About MSI Asia Pacific

MSI Asia Pacific (MSIAP), its entities and affiliates, are a specialist sexual and reproductive health, non-governmental organisation (NGO) working in Australia, Asia and the Pacific to ensure the fulfilment of sexual and reproductive health and rights (SRHR) of all people.

At MSI Reproductive Choices we are unapologetically pro-choice. We believe that every person has the right to make choices about their own body and future. As one of the world’s leading providers of contraception and safe abortion care, we give everyone the means to do so. Across 36 countries, we provide high quality, safe services, and work with advocacy to create an enabling environment, so every client has safe access to services when and where they are needed.  

MSIAP serves as the Public Engagement and Grant Management office for MSI in Australia and the Asia Pacific region. Working with key institutional donors including Australian Government (DFAT) and New Zealand Government (MFAT), Foundations and individual supporters, MSIAP oversees a number of projects across Asia and the Pacific. 

MSI is committed to creating an inclusive environment with a workforce which is representative of the communities we serve. We’re proud to be an equal opportunities employer and give equal consideration to all qualified applicants without regard to race, ethnicity, religion, gender, gender identity or expression, sexual orientation, national origin, disability, or age. We are committed to promoting equality and safeguarding the welfare of all team members and clients, with a focus on vulnerable groups.

The consultancy 

MSIAP is at once the Asia Pacific regional subsidiary of the MSI Reproductive Choices global partnership, and an Australian NGO. We are governed by a Board of Directors which oversees the Executive Officer who manages a team of 17 employees in total, inclusive of a team of 4 senior managers.

MSIAP is located separately to MSI Australia (MSIA), the Australian clinical business. We are guided by many of the global standards set out by the MSI Global Support Office as well as local policies set by MSI Australia. 

MSIAP is seeking the services of an external cyber-security provider to conduct a comprehensive risk assessment of our current platforms. This assessment aims to identify potential cyber risks, evaluate the adequacy of existing controls, and provide an overview of high risks and potential mitigation strategies.

Objectives

The objectives of this engagement are to: 

• Review MSIAP’s operating environment and conduct a thorough cyber risk assessment.  
• Meet with key internal stakeholders to understand their roles and the impact of their security measures on MSIAP. 
• Produce a detailed report that includes an assessment of MSIAP cyber risks and the adequacy of existing controls. This will include a risk mapping process to highlight degrees of risk across the data and operating environment. 
• Present the findings and recommendations to MSIAP Senior Management and the Finance, Risk, Audit, and Compliance committee members. 

Scope of Work

The scope of work for the cyber-security provider includes: 

• Reviewing MSIAP’s operating environment to identify potential cyber risks.  
• Conducting a comprehensive cyber risk assessment and risk map. 
• Meeting with key internal stakeholders, including:  
  • Global IT to understand their scope and security measures. 
  • Corporate Services Director and Fundraising Director to understand key processes and third-party service providers with access to MSIAP data.  

Deliverables:

The deliverables for this engagement include: 

• A comprehensive report detailing the findings of the cyber risk assessment. 
• An evaluation of the adequacy of existing controls, aligned with Australian privacy and data regulations. 
• A presentation of the findings and recommendations to MSIAP Senior Management and the Finance, Risk, Audit, and Compliance committee members.

In the proposal, please make specific reference to: 

• Any experience working with INGO’s or Sexual and Reproductive Health Rights organisations. 
• Experience reviewing and updating risk management policies and processes
• Experience reviewing and updating Business continuity plans
• Experience and knowledge of DFAT Accredited organisations / requirements 
• Experience with multi-faceted organisations which are part of a global alliance and operate in a complex projects environment 

Key Stakeholders:

• Josh Vansittart, MSIAP Corporate Services Director 
• Emma Clark Gratton, MSIAP Fundraising Director 
• Andrew Davison, Global CIO 

Timing:

The engagement is expected to be completed by July 2025. The timeline for the deliverables will be agreed upon with the selected provider.

Location: 

MSIAP is located in Melbourne. Consultants may work remotely. 

Closing date:   

As advertised, but proposals may be reviewed on a rolling basis

Information Required in Proposal

With reference to the Terms of Reference outlined above, please provide a short proposal that addresses the following areas.

Consultant’s Details:

• Business Name
• ABN
• Address
• Phone
• Email

Programme Information

• Ability to meet the Terms of Reference 
• Proposed methodology 
• Ability to meet the timeline nominated (or present reasonable timeline) 

Expertise and Experience

• Demonstrated expertise in cyber-security risk assessments preferably in the non-profit or SRHR sector.
• Experience conducting reviews of processes, and communicating findings to executive teams 
• Proven track record of producing comprehensive and actionable reports.

Fee Schedule

An estimate of the project fees including:

• the capped fee for the project 
• the hourly or daily rates that form the basis of the capped fee
• anticipated out of pocket expenses, including a proposed cap 
• Please show all fees and expenses inclusive of GST 

References

• Details of 2 referees relevant to the delivery of risk management or business continuity related services 

Response Close Date

• Please submit your response via the "Apply Now" button. 

Evaluation Criteria

The following criteria will be used to evaluate responses to the Request for Proposal.

Criteria

• Demonstrated experience in conducting cyber risk assessments  - Weighting 30%
• Value for money - Weighting 30%
• Ability to produce comprehensive and actionable reports - Weighting 30%
• Strong Communication skills and ability to present findings to senior management and governing bodies - Weighting 10%

• Pro-MSI philosophy of reproductive rights and pro-choice on abortion - Non-weighted requirement

Other Information

MSIAP is a child-safe organisation and has zero tolerance for sexual exploitation, abuse, and harassment. MSIAP also takes a zero-tolerance approach to fraud and bribery, terrorism and money laundering as well as modern slavery and any unethical behaviour. 

To ensure consultants’ values and conduct align with MSIAP’s, consultants will need to:

• Undergo a Police Check prior to commencing consultancy work with MSIAP;
• Sign MSIAP’s Child Safeguarding Code of Conduct and our Global Code of Conduct; and
• Complete MSIAP’s Supplier Questionnaire.

MSIAP Contact

If you have any questions in relation to this Request for Proposal, please contact the person nominated below.

[email protected] using the subject line: Cyber-Security Risk Assessment - Request for Proposal enquiry via EthicalJobs