Cybersecurity Enabling Environmental Lead Consultant

ВАКАНСІЯ: Cybersecurity Enabling Environmental Lead Consultant for U.S. Cybersecurity for Critical Infrastructure in Ukraine (CCI) Activity

Level Of Effort Based — 3−6 Months (52−104 days)

BACKGROUND:

The U.S. Cybersecurity for Critical Infrastructure in Ukraine (CCI) Activity began in May 2020. The purpose of the CCI Activity is to reduce, and ultimately eliminate, cybersecurity vulnerabilities in Ukraine’s critical infrastructure sectors. In the same way that cyberattacks drove Estonia to innovate cybersecurity practices, systems, and entrepreneurship as the backbone of its digital transformation.

The CCI Activity continues to improve the cyber-resilience of Ukraine and its critical infrastructure sectors through three interlinked, mutually reinforcing objective areas that address legal, policy, institutional, workforce, and market gaps to strengthen long-term national resilience.

Building on progress achieved from 2020 to 2026, and under the Department of State, the Activity will continue implementation of these objectives while aligning them with U.S. foreign-policy priorities for trusted technology, supply-chain security, and transatlantic digital integration.

Objective 1: Create a safe, trusted environment to accelerate the development of people, processes, and technology to support cybersecurity across CI sectors and assets in Ukraine.

Objective 2: Strengthen Ukraine as a sovereign nation built on a secure, protected, and dynamic economy, supported by a talented pool of human capital.

Objective 3: Stimulate demand for and supply of Ukrainian cybersecurity solutions and service providers to empower, equip, and finance cybersecurity entrepreneurs and businesses

The CCI Activity consists of three complementary, mutually reinforcing, and integrated components:

Component 1: Strengthen the Cybersecurity Enabling Environment

This component enhances Ukraine’s ability to protect and modernize its civilian digital infrastructure by embedding U.S. and allied cybersecurity standards into the governance, architecture, and operational systems of critical infrastructure (CI). It prioritizes the divestment of high-risk digital assets and the adoption of secure-by-design technologies that advance trusted supply chains, secure communications, and resilient public services in line with U.S. strategic and commercial interests.

Component 2: Develop Ukraine’s Cybersecurity Workforce

This component builds the institutional and technical foundation for a civilian cyber workforce capable of securing Ukraine’s critical infrastructure during wartime and sustaining digital resilience throughout long-term recovery. It anchors that workforce in U.S.-backed standards, trusted technology principles, and interoperable training models aligned with allied strategic frameworks. All workforce development activities under this component shall be focused on applied operational capability and demonstrable use of skills, rather than academic, theoretical, or strategy-only training outcomes.

Component 3: Build a Resilient Cybersecurity Industry

This component strengthens Ukraine’s domestic cybersecurity and dual-use technology sector as a frontline contributor to national resilience and a trusted partner in U.S. and allied digital ecosystems. It aims to reduce Ukraine’s reliance on high-risk and adversary-origin platforms, and position select Ukrainian firms as interoperable contributors within U.S. and allied technology supply chains where this serves U.S. strategic, security, and commercial interests.

Under the leadership of the Cybersecurity Enabling Environmental Lead, Component1 will enhance Ukraine’s ability to protect and modernize its civilian digital infrastructure by embedding U.S. and allied cybersecurity standards into the governance, architecture, and operational systems of critical infrastructure (CI). It will prioritize the divestment from high-risk digital assets and the adoption of secure-by-design technologies that advance trusted supply chains, secure communications, and resilient public services, in line with U.S. strategic and commercial interests. Implementation under this component shall prioritize verifiable operational change on live systems and exclude advisory, planning, or roadmap-only outputs that do not result in deployed or enforced outcomes.

Component 1 will support designated Ukrainian institutions —primarily the Ministry of Digital Transformation (MDT), National Cybersecurity Coordination Center (NCSCC), National Security and Defense Council (NSDC), and other authorized agencies— in implementing defined, outcome-oriented civilian cyber governance actions. Such support shall focus on the execution of approved institutional changes, the enforcement of coordination protocols, and the operational application of national cyber incident management procedures, rather than on the production of advisory or conceptual guidance.

To strengthen national preparedness, Component 1 will provide continuous support to critical infrastructure cyber posture assessment and remediation activities, including penetration testing and follow-on remediation tied to identified vulnerabilities, consistent with Ukraine’s national cyber incident management framework. These activities shall focus on improving real-world defensive readiness rather than exercise-based simulation.

TASKS / RESPONSIBILITIES:

The Cybersecurity Enabling Environmental Lead will serve as the primary Technical Lead for Component 1 and ensure delivery of fixed-fee and implementation-plan deliverables focused on institutional reform, trusted vendor transition, critical infrastructure modernization, and cyber preparedness. The Lead must possess a deep understanding of Ukraine’s legislative and regulatory cyber framework, multilateral coordination platforms (e.g., Tallinn Mechanism), and U.S. technology and export compliance priorities.

Responsibilities include guiding policy alignment with U.S. standards (e.g., NIST 800 series, C-SCRM), developing national frameworks for secure drone integration and AI threat modeling, and managing cross-government consultations on cyber resilience and minerals corridor protection. The Lead must work closely with GOU stakeholders (MDT, NSDC, SSSCIP), coordinate secure software transitions, and ensure forward-leaning support for pilot innovations such as digital twins and AI cyber labs.

The Enabling Environment Lead will be responsible for:

• Providing guidance and oversight into all activities carried out under Component 1;

• Managing regulatory support for newly adopted functions of the Activity beneficiaries, especially when additional assistance is required;

• Continuously addressing evolving expectations and requirements of beneficiaries and recipients;

• Managing the implementation of activities aimed at strengthening national preparedness

• Developing, updating, and executing on detailed annual work plans for all tasks under Component 1;

• Identifying resources needed to execute work plans and define scopes of work for Short-Term Technical Assistance (STTA);

• Monitoring and reporting on all deliverables, results, and indicators related to Component 1

• Be cognizant and monitor developments in Ukraine and globally as related to the cybersecurity enabling environment;

• Engaging with representatives of the Government of Ukraine and other activity stakeholders in expert-level discussions, identifying and bringing in subject matter experts, as needed;

• Taking initiatives and leading the completion of assessments to prepare or review, as appropriate, drafting legal and regulatory changes as stated in the Scope of Work, and as requested by the Department of State;

Oversight and Leadership:

• Managing a team of 3−5 senior staff members

• Managing and guiding STTAs who support Component 1; reviewing the quality of completed work and providing constructive feedback on an as-needed basis.
• Participating in weekly internal and client calls.

• Engaging in proactive and overarching coordination and discussion with other component leads.

• Attending meetings and events related to Component 1 as the Activity’s representative

Required Qualifications:

1. Advanced degree in cybersecurity policy, digital governance, public administration, or related field.

1. Minimum 7 years' experience advising or managing technical policy reform in cybersecurity or digital infrastructure sectors, preferably in post-conflict or transitional contexts.

1. Demonstrated experience aligning cyber reform with U.S. and NATO/EU regulatory frameworks (e.g., 5G Toolbox, CISA guidelines).

1. Proven capacity to lead multi-stakeholder planning, including with GOU agencies and international donors.

1. Fluency in English and Ukrainian is required.

Equal Employment Opportunity

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or status as a protected veteran.

DAI upholds the highest ethical standards. We are committed to the prevention of sexual exploitation, abuse, and harassment as well as other ethical breaches. All our positions are therefore subject to stringent vetting and reference checks.»

DAI promotes workforce diversity and encourages persons from excluded groups, including persons with disabilities, to apply.

It’s Kyiv-based position, short-term. Level Of Effort Based — 3−6 Months (52−104 days)

Qualified candidates should send their CV and cover letter to [відгукнутися]. by June 30, 2026 6:00pm Kyiv time. Only short-listed candidates will receive notice requesting additional information. Interviews will be conducted on the rolling basis.