2623 Security Accreditation Support

Security Accreditation Support
- Subject Matter Expert
- Cybersecurity risk management

**DUTIES AND TASKS**
The contractor will effectively and efficiently provide, with mínimal supervision, the following services, with a special focus on security accreditation and cybersecurity risk management, and in support of the OCIO role as Enterprise CIS Operational Authority (CISOA) dealing with the Interim authorisation to operate (iATO).
1. Support and oversight the security accreditation of NATO Enterprise CIS by assessing potential cybersecurity risks and monitoring the security accreditation CIS backlog.
Measurement: To the NATO CIO satisfaction with the degree of support on security accreditation of identified NATO CIS and service and the identification, quantification and qualification of possible deficiencies and associated residual risks.
2. Support the management of the iATO process in support of the OCIO role as Enterprise CISOA, in collaboration with the other NATO entities (e.g. SHAPE J6 Cyber and J2X IA, ACT AOS, NCIA ASO, SAAs, NSAB).
Measurement: To the NATO CIO satisfaction with the degree of support in the management of the iATO process, maintaining the records of the published iATOs, as well as ensuring the support for the implementation of the NATO owned and operated Networks Registry (NNR) directive and keep the NNR registry updated.
3. Support the development of presentations and attending any relevant meeting when is requested.
Measurement: To the NATO CIO satisfaction with the degree of support in drafting presentations, any other relevant documentation and attending meetings in support of the Risk management section role.
4. Collect information and metadata related to the network architecture of a specific NATO CIS, to develop its comprehensive, coherent and reliable mapping, fit for the finalities of accreditation activities, as directed by the accreditation stakeholders (Technical and Security Authorities). This might require on-site surveys, analysis and assessments to facilitate data gathering.
Measurement: To the NATO CIO satisfaction with the degree of support on gathering, analyse and aggregate NATO Enterprise technical and business information, as part and in support of security accreditation of identified NATO CIS and service.

**LOCATION OF DUTY**
The work will be executed primarily on site at the NATO HQ offices in Brussels, Belgium.
Due to the nature of the work, mínimal teleworking can be foreseen in Brussels (not abroad).

**SPECIFIC WORKING CONDITIONS**
Secure environment with standard working hours. Occasional non-standard hours may be required in support of the NATO Chief Information Officer urgent tasks.

**TRAVEL**
Frequent travels or short deployments to NATO Command Structure bodies would be required
Travel expenses to be reimbursed by NATO based on the NATO per diem rate, in addition to the hourly rate.

**SECURITY AND NON-DISCLOSURE AGREEMENT**
The contractor must be in possession or capable of possessing a security clearance of NATO SECRET.
A signed Non-Disclosure Agreement will be required.

**REQUIREMENTS**
- The contractor shall have knowledge and multiyear experience in organization, management and support of various (international) operations, activities, units and projects related to defence, security, electronics and communications, in the NATO environments;
- The contractor shall demonstrate a minimum 3 years of experience in Cybersecurity and specifically in CIS Architecture or network Engineering fields;
- The contractor shall have previous experience within NATO and/or Industry CIS Security accreditation methodologies and tools;
- The contractor shall have previous experience within NATO and/or Industry Enterprise cybersecurity Risks assessment and Management methodologies and tools;
- The contractor should have previous experience and a good knowledge of the principles, policy and procedures governing cybersecurity;
- The job requires knowledge of the NATO and Industry risk management frameworks;
- The job requires experience with Risks assessment and Risk Management as applied to CIS Security and Cyber Security Fields;
- The contractor should have experience managing large and complex projects in collaboration with multiple stakeholders in different and separate locations;
- The Contractor shall be able working with limited supervision and the same time reporting any relevant inputs to the team workers and leadership;
- The job requires the ability to draft clear and concise reports and documentation, produce and maintain databases in support of security and accreditation activities;
- The job requires mature judgement and political sensitivity and the ability to instil confidence in his/her direct dealings with senior civilian and military officials;
- The Contractor must have excellent English writing skills and the ability to brief their work in English.