the Security Administration Team and review their applicability to accomplishing team goals, as directed by the Department.
Process Evaluations: in coordination with the IT risk management process, evaluate the effectiveness of services by identifying and analyzing metrics and benchmarks in the interest of the Security Administration Team, as directed by the Department.
Initiatives: define initiatives to improve services and processes based on reviews and evaluations, as directed by the Department.
Monitoring: track initiative effectiveness and assist in troubleshooting and refining changes to security operations, as directed by the Department.
Security Analyst for Security Administration Team:
Analyze large amounts of data to identify patterns and potential risks. Use data to make informed decisions and develop mitigation strategies, as directed by the Department.
Perform information security and privacy incident response, as directed by the Department.
Communicate complex technical information to technical and non- technical stakeholders while demonstrating strong written and verbal communication skills, as directed by the Department.
Provide technical expertise to users, management, vendors, and peers for issues involving other Department business offices and vendors, as directed by the Department.
Support and drive continuous service improvement efforts within the risk management process, as directed by the Department.
6. 1.3DATA SECURITY AND CONFIDENTIALITY TASK:
The Contractor, its employees, subcontractors, and agents must comply at all times with all Department data security procedures and policies in the performance of this scope of work as specified in the Data Security and Confidentiality document attached to the purchase order.
6. 2. DELIVERABLES:
Contractor will complete and submit the following deliverables to the Department in the time and manner specified:
1. 1.1. Monthly: Provision of System Security Specialist consulting services in the time and manner specified in Tasks 6.1.1 Through 6.1.2.
9. REQUIREMENTS FOR RFQ RESPONSE
Contractors must address each of the following in its response to this RFQ. Failure to provide all requested information may result in disqualification. The Department reserves the right to reject any response that does not properly address the above requirements, that fails to include the requested information, or that deviates from the requirements of this RFQ in any manner.
With ALL candidate submittals, attach a quote on official letterhead, include the following information: name, State of Florida contract number, address, candidate name, hourly rate, etc. This is required.
With ALL submittals, make sure EACH candidate resume has a skills matrix referencing their years of experience compared to the Required Experience section of the Scope of Work (SOW). This is required.
With ALL candidate submittals, make sure each candidate has completed a current Resume Certification form and the information is authentic and complete. The candidate must sign and both witnesses to the signature must sign the document to be valid.
This is required.
If submitting more than one candidate for the RFQ, combine all documents into separate submittals for each candidate- Submittals should include: quote for each candidate, candidate resume, corresponding skills matrix, and the resume certification form.
Attach documents in Ariba on Demand.
For additional information using the Vendor Information Portal, go to: htt ww. r a
/myfloridamarketplace/mfmp_vendors/training_for_vendors
10. DEPARTMENT'S POINT OF CONTACT
The sole point of contact for all communication regarding this RFQ is:
Florida Department of Health Attention: Natasha Small-Brown
Title: Government Operations Consultant I E-mail:
NOTE: ALL EMAILS TO THE POINT OF CONTACT MUST CONTAIN THE RFQ TITLE IN THE SUBJECT LINE OF THE EMAIL.
SUBMISSION OF RFQ RESPONSES
Responses to this RFQ must be submitted by the date and time specified in the Request for Quote Event in MyfloridaMarketPlace . The Department will ONLY accept electronic responses . It is the Contractor's responsibility to ensure their response is submitted timely.
The Department reserves the right to reject responses delivered after the submission deadline. The Contractor's response to this RFQ must be addressed with the subject line as "[ RFQ TITLE ] and delivered to the individual identified in Section 110 .
Department's Point of Contact. [If accepting electronic responses, please include the following: All required documentation must be included as an attachment to the email. ]
Confidential Response Designation and Redaction Requirements: If the Contractor considers any portion of its Response to be: 1) Confidential Information (which is defined as "confidential and not subject to disclosure pursuant to chapter 119, Florida Statutes., the Florida Constitution, or other authority ); or 2) exempt from disclosure under chapter 119, Florida Statutes, or other authority (Public Records Law), then the Respondent must simultaneously provide the Department with an unredacted version of the materials and a separate redacted copy of the materials.
The Respondent must briefly describe in writing the grounds for claiming exemption from disclosure under chapter 119, Florida Statutes, the Florida Constitution, or other authority, including the specific statutory citation for such exemption.
If providing both a redacted and unredacted version, the Respondent must mark the unredacted version as "Unredacted Version Contains Confidential Information and place such information in an encrypted electronic form or a sealed separate envelope.
The redacted copy will be used to fulfill public records and other disclosure requests and will be posted on the Florida Accountability Contract Tracking System (FACTS) website.
By submitting a Response, the Contractor agrees to protect, defend, and indemnify the Department for all claims arising from or relating to the Contractor's determination that the redacted portions of its Response are Confidential Information or otherwise not subject to disclosure.
If the Contractor fails to submit a redacted copy of its Response, the Department is authorized to produce the entire unredacted Response submitted to the Department to answer a public records request.
If the Contractor is submitting a redacted version of its Response, it must mark the redacted copy with the Respondent's name, the RFQ number, and the words "Redacted Copy. The redacted copy should only redact those portions of material for which the Respondent can legally support a claim that the information is Confidential Information or exempt from disclosure pursuant to Public Records Law.
An entire Response should not be redacted. An entire page or paragraph which contains Confidential Information or exempt material should not be redacted unless the entire page or paragraph is wholly Confidential Information or exempt from disclosure pursuant to Public Records Law.
In the redacted copy, the Contractor must redact and maintain in confidence any materials the Department provides or seeks regarding security of a proposed technology system or information subject to sections (phone number removed), 119.071(1)(f), and 119.071(3), Florida Statutes.
12. 1. Execution of Agreement: The Department reserves the right to award to another Contractor that submits a response to this RFQ if the Department and the selected Contractor are unable to agree on the terms of the resulting Agreement.
ATTACHMENT A PRICE PAGE
Web Applications Programmer
The table below is provided as an example and may be modified so long as at a minimum, it includes: the deliverable description, quantity (or frequency), and price, including the Unit Price and Total Price, is specified. The description must tie directly back to Section 9.
Contractor Responsibilities. The cost table is optional, however, any alternative format used must include at a minimum the criteria specified within the table.
INITIAL TERM PRICING
Year
Deliverable Description
Rate of Pay
(i.e., Hourly Rate/ Unit Rate/ Monthly/Fixed Price-Fee
Quantity (i.e., # of hours)
Total Price
Fiscal Year 24/25
See # 6.2
$
$
RENEWAL TERM PRICING [OPTIONAL]
If renewals are contemplated, the Price Page must include a table that addresses each renewal year of the Agreement. Please note: The resulting Agreement must include the total cost for each year of the Agreement, including renewal years, as proposed by the selected Contractor.
Year
Deliverable Description
Rate of Pay (i.e., Unit Rate/ Monthly/Fixed Price-Fee
Quantity
Total Price
Fiscal Year 25/26
See # 6.2
$
$
Fiscal Year 26/27
See # 6.2
$
$
If you have any questions, please email
Don’t miss out on new job openings!
Create a job alert for: Risk Manager, Tallahassee
It's free, and you can cancel email updates at any time