will be discussed
Cyber Security Expert


1. Background

Rwanda has distinguished itself as a country that is deeply committed to leveraging digital transformation as a means to accelerate growth and reduce poverty. Government is committed to using digitally enabled solutions, wherever possible, to leapfrog traditional approaches and support innovation in service delivery. Beginning as early as 2000, Rwanda began charting an ambitious course for achieving rapid digitization, through a series of five-year plans – culminating in the SMART Rwanda Master Plan. These policies have resulted in the progressive roll-out of digital infrastructure, impressive public e-services expansion (though from a very low base), as well as initiatives to support digital skills and to position Rwanda as a regional ICT hub, underpinned by government institutions and leadership committed to this agenda. Today, Rwanda continues to articulate ambitious strategies in relation to many of these areas.

The Government of Rwanda (GoR) is set to receive funding from the World Bank (WB) to accelerate country-wide digital transformation, as well as facilitate Rwanda’s integration in the emerging regional digital market. The proposed “Rwanda Digital Acceleration Project” project (henceforth referred to as the ‘the project’) will expand digital adoption, bringing more Rwandans online by addressing the major barriers that dampen demand for digital services and spearheading a series of interventions that promote digital inclusion. The project will also enable Rwanda to leverage critical enabling digital platforms and data-driven solutions to improve the efficiency of public service delivery and expand the adoption of digitally enabled services. Finally, the project will also increase Rwanda’s capacity to support digital innovation and productivity gains, by strengthening the local digital innovation and entrepreneurship ecosystem, supporting tech firms to move from start-ups to growth, and adopting digital technology in key sectors.

The Project will be coordinated through the Ministry of ICT and Innovation (MINICT), with Rwanda Information Society Authority (RISA) as the Project implementing institution. A dedicated Single Project Implementation Unit (SPIU) is thus being set up and operationalized at RISA that will have overall responsibility for supporting project preparation and implementation.

RISA seeks to hire a series of high-performing and qualified experts to fill the positions of the SPIU, who will drive the successful and effective preparation and delivery of this project. The job profiles, roles, and responsibilities, and reporting requirements of the said consultants are indicated below.

2. Summary of Needed Experts

 Experts hired will be under the supervision of the Chief Executive Officer (CEO) of RISA. The consultants will work in close collaboration with the Management and Staff of RISA and MINICT, as well as many other key project stakeholders throughout the project cycle – from identification through to implementation – supporting planning, contracting, oversight, monitoring and evaluation (M&E) and project reporting on progress.

Given the coordination role played by RISA on the digital agenda in Rwanda and the coordination role that the SPIU will play in a relation to the project, all successful candidates will need to possess strong stakeholder engagement and communication skills.

To be successful, experts will also need to possess strong technical expertise in their respective fields and excellent project management skills, including a track record of managing large and complex donor-funded projects.

Below are detailed job roles and required qualifications for the different experts which the SPIU currently plans to hire as part of its initial set-up.

3. Job Profiles and Description 

Job Profiles for the Rwanda Digital Acceleration Project


Job title

Job profile (Needed Qualifications, Skills and Experience)

Duties and Responsibilities

Number of Positions


Cyber Security Expert


Selection Criteria:

Bachelor’s Degree in Computer Science, Computer / Software Engineering, Information, and Communication Technology (ICT), Information Systems or equivalent, with a minimum 8 years of relevant work experience; or

Master’s Degree (preferred) in Computer Science, Computer / Software Engineering, ICT, Information Systems, or equivalent, with a minimum of 7 years of relevant work experience.

Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), SANS GIAC, SSCP, GISF, CEH, OSCP, CISM, CCNA Security, CCNA CyberOps, etc;

Possession of Prince2 or PMP certification is an added advantage

Technical competencies:

  • Advanced level knowledge of cyber intelligence fundamentals and key security concepts; vulnerability assessment and penetration testing, IDS/IPS, security operations, network monitoring, incident response, email security, security analytics, and deployment or management of security tools such as SIEM, NAC, DAM, WAF, NGFW, UTM, etc.
  • security and risk management, asset security, security engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security, including experience with the requirements of Risk Management Framework (RMF) requirements
  • Ability to assess risks in line with information security objectives and risk tolerance of the institution.
  • Proven conceptual, analytical, and evaluation skills;

Professional experience in information security threat and intrusion analysis; Good technical knowledge and understanding of endpoint and network security threats and mitigation techniques; Proven ability to analyze threats and engineer mitigating controls, preventive or detective, leveraging all available tools and resources;

Experience with global standards and directives

  • Knowledge of methods and technologies for encrypting data in transit and at rest, encryption key management/rotation, Geolocation filtering, GDPR controls
  • Experience with DR/BC planning and testing
  • Blockchain experience is an added advantage.

General Competencies (management, leadership, communication, problem-solving, monitoring, coordination, stakeholder management, etc.)

  • Ability to work effectively across multiple cross-functional teams to proactively resolve problems, support and engage key stakeholders; as well as work effectively across boundaries even without active guidance from the management;
  • Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers;
  • Demonstrated ability to listen and integrate ideas from diverse views, create partnerships and collaborate with others, advocate and influence, resolve conflicts constructively,
  • Proven ability to conduct research independently and present results effectively;
  • Impeccable planning, organization, and time management skill; Ability to work well under pressure and to meet tight deadlines;
  • Demonstrates a high level of motivation, confidence, integrity, and responsibility;
  • Strong problem-solving skills with the ability to provide solutions to emerging challenges;
  • Experience leading change, taking initiative, and driving results;
  • Computer literacy including Microsoft packages;
  • Excellent communication skills – both written and verbal, including the capacity to communicate complex and technical issues in simple terms;
  • Proven ability to clearly and concisely prepare, present, and discuss recommendations at senior levels and to produce deliverables such as memoranda, recommendations, requirements documents, and status reports;
  • Fluency in English is essential;

Should demonstrate a high degree of professionalism and integrity.

  1. Lead Cybersecurity and information security implementation under the project, support the design and effective implementation of cybersecurity-related activities;
  1. Actively monitor and assess new and emerging threats posing risk to the ecosystem and its information assets. Recommend tactical and strategic ways to eliminate or mitigate these risks under the implementation plan of the project;
  2. Ensure best practices in Cybersecurity are followed in the design and implementation of the project;
  3. Interface effectively with ecosystem partners, to provide security oversight and guidance for cybersecurity standards and protocols.
  4. Using best practice project management tools, follow a Cybersecurity Program project management and implementation plan with timelines, roles, and accountabilities
  5. Working as a team with the procurement specialist, coordinate the procurement process for the Cybersecurity goods and services to be financed under the project, including writing substantive sections of Terms of Reference, writing technical and functional specifications, integrating comments from stakeholders and decision-makers, launching tenders according to the procurement plan, coordinating the evaluation committees and bringing contracts to signature while following World Bank procurement rules.
  6. Supervise the implementation of Cybersecurity contracts under the project, including monitoring and guiding quality and efficiency of vendor work, providing comments on vendor deliverables, coordinating reviews from stakeholders of deliverables, and bringing contracts to successful closure with the delivery of goods and services on budget and on time.
  7. Keep stakeholders fully abreast of developments, implementation and results
  8. Maintain a Cybersecurity component monitoring and evaluation table with output, outcome, and impact indicators associated with the project implementation activities. Update the table for each World Bank supervision mission and as needed in the interim.
  9. Produce well-written reports on the implementation progress of the Cybersecurity program as required by NIMC, OVP, World Bank, or other stakeholders. Such reports will be required at a minimum prior to each World Bank supervision mission.
  10. Maintain cordial and productive working relationships with counterparts, focal points, and stakeholders in the national identification ecosystem


  1. The Cybersecurity Expert will report to the SPIU Coordinator


  • Support procurement and delivery of PPA activities linked to digital _(Within the first three months of contract signature)

Progress report (monthly)


  1. Duty Station

The experts will be stationed at the RISA-SPIU office in Kigali. Ad hoc home-based work may be permitted, in the context of Covid-19 but will be based on wider Government policy on this matter.

  1. Appointment – duration

The appointment will be on a contract basis of 1 Year renewable based on need, performance, and funds availability.

  1. Appointment – type

If not otherwise stated, contracting is expected to be full time.

  1. Equipment and services

The project will provide a furnished and equipped office with a computer and accessories, internet service in the office, and airtime for mobile telephone.


Application Guidelines:

Interested experts should apply online (recruitment@risa.rw) and upload application documents including Application letter, Curriculum Vitae, Identification card, copies of degree certificates, and professional certificates.

Only online applications shall be consideredand the folder containing application documents MUST be saved under the name of the job position applied for.

For any inquiries/clarification use the above email.

Address all applications to the Chief Financial Officer of the Rwanda Information Society Authority.

Deadline for application: Friday, December 11th, 2020.