DHS Wants Help Restructuring Pay and Bonuses for Cybersecurity Pros

Gil C/Shutterstock

The agency is looking for a vendor to help lay out a plan to recruit and retain top talent needed to meet its cybersecurity missions.

The Homeland Security Department is restructuring the way it pays cybersecurity professionals and wants help managing the new program and the transition getting there.

The agency is launching a Cybersecurity Talent Management System, or CTMS, “a cross-component effort to implement a new cybersecurity-focused federal civilian personnel system,” according to a draft request for proposals issued Thursday.

Part of the CTMS initiative is the Strategic Cybersecurity Compensation System, a set of policies and business processes with the goal of attracting strong cybersecurity talent through compensation—salary and annual cash bonuses.

“In designing CTMS, DHS has revisited some of the foundational theories and structures that underlie how the federal government has managed talent for decade,” the document states, specifically citing, “traditional federal position classification, multi-field salary structures, tenure-based salary progression, and occupation-focused compensation flexibilities.”

As DHS components begin to implement these changes, the agency wants a new compensation structure that will be attractive to private-sector cybersecurity experts while adhering to immutable federal regulations. The agency is looking for a vendor to help develop the “business rules, process and policies” around this system.

“The Cybersecurity Compensation System should balance internal and external equity, while integrating leading compensation methods, including those proven effective in cybersecurity-focused organizations and those reflecting a focus on skills/competencies/capabilities,” the draft solicitation states.

The statement of work is clear that this contract will be focused solely on policy and process and not the underlying IT systems to support this effort.

“CTMS is a federal civilian personnel system—not an information technology system,” the document states. “Similarly, the Cybersecurity Compensation System is not an information technology system; it is a set of business rules, processes, and policies for administering compensation.”

The draft contract includes one mandatory deliverable and three optional tasks:

  • Design (mandatory), including keeping up to date with the various foundation policies for CTMS and the compensation system while producing “ongoing assessments of the design and current state of the Cybersecurity Compensation System.”
  • Analysis (optional), which includes “identifying, obtaining and using a compensation data analysis platform,” as well as finding appropriate survey data to use in such analysis.
  • Operations (optional), to include day-to-day support for salary planning, managing recruitment and retention incentives and annual cash bonus planning.
  • Surge support (optional), to be triggered when the other tasks experience “unexpected increases in workload volume or complexity.”

The ultimate contract is expected to run for a one-year base period, with four one-year add-on options.

Feedback on the draft RFP is due by noon March 9. The agency expects to release the final solicitation by March 16, with a multiphase bid process culminating in a single award on April 29.