African Union Commission

REQUEST FOR EXPRESSIONS OF INTEREST (INDIVIDUAL CONSULTANT SELECTION)
Country: Ethiopia
Name of Project: Digital Transformation for Africa/ Western Africa Regional Digital Integration
Program SOP -1
Grant No: P180117
Assignment Title: Consultancy Services for the Development of National Cybersecurity strategy Toolkit
for the African Union Member States – WARDIP PROJECT
Reference No. ET-AUC-502728-CS-INDV
The African Union Commission has received financing from the World Bank toward the cost of
DIGITAL TRANSFORMATION FOR AFRICA/ WESTERN AFRICA REGIONAL DIGITAL
INTEGRATION PROGRAM (DTFA/ WARDIP) SOP-1.and intends to apply part of the proceeds for
consulting services
The consulting services (“the Services”) include Selection of Individual Consultant for the Development
of National Cybersecurity strategy Toolkit for the African Union Member States – WARDIP PROJECT
The key objective of the assignment is to develop a toolkit for the purpose of guiding AU MS on the
development of their national cybersecurity strategies to ensure strengthened cybersecurity governance
frameworks and harmonization with the AU Continental AI Strategy among others.
The consultant is expected to perform the following activities:
 Develop inception report,
 Perform desk work assessment of African countries cybersecurity strategy readiness using
methodologies such as surveys, desk review of national strategies and interviews.
 Define readiness with measurable criteria
 Review the continental cybersecurity strategy which will constitute the building blocks for the
toolkit,
 Conduct needs assessment of countries relating to cybersecurity strategies and collect national and
regional (AU) cybersecurity related frameworks/ blueprints as basis for the toolkit development,
 Review existing work by RECs and AUC pertaining to regional cybersecurity strategies/
blueprints and identify areas for updating and improvements to draw inferences from lessons
learned of what worked on the ground and what did not work considering the African context,
 Identify practical priority areas in the short, medium and long term. These areas must respond to
African users’ needs,
 Draft a comprehensive toolkit for national cybersecurity strategies to be used by African member
states,
 The toolkit should include incident response frameworks, cyber risk assessments, and national-
level SOC guidance. The toolkit should also include pillars aligned with global standards such as
Governance and Legal, Protection of Critical Infrastructure, Incident response & resilience,
capacity & awareness, cooperation & PPP
 The toolkit should contain a Cybersecurity Resilience Framework with incident response
playbooks for AU Member States and a mapping table aligning international frameworks with the
AU context.

 The toolkit should outline a collaboration framework for public-private partnerships, which are
critical for cybersecurity capability building thus ensuring stronger integration with public-private
partnerships and encouraging collaboration with tech firms, ISPs, and financial sectors,
 Organize a validation workshop on the developed (toolkit) involving African technical experts
and policy stakeholders.
 Finalize the documents following experts’ feedback and recommendations,
 Develop a user manual, training, awareness raising and best practices materials to support the
implementation and dissemination of the toolkit. The user manual/ training material should
incorporate Key Performance Indicators (KPIs) for measuring cybersecurity progress.
EXPECTED DELIVERABLES
. The project deliverables and work products shall be as follows:

Deliverables Deliverables after signing of

contract
Development of national cybersecurity strategy toolkit for AU MS
1. Inception report 1 month
2. Needs assessment, case collection developed, and
baseline data compiled
(including mapping of existing policies,
institutions, CSIRTS and legal frameworks per
country)

2 months

3. Toolkit for national cybersecurity strategies
drafted (including model templates and
checklists-Strategy structure, action plan, KPI
table, etc)

3 months

4. A comprehensive toolkit for national
cybersecurity strategies developed in Africa in
both English and French languages

4 months

5. Best practices, user manual, training materials and
awareness raising content developed to support
the implementation and dissemination of the
toolkit

5 Months

Duration of Assignment: The duration of the assignment is 5 Months
The detailed Terms of Reference (TOR) for the assignment are attached to this Request for Expression of
Interest.
The African Union Commission now invites eligible individuals (“Consultants”) to indicate their interest
in providing the Services. Interested Consultants should provide information demonstrating that they
have the required qualifications and relevant experience to perform the Services. The requirement for the
assignment is described below
A. Academic and education background
Advanced University Degree in the following fields:

 Telecommunications/ICT/Compute Science/ Computer Engineering
 Business management and/or Law
 Database/Software Applications Management
Minimum Diploma/ Certification in Digital Policy/ Strategy formulation/CISSP/CISM/ISO 27001 Lead
Implementer/Auditor or equivalent is an added advantage
B. Professional Experience
 At least 10 years of practical experience and proven expertise in successfully undertaking similar
projects and assignments in the development of national/regional cybersecurity blueprint/ toolkit
along with its action plan / tactical roadmap at national and regional levels with preference of a
prior extensive knowledge of the African landscape.
 At least 5 years of experience in the African region regarding the African cybersecurity strategies
landscape trends, principles, challenges, priorities and indicators,
 Knowledge of national cyber readiness indicators within the African continent.
C. Knowledge and Expertise
 Experience in integrating, demonstrating and processing relevant data/content visually and
graphically,
 Demonstrated ability to acquire and access up-to-date relevant data to support the assignment,
 Proven abilities to demonstrate similar prior assignments conducted by the consultant,
 Broad knowledge of cybersecurity prospects in Africa including regional and national budget
needs, policy, Interoperability options and regulatory regimes,
 Knowledge of cybersecurity global trends on a 360-eagle view, cyber maturity models (ITU GCI,
CMM, SCMM) and familiarity with AU Cybersecurity and Data Protection Frameworks
D. Project management, Business and organizational Skills
 The consultancy should possess relevant practical experience and proven expertise in successfully
undertaking cybersecurity strategy projects’ management at national and regional levels,
 Proven timely project delivery at national and regional levels.
E. Stakeholder Engagement
 Excellent communication and negotiation skills to engage with a diverse range of stakeholders,
 Ability to build and maintain relationships with governmental bodies, industry partners, pertinent
regional institutions and civil society.

F. Global Perspective:
 Awareness of international developments and trends in cybersecurity and cyber-resilience areas,
 Ability to apply global best practices to the local context.
G. Problem-Solving Skills:
 Analytical mindset to identify and solve complex challenges,
 Excellent report writing skills in English, ability to produce concise reports,

 Excellent interpersonal, presentation and communication skills, both orally and in writing,
 Proficiency in the use of standard office software packages, email and internet.
H. Collaboration and Teamwork:
 Ability to work collaboratively within teams and across AU / WB departments
I. Language Skills:
 Advanced level English or French is required and Proficiency in other official languages of the
AU in both spoken and written communication will be considered an added advantage
Evaluation Criteria
The Candidates shall be evaluated based on the criteria provided below;
Evaluation Criteria
1. Qualifications (30%): The required qualifications indicated in the ToR
2. General experience (10%). The general experience indicated in the ToR.
3. Specific Experience relevant to the assignment (50%): The Specific Experience
relevant to the assignment indicated in the ToR.
4. Language (10%): The language skills required is specified in the TOR

.
The attention of interested Consultants is drawn to Section III, paragraphs, 3.14, 3.16, and 3.17 of the
World Bank’s “Procurement Regulations for IPF Borrowers” July 2016, revised November 2020
(“Procurement Regulations”), setting forth the World Bank’s policy on conflict of interest. A Consultant
will be selected in accordance with the Individual Consultant selection method set out in the Procurement
Regulations. Further information can be obtained at the address below during office hours i.e. 0900 to 1700 hours.
Expressions of interest must be delivered in a written form to the address below (in person, or by mail, or
by e-mail) by 29 December 2025
African Union Commission,
Attn: Head of Supply Chain Management Division
Building C, 3 rd Floor,
P.O Box 3243, Roosevelt Street
Addis Ababa, Ethiopia
Tel: +251 (0) 11 551 7700 – Ext 4305
Fax: +251 (0) 11 551 0442; +251 11-551-0430
E-mails: [email protected]