TOR: Implementation of a Privileged Access Management (PAM) Solution
Locations: Kenya, Rwanda, South Sudan, Ethiopia, Chad
Deadline: July 24, 2026
Job Description
Background
Inkomoko currently lacks a centralized system to manage and monitor privileged access for developers, system administrators, database administrators, and other users with elevated permissions. This exposes the organization to risks such as credential misuse, privilege escalation, limited audit capabilities, and non-compliance with security best practices.
To strengthen its cybersecurity posture, the IT & Security Department seeks to implement a Privileged Access Management (PAM) solution that will secure, control, monitor, and audit all privileged accounts and activities across the organization’s infrastructure.
Objective of the Assignment
The objective of this assignment is to supply, implement, configure, and commission a Privileged Access Management (PAM) solution that will enable Inkomoko to:
- Centralize the vaulting and management of all privileged credentials.
- Implement Just-in-Time (JIT) privileged access for developers and administrators.
- Enable session recording and real-time monitoring of privileged activities.
- Automate privileged password rotation.
- Implement Role-Based Access Control (RBAC) with approval workflows.
- Maintain comprehensive, audit-ready privileged access logs.
Scope of Work
The successful vendor will be expected to undertake, at a minimum, the following activities:
- Supply, install, and configure the PAM solution for both on-premises and cloud environments.
- Integrate the solution with existing identity management systems.
- Onboard privileged accounts across Windows servers, Linux servers, databases, network devices, and cloud platforms.
- Configure password management policies, automated password rotation, and Just-in-Time access.
- Configure session recording for SSH, RDP, HTTPS, and database connections.
- Define and implement Role-Based Access Control (RBAC) for developers, system administrators, auditors, and managers.
- Integrate the PAM solution with the organization’s Security Information and Event Management (SIEM) platform (e.g., Splunk or ELK).
- Conduct administrator and end-user training on the use and administration of the solution.
Deliverables
The successful vendor shall provide the following deliverables:
- A fully deployed and production-ready Privileged Access Management environment.
- Technical architecture documentation and integration guides.
- Configured credential vault structure and security policy documentation.
- Session recording and auditing configuration report.
- Administrator and end-user training, including presentation materials and recorded training sessions.
- System health check report and comprehensive handover documentation.
Duration
The assignment is expected to commence in August 2026 and be completed by the end of September 2026, with an overall implementation period of eight (8) weeks. This period includes installation, configuration, integration, testing, training, and final handover.
Reporting and Supervision
The successful vendor will report directly to the IT Security Manager.
Progress will be monitored through weekly implementation meetings supported by bi-weekly written status reports. Final acceptance testing and project sign-off will be conducted by the Director of IT.
Requirements
Vendor Qualifications and Experience
Interested vendors should demonstrate the following minimum qualifications:
- Certified implementation partnership with the Original Equipment Manufacturer (OEM) of the proposed PAM solution.
- Proven experience delivering at least three successful PAM implementations for organizations of similar size and complexity.
- Experience integrating PAM solutions with Microsoft Azure Active Directory, AWS Identity and Access Management (IAM), and on-premises Active Directory.
- Strong technical expertise in Windows and Linux privilege management, session monitoring, and privileged account governance.
Proposal Submission Requirements and Date
Interested vendors should submit a proposal comprising:
- Company registration documents.
- Company profile and relevant experience.
- Detailed implementation methodology and work plan.
- Financial proposal, including licensing and implementation costs.
Proposals should be submitted electronically to: procurement.regional@inkomoko.com no later than 24th July 2026 at 5:00 p.m. EAT.
The email subject should be: Proposal – Privileged Access Management (PAM) Solution – Vendor Name.
Any requests for clarification during the procurement process should also be submitted to: procurement.regional@inkomoko.com .
Evaluation Criteria
Proposals will be evaluated using the following weighted criteria:
- Technical approach and alignment with PAM best practices – 30%
- Relevant implementation experience and client references – 30%
- Cost competitiveness, including licensing and implementation – 20%
- Training, knowledge transfer, and post-implementation support – 20%
Contact Information
For clarification regarding this assignment or proposal submission, please contact:
Procurement Team
Email: procurement.regional@inkomoko.com


