Security Accreditation Support

Spektrum supports apex purchasers (NATO UN EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services specialised aerospace and defence sales delivery and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATOs member countries and its partners. The agency was established in 2012 and is headquartered in Brussels Belgium.

The NCIA provides a wide range of services including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATOs communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATOs military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATOs mission to detect deny and defeat threats to its communication networks.
• Information Management: The NCIA manages NATOs information technology infrastructure including its databases applications and servers.

Overall the NCIA plays a critical role in ensuring the security and effectiveness of NATOs communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATOs principal C3 capability deliverer and CIS service provider. It provides maintains and defends the NATO enterprisewide information technology infrastructure to enable Allies to consult together under Article IV and when required stand together in the face of attack under Article V.

To provide these critical services in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performanceengaged workforce. The NCI Agency workforce strategically consists of three major categorises: NATO International Civilians (NIC)s Military (Mil) and Interim Workforce Consultants (IWC)s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

NATO is undergoing a major adaptation of its overall approach to cybersecurity. As part of its mandate the NATO Chief Information Officer (CIO) is overseeing the coherence of the NATO Enterprise ICT1 capabilities and services and is the single point of authority (SPA) for cybersecurity. The NATO CIO is responsible for developing and implementing a cybersecurity strategy through a comprehensive cyber adaptation exercise. This includes significant interaction with executive stakeholders both military and civilian required to oversee the NATO Enterprise coherence and cybersecurity efforts.

As part of its mandate the NATO Office of the CIO (OCIO) needs to execute and enforce the role of SPA for cybersecurity which includes the assessment of the Enterprise Surface of Attack and the management of eventual cybersecurity risks stemming from NATO CIS and assets.

In the loop of this initiative OCIO has developed a series of Urgent and Critical Requirements (UCRs) to address the most critical and timesensitive issues among which there is the accreditation of different critical CIS.

The project will provide support and expertise for the stakeholders involved in the security accreditation of several different NATO CIS monitoring the security accreditation CIS backlog list and supporting the OCIO in his role of Enterprise CISOA. The desired outcome of the project will be in support of the whole iATO management process and in supporting any relevant security accreditation activity.

Role Duties and Responsibilities

The contractor will effectively and efficiently provide with minimal supervision the following services with a special focus on security accreditation and cybersecurity risk management and in support of the OCIO role as Enterprise CIS Operational Authority (CISOA) dealing with the Interim authorisation to operate (iATO).

Support and oversight the security accreditation of NATO Enterprise CIS by assessing potential cybersecurity risks and monitoring the security accreditation CIS backlog.

• Measurement: To the NATO CIO satisfaction with the degree of support on security accreditation of identified NATO CIS and service and the identification quantification and qualification of possible deficiencies and associated residual risks.

Support the management of the iATO process in support of the OCIO role as Enterprise CISOA in collaboration with the other NATO entities (e.g. SHAPE J6 Cyber and J2X IA ACT AOS NCIA ASO SAAs NSAB).

• Measurement: To the NATO CIO satisfaction with the degree of support in the management of the iATO process maintaining the records of the published iATOs as well as ensuring the support for the implementation of the NATO owned and operated Networks Registry (NNR) directive and keep the NNR registry updated.

Support the development of presentations and attending any relevant meeting when is requested.

• Measurement: To the NATO CIO satisfaction with the degree of support in drafting presentations any other relevant documentation and attending meetings in support of the Risk management section role.

Collect information and metadata related to the network architecture of a specific NATO CIS to develop its comprehensive coherent and reliable mapping fit for the finalities of accreditation activities as directed by the accreditation stakeholders (Technical and Security Authorities). This might require onsite surveys analysis and assessments to facilitate data gathering.

• Measurement: To the NATO CIO satisfaction with the degree of support on gathering analyse and aggregate NATO Enterprise technical and business information as part and in support of security accreditation of identified NATO CIS and service.

Essential Skills and Experience

The contractor shall have knowledge and multiyear experience in organization management and support of various (international) operations activities units and projects related to defence security electronics and communications in the NATO environments;

• They shall demonstrate a minimum 3 years of experience in Cybersecurity and specifically in CIS Architecture or network Engineering fields;
• They shall have previous experience within NATO and/or Industry CIS Security accreditation methodologies and tools;
• They shall have previous experience within NATO and/or Industry Enterprise cybersecurity Risks assessment and Management methodologies and tools;
• They should have previous experience and a good knowledge of the principles policy and procedures governing cybersecurity;
• The job requires knowledge of the NATO and Industry risk management frameworks;
• The job requires experience with Risks assessment and Risk Management as applied to CIS Security and Cyber Security Fields;
• They should have experience managing large and complex projects in collaboration with multiple stakeholders in different and separate locations;
• They shall be able working with limited supervision and the same time reporting any relevant inputs to the team workers and leadership;
• The job requires the ability to draft clear and concise reports and documentation produce and maintain databases in support of security and accreditation activities;
• The job requires mature judgement and political sensitivity and the ability to instil confidence in his/her direct dealings with senior civilian and military officials;

Language Proficiency

• Business English

Working Location

• Brussels Belgium

Working Policy

• OnSite

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance