CIS Security Officer

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.
  
  

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO's principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

NCIA – Coherence Branch

Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.

The Coherence (COH) supports the Agency's Demand Management (DM) organization, and is responsible for liaison with all customers in the CSU's AoR and supports the Commander CSU in the role as NCIA representative and provides a single entry point for customers. Service Management Branch (SMB) contributes and/or conducts monitoring and measurement of customer satisfaction. SMB supports the management of all agreements concerning Service Provision, Operations and Exercises within the CSU AoR. SMB supports Service Lines in the implementation and improvement of service management processes.

NCIA – Service Design and CIS Security Service Design and CIS Security (SDCS) team consists of subject matter experts mainly providing security compliance, risk assessment, risk management and security architecture services.

The service under this SOW have to be delivered by a resource with qualifications and experience as CIS Security Officer (Security Compliance and Audits). The resource will provide services related to main activities as described in Scope of Work section below, under the direction of the Head, Service Design and CIS Security (SDCS) team.

Role Duties and Responsibilities

The main objectives of this statement of work can be summarized as follow:

• Organize, coordinate and perform CIS security compliance and verification activities;
• Support CIS security accreditation activities and remediation tasks;
• Support and participate high-level, multi-stakeholder CIS security related meetings and forums.
  
  

CIS Security Services

• Coordinate system vulnerability assessments to identify weaknesses in security posture.
• Analyse Cyber Security Hygiene Indicators report and prioritize remediation activities.
• Ensure proper security testing protocols are in place before any system upgrades or changes.
• Maintain documentation and evidence for all security tests performed on NATO HQ CIS.
• Collaborate with stakeholders to define security accreditation requirements.
• Review and update accreditation documentation for compliance with NATO policies and directives.
• Coordinate and plan security audits to ensure systems adhere to NATO security accreditation standards.
• Prepare audit reports with detailed findings and corrective action recommendations.
• Oversee follow-up actions post-audit to ensure implementation of security improvements.
• Track remediation progress for security vulnerabilities discovered during audits.
• Perform post-accreditation monitoring to ensure continued compliance.
• Review security incident reports and incorporate findings into future audit cycles.
• Provide expertise in the design and analysis of CIS architectures, equipment, and system technical specifications, including security-related requirements.
• Engage with relevant NATO HQ bodies, NCIA bodies, and others on network and application system issues affecting CIS operation and maintenance, including staging, pre-production, and production environments.
• Coordinate and support the design, planning, and testing of network infrastructures and related applications and data, including security aspects.
• Coordinate discussions and the elaboration of technical and security details for required solutions, in close coordination with Subject Matter Experts (SMEs).
• Prepare written technical documentation throughout the planning and implementation of CIS initiatives.
• Work in close coordination with the NHQ CIS Security Officer(s) in NATO Office of Security,
• Represent the Service Design & CIS Security (SDCS) Team in appropriate meetings and working groups.
• Report to the Service Design & CIS Security (SDCS) Team Head.
• Perform any other duties as required.
  
  

Continuous Improvement:

• Identify areas for improvement in documentation and processes.
• Proactively identify potential vulnerabilities and coordinate preventive measures.
• Contribute to the knowledge base for SDCS team.
• Ensure information is accurate and up-to-date.
  
  

Collaboration with IT Teams:

• Work closely with other CSU Brussels IT teams and other NHQ/NCIA/Enterprise stakeholders to ensure CIS security compliance,
• Collaborate on projects and initiatives,
• Participate in CIS forums and discussions.
  
  

Essential Skills and Experience

• Experience and knowledge in cyber security compliance testing and audits.
• Experience in vulnerability management, vulnerability assessments tools, cyber security hygiene and cyber security compliance frameworks.
• General experience in all lifecycle aspects of Communication Information Systems (CIS) aimed at achieving effective system development and deployment. Sound technical knowledge on wide area networks and local area networks.
• Proficiency in managing and coordinating, demonstrating skills in team building and guidance.
• Experience in the development and use of Information Technologies (e.g. servers, switches, web technologies, encryption equipment, etc.). This must include the range of activities involved in planning, organizing, coordinating, and assessing the CIS related activities to accomplish assigned functions and tasks.
• Detailed knowledge of CIS architectural design as applied to computer systems.
• Experience in developing technical policy level documents; in CIS and in services management.
• Experience in implementing CIS security criteria and associated applications, assessing the effectiveness of security software, resolving problems.
  
  

Desirable Skills and Experience

• Previous work experience in international organizations, such as NATO, or specialized Defence Industry,
• Knowledge of NATO CIS Security Policy, Directive and Guidance,
• ITIL Certification,
• Project Management certification.
  
  

Education

• University Degree and 3 years function related experience or Higher Secondary Education and completed advanced vocational training leading to a professional qualification or professional accreditation with 4 years post related experience.
  
  

Working Location

• Brussels, Belgium
  
  

Working Policy

• Hybrid (There is a possibility to work 1 day per week teleworking from Belgium)
  
  

Travel

• Some travel to other NATO sites may be required
  
  

Security Clearance

• Valid National or NATO Secret personal security clearance
  
  

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.