Tenders are invited for Security and Vulnerability Assessment To strengthen its security posture, Al Majmoua requires a comprehensive Organizational Security and Vulnerability Assessment, beyond penetration testing, that covers people, processes, and technology. Consultancy Objectives The goal of this assessment is to: - Identify risks and vulnerabilities across the organization. - Assess the maturity of IT governance, security policies, and practices. - Review infrastructure, applications, and data protection controls. - Evaluate compliance with international security standards (ISO 27001, NIST CSF, GDPR-style data privacy). and key Lebanese financial sector regulations, including but not limited to Banque du Liban (BDL) Circulars, particularly BDL Basic Circular No. 144 on cybercrime prevention. - Provide a roadmap for improving organizational cybersecurity posture that aligns with future regulatory requirements as Al Majmoua transitions into a financial institution by end of December 2026. Scope of work The assessment should cover: a. Technical Security - Network architecture review (cloud + on-prem). - Vulnerability scanning of infrastructure and applications. - Azure security configurations (IAM, firewalls, DDoS protection, backup policies). - Endpoint security and antivirus solutions. - Data protection and encryption practices. b. Governance & Policies - Review of organizational IT security policies and procedures. - Incident response and disaster recovery capabilities. - BYOD and mobile device policies. - Vendor/third-party risk management. c. Organizational Awareness - Staff awareness on cybersecurity best practices. - Phishing/social engineering vulnerability testing. - Training needs assessment for IT/security staff. d. Compliance Review - Alignment with microfinance security standards. - Regulatory compliance with the Central Bank of Lebanon (BDL) regulatory framework for financial institutions, including a specific focus on requirements stipulated in BDL Basic Circular No. 144 (Cybercrime Prevention) and BDL Basic Circular No. 83 (AML/CFT). - Data privacy and client information protection with consideration for the Lebanese Banking Secrecy Law and its amendments. Deliverables The Expert company will be responsible for the following deliverables : Initial Assessment Report (baseline findings) Comprehensive Final Report including: - Executive Summary. - Vulnerability and risk analysis. - Security maturity assessment (using a framework such as NIST CSF). - Recommendations for technical, organizational, and policy improvements. - 3-Year Security Roadmap (short-, medium-, and long-term actions). Presentation for Al Majmouas IT team Confidentiality All findings and data must remain confidential. A Non-Disclosure Agreement (NDA) will be signed before the engagement. Duration of the Assignment The assessment should be completed within 34 weeks. The assignment is expected to start mid-February 2026 and end in April 2026. Qualifications and Experience - Demonstrated experience in enterprise-wide security assessments. - Certified expertise (CISA, CISM, CISSP, ISO 27001 Lead Auditor). - Experience with Microsoft Azure environments. - Proven track record with NGOs or financial institutions. - Demonstrated understanding of the Lebanese central banks IT security requirements pertaining to Financial Institutions. How to apply Interested candidates should submit the following: Organizational profile and relevant certifications. Proposed approach and methodology. Work plan with timelines. Financial proposal. References from at least 3 organizations of similar scope. A brief cover letter explaining their interest and qualifications for the role. References from previous clients. Registration Fiscal number. A financial proposal using the table below along with the suggested split of payments No. Description Rate in USD 1 Consultancy fees Noting that: If the consultant does not have a fiscal number, Al Majmoua will deduct the consultancy tax for a percentage of 8.5% from the consultancy fees. Total Please fill the table taking into consideration all points related to the application process and send your offer back to us by COB Friday the 6th of February 2025 by mail to procurement@almajmoua You can address questions for clarifications at the following email address
[email protected] until the 30th of January 2026 Tender Link : https://www.daleel-madani.org/calls-for-proposal
