تجاوز إلى المحتوى الرئيسي

Security and Vulnerability Assessment

To strengthen its security posture, Al Majmoua requires a comprehensive Organizational Security and Vulnerability Assessment, beyond penetration testing, that covers people, processes, and technology.

Consultancy Objectives

The goal of this assessment is to:

- Identify risks and vulnerabilities across the organization.

- Assess the maturity of IT governance, security policies, and practices.

- Review infrastructure, applications, and data protection controls.

- Evaluate compliance with international security standards (ISO 27001, NIST CSF, GDPR-style data privacy). and key Lebanese financial sector regulations, including but not limited to Banque du Liban (BDL) Circulars, particularly BDL Basic Circular No. 144 on cybercrime prevention.

- Provide a roadmap for improving organizational cybersecurity posture that aligns with future regulatory requirements as Al Majmoua transitions into a financial institution by end of December 2026.

Scope of work

The assessment should cover:

a. Technical Security

- Network architecture review (cloud + on-prem).

- Vulnerability scanning of infrastructure and applications.

- Azure security configurations (IAM, firewalls, DDoS protection, backup policies).

- Endpoint security and antivirus solutions.

- Data protection and encryption practices.

b. Governance & Policies

- Review of organizational IT security policies and procedures.

- Incident response and disaster recovery capabilities.

- BYOD and mobile device policies.

- Vendor/third-party risk management.

c. Organizational Awareness

- Staff awareness on cybersecurity best practices.

- Phishing/social engineering vulnerability testing.

- Training needs assessment for IT/security staff.

d. Compliance Review

- Alignment with microfinance security standards.

- Regulatory compliance with the Central Bank of Lebanon (BDL) regulatory framework for financial institutions, including a specific focus on requirements stipulated in BDL Basic Circular No. 144 (Cybercrime Prevention) and BDL Basic Circular No. 83 (AML/CFT).

- Data privacy and client information protection with consideration for the Lebanese Banking Secrecy Law and its amendments.

Deliverables

The Expert company will be responsible for the following deliverables :

  1. Initial Assessment Report (baseline findings)
  2. Comprehensive Final Report including:

   - Executive Summary.

   - Vulnerability and risk analysis.

   - Security maturity assessment (using a framework such as NIST CSF).

   - Recommendations for technical, organizational, and policy improvements.

   - 3-Year Security Roadmap (short-, medium-, and long-term actions).

  1. Presentation for Al Majmoua’s IT team

Confidentiality

All findings and data must remain confidential. A Non-Disclosure Agreement (NDA) will be signed before the engagement.

Duration of the Assignment

The assessment should be completed within 3–4 weeks.

The assignment is expected to start mid-February 2026 and end in April 2026.

Qualifications and Experience

- Demonstrated experience in enterprise-wide security assessments.
- Certified expertise (CISA, CISM, CISSP, ISO 27001 Lead Auditor).
- Experience with Microsoft Azure environments.
- Proven track record with NGOs or financial institutions.
- Demonstrated understanding of the Lebanese central bank’s IT security requirements pertaining to Financial Institutions.

Call Type
Call for Consultancies
Remuneration Range
3000 to 4000 (USD)
Intervention Sectors
Science & Technology
Duration of Contract
3 Months
How to Apply

Interested candidates should submit the following:

  • Organizational profile and relevant certifications.
  • Proposed approach and methodology.
  • Work plan with timelines.
  • Financial proposal.
  • References from at least 3 organizations of similar scope.
  • A brief cover letter explaining their interest and qualifications for the role.
  • References from previous clients.
  • Registration Fiscal number.

A financial proposal using the table below along with the suggested split of payments

No.

Description

Rate in USD

1

Consultancy fees

 

Noting that: If the consultant does not have a fiscal number, Al Majmoua will deduct the consultancy tax for a percentage of 8.5% from the consultancy fees.

 

 

 

Total

 

 

 

 

 

 

 

 

 

 

Please fill the table taking into  consideration all points related to the application process and send your offer back to us by COB Friday the 6th of February 2025 by mail to procurement@almajmoua

You can address questions for clarifications at the following email address procurement@almajmoua.org  until the 30th of January 2026

Deadline
Countries
Lebanon