NATO - OTAN

Officer, Accreditation Support

NATO - OTAN

1. SUMMARY

The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise, is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services. The NATO CIO provides Enterprise oversight on cybersecurity issues, and, in close coordination with all relevant NATO civil and military bodies, works towards the continual improvement of the cyber hygiene and cybersecurity posture in the NATO Enterprise.

The Office of the NATO CIO (OCIO) has an integrated staff organization comprised of International Staff (IS) and International Military Staff (IMS) members.

The Enterprise Security Branch (ESec) maintains Enterprise oversight on cybersecurity and enables awareness on specific risks, processes and incidents. It supports the NATO CIO in managing cybersecurity risks and incidents at Enterprise level, advises and supports the decision-making process for identifying the Enterprise risk appetite and risk acceptance for CIS Security. The Branch executes functions deriving from the NATO CIO Enterprise risk owner and top-level incident manager roles for cybersecurity, coordinating incident response, business impact analysis, risk mitigation, mid- to long- term mitigation measures and lessons-identified definition. The Branch also maintains relations with key Enterprise military and civilian stakeholders at strategic, operational, tactical and technical levels.

The Risk Management Section (RMS) is responsible for ensuring the execution of the Enterprise CIS Operational Authority (CISOA) role across NATO, adopting a modern and effective risk management methodology. The Section also offers support to accreditation efforts for NATO CIS at Enterprise level, including the coordination of auditing activities and the provision of cryptographic support.

The incumbent is responsible for keeping track of accreditation backlogging and monitoring the status of unaccredited systems, especially when security accreditation of NATO Communications and Information Systems (CIS) is required. S/he will contribute by coordinating and prioritizing Security Audits (Type 3 and 4) in support of the accreditation process for traditional and cloud based CIS solution – in coordination with Risk Management processes. In addition, s/he will contribute in other related capabilities and services while following the framework dictated by the latest NATO Security Policies related to the protection of NATO information.

The incumbent will deputise for the Head, Security Risk Management Section when required.

2. QUALIFICATIONS AND EXPERIENCE

ESSENTIAL

The incumbent must:

  • possess a university degree from an Institute of a recognised standing, in a cyber-security related discipline;
  • have 3 years of experience in cybersecurity field, preferably in large civilian organization(s);
  • possess a good knowledge and experience of security accreditation processes, on both traditional and cloud based solutions, and the aspects to be addressed during Cybersecurity inspections,
  • possess knowledge and experience planning Security Audits, in support of the NATO Accreditation process;
  • demonstrate experience in the provision of Cybersecurity advice and guidance to communication and information systems (CIS) and cybersecurity related projects;
  • experience leading staff work on large and complex projects and coordinate multiple stakeholders in different and separate locations;
  • have experience in planning, monitoring, implementing Cybersecurity provisions within traditional and cloud based CIS capabilities and services;
  • possess good knowledge pertaining to principles, policies and procedures governing cyber defence;
  • have strong written skills in order to draft clear and concise reports, produce and maintain security and risks logs, as well as databases, in support of security activities;
  • demonstrate strong drive for teamwork and the capacity to manage stress;
  • the flexibility to work outside of normal office hours, during incident management activities, and travel when required; and
  • the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other.

DESIRABLE

The following are considered an advantage:

  • security certifications such as CISSP, CCSP, CISM (or similar certification in Cloud computing);
  • Audit certification, based on international standards (e.g. ISO27001 Lead Auditor)
  • project management certification (e.g. PRINCE 2 and ITIL);
  • experience in NATO’s cybersecurity environment, specifically in the CIS security;
  • knowledge of the NATO organisation, its security policies and supporting directives;
  • experience developing, executing, coordinating and improving accreditation processes for a large organization;
  • knowledge of military CIS infrastructure design, implementation and management.

3. MAIN ACCOUNTABILITIES

Policy Development

Contribute to the development of policies, directives and guidance documents in the OCIO areas of responsibility as per your area of expertise. Provide advice to the Section Head on NATO enterprise security accreditation processes and procedures. Draft working papers and other documents on CISOA issues, as required. Support and contribute to the process of policy changes related to CIS security and its management, in coordination with the SAA and CISP. Assess, verify risks and eventually develop suggestions to improve the standing CIS Security Policies related to the Accreditation, on Enterprise level. Develop high-level strategic documents and advices to improve enterprise security accreditation and support its interoperability within the Alliance’.

Expertise Development

Provide Cybersecurity advice and guidance to CIO, develop assessments and reports over the status of the accreditation of unclassified Enterprise CIS. Develop suggestions and proposals for future improvements in regards of processes and procedures in support of the accreditation of unclassified and classified systems under different Areas of Responsibility (AORs).

Project Management

Support project plans according to the OCIO role(s) in project management processes. Identify key-stakeholders to ensure project continuity. Participate and contribute to project management boards as required. Maintain full understanding of project and program plans, identify and monitor project implementation risks, provide expertise and leadership in the resolution of exceptions and issues.

Planning and Execution

Coordinate security accreditation activities involving traditional and cloud based CIS/solution for classified and unclassified capabilities and services. Coordinate and develop mitigation and remediation actions in coordination with other members of the Risk Management Section in order to assure a coherent approach of the issue. Keep and maintain an acceptable overall security posture

Stakeholder Management

Establish and maintain a network of key experts within the NATO Enterprise, with a specific focus on Enterprise-wide security accreditation. Develop close cooperation with the NATO Operational community pertaining the lifecycle of Enterprise security processes and practices, with a focus on accreditation management.

Financial Management

Provide inputs to the OCIO budget / Programme of Work. Maintain an overview of assigned budgets, their execution and reporting.

Knowledge Management

Draft background briefs, progress reports, presentations, and other items for high-level meetings. Identify relevant incident management capabilities in place within the whole NATO Enterprise, in order to provide support and recommendations for harmonization and coherence. On the basis of briefings, discussions and results of security accreditations, provide advice on evolving security programs in NATO nations, NATO civilian and military bodies, and non-NATO entities. Contributes to the information sharing with the relevant NATO bodies and Boards (e.g. CyOC, CRMG, BCISOA) in support of Situational Awareness.

Perform any other related duty as assigned.

4. INTERRELATIONSHIPS

The incumbent reports to the Head, Security Risks Management Section and deputises for her/him when required. S/he will work in close cooperation with the OCIO members of staff as well with experts of the various NATO Entities.

Direct reports: N/A

Indirect reports: N/A

5. COMPETENCIES

The incumbent must demonstrate:

  • Analytical Thinking: Sees multiple relationships;
  • Flexibility: Adapts to unforeseen situations;
  • Impact and Influence: Takes multiple actions to persuade;
  • Initiative: Is decisive in a time-sensitive situation;
  • Organizational Awareness: Understands organisational climate and culture;
  • Teamwork: Cooperates.
6. CONTRACT
Contract to be offered to the successful applicant (if non-seconded): Definite duration contract of three years; possibility of renewal for up to three years, during which the incumbent may apply for conversion to an indefinite duration contract.
Contract clause applicable:
In accordance with the contract policy, this is a post in which turnover is desirable for political reasons in order to be able to accommodate the Organisation’s need to carry out its tasks as mandated by the Nations in a changing environment, for example by maintaining the flexibility necessary to shape the Organisation’s skills profile, and to ensure appropriate international diversity.
The maximum period of service foreseen in this post is 6 years. The successful applicant will be offered a 3-year definite duration contract, which may be renewed for a further period of up to 3 years. However, according to the procedure described in the contract policy the incumbent may apply for conversion to an indefinite contract during the period of renewal and no later than one year before the end of contract.
If the successful applicant is seconded from the national administration of one of NATO’s member States, a 3-year definite duration contract will be offered, which may be renewed for a further period of up to 3 years subject also to the agreement of the national authority concerned. The maximum period of service in the post as a seconded staff member is six years.
Serving staff will be offered a contract in accordance with the NATO Civilian Personnel Régulations.
7. RECRUITMENT PROCESS
Please note that we can only accept applications from nationals of NATO member countries.
Applications must be submitted using e-recruitment system, as applicable:
  • For NATO civilian staff members only: please apply via the internal recruitment portal ( link );
  • For all other applications: www.nato.int/recruitment

Please note that at the time of the interviews, candidates will be asked to provide evidence of their education and professional experience as relevant for this vacancy.
Appointment will be subject to receipt of a security clearance (provided by the national Authorities of the selected candidate) and approval of the candidate’s medical file by the NATO Medical Adviser.
More information about the recruitment process and conditions of employment, can be found at our website (http://www.nato.int/cps/en/natolive/recruit-hq-e.htm).
8. ADDITIONAL INFORMATION
NATO is committed to diversity and inclusion, and strives to provide equal access to employment, advancement and retention, independent of gender, age, nationality, ethnic origin, religion or belief, cultural background, sexual orientation, and disability. NATO welcomes applications of nationals from all member Nations, and strongly encourages women to apply.
Building Integrity is a key element of NATO’s core tasks. As an employer, NATO values commitment to the principles of integrity, transparency and accountability in accordance with international norms and practices established for the defence and related security sector. Selected candidates are expected to be role models of integrity, and to promote good governance through ongoing efforts in their work.
Due to the broad interest in NATO and the large number of potential candidates, telephone or e-mail enquiries cannot be dealt with.
Applicants who are not successful in this competition may be offered an appointment to another post of a similar nature, albeit at the same or a lower grade, provided they meet the necessary requirements.
The nature of this position may require the staff member at times to be called upon to travel for work and/or to work outside normal office hours.
The organization offers several work-life policies including Teleworking and Flexible Working arrangements (Flexitime) subject to business requirements.
Please note that the International Staff at NATO Headquarters in Brussels, Belgium is a non-smoking environment.
For information about the NATO Single Salary Scale (Grading, Allowances, etc.) please visit our website . Detailed data is available under the Salary and Benefits tab.

If you require alternative methods of application or screening, you must approach NATO - OTAN directly to request this, as we're not responsible for the employer's application process.

RedHired TIP

For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.

By applying to a job using RedHired you are agreeing to comply with and be subject to the RedHired Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.

RedHired

All job types
Contract
Full-time
Part-time
Permanent
Temporary
Other

All locations
Antwerpen
Brabant wallon
Brussels Hoofdstedelijk Gewest
Hainaut
Liège
Limburg
Luxembourg
Namur
Oost-Vlaanderen
Vlaams-Brabant
West-Vlaanderen