OCIO-0054 Security Accreditation Support NS - TUE 18 Mar

Deadline Date: Tuesday 18 March 2025

Requirement: Security Accreditation Support

Location: Brussels BE

Full Time OnSite: Yes

Time OnSite: 100

Total Scope of the request (hours): 1368

Required Start Date: No Later Than 28 April 2025

End Contract Date: 31 December 2025

Required Security Clearance: NATO SECRET

Special Terms and Conditions: The contractor will be responsible for complying with the respective national requirements for working permits visas taxes social security etc. whilst working on site at NATO HQ Brussels Belgium. No special status is either conferred or implied by the host organisation NATO HQ Brussels Belgium to the contractor whilst working on site. The contractor will be responsible for complying with all the respective National Health COVID19 regulations in Belgium before taking up the position.

1. INTRODUCTION

NATO is undergoing a major adaptation of its overall approach to cybersecurity. As part of its mandate the NATO Chief Information Officer (CIO) is overseeing the coherence of the NATO Enterprise ICT (Information Communication Technology) capabilities and services and is the single point of authority (SPA) for cybersecurity. The NATO CIO is responsible for developing and implementing a cybersecurity strategy through a comprehensive cyber adaptation exercise. This includes significant interaction with executive stakeholders both military and civilian required to oversee the NATO Enterprise coherence and cybersecurity efforts.

As part of its mandate the NATO Office of the CIO (OCIO) needs to execute and enforce the role of SPA for cybersecurity which includes the assessment of the Enterprise Surface of Attack and the management of eventual cybersecurity risks stemming from NATO CIS and assets.

In the loop of this initiative OCIO has developed a series of Urgent and Critical Requirements (UCRs) to address the most critical and timesensitive issues among which there is the accreditation of different critical CIS.

The project will provide support and expertise for the stakeholders involved in the security accreditation of several different NATO CIS monitoring the security accreditation CIS backlog list and supporting the OCIO in his role of Enterprise CISOA. The desired outcome of the project will be in support of the whole iATO management process and in supporting any relevant security accreditation activity.

2. TASKS

The contractor will effectively and efficiently provide with minimal supervision the following services with a special focus on security accreditation and cybersecurity risk management and in support of the OCIO role as Enterprise CIS Operational Authority (CISOA) dealing with the Interim authorisation to operate (iATO).

2.1 Support and oversight the security accreditation of NATO Enterprise CIS by assessing potential cybersecurity risks and monitoring the security accreditation CIS backlog.

Measurement: To the NATO CIO satisfaction with the degree of support on security accreditation of identified NATO CIS and service and the identification quantification and qualification of possible deficiencies and associated residual risks.

2.2 Support the management of the iATO process in support of the OCIO role as Enterprise CISOA in collaboration with the other NATO entities (e.g. SHAPE J6 Cyber and J2X IA ACT AOS NCIA ASO SAAs NSAB).

Measurement: To the NATO CIO satisfaction with the degree of support in the management of the iATO process maintaining the records of the published iATOs as well as ensuring the support for the implementation of the NATO owned and operated Networks Registry (NNR) directive and keep the NNR registry updated.

2.3 Support the development of presentations and attending any relevant meeting when is requested.

Measurement: To the NATO CIO satisfaction with the degree of support in drafting presentations any other relevant documentation and attending meetings in support of the Risk management section role.

2.4. Collect information and metadata related to the network architecture of a specific NATO CIS to develop its comprehensive coherent and reliable mapping fit for the finalities of accreditation activities as directed by the accreditation stakeholders (Technical and Security Authorities). This might require onsite surveys analysis and assessments to facilitate data gathering.

Measurement: To the NATO CIO satisfaction with the degree of support on gathering analyse and aggregate NATO Enterprise technical and business information as part and in support of security accreditation of identified NATO CIS and service.

3. PROFILE

See Requirements

4. LOCATION OF DUTY

The work will be executed primarily on site at the NATO HQ offices in Brussels Belgium.

Due to the nature of the work minimal teleworking can be foreseen in Brussels (not abroad).

5. TIMELINES

The services of the contractor are required for the period starting 28th April 2025 until 31th December 2025.

Future contract extensions are subject to performance of the contractor and related NATO regulations.

6. SPECIFIC WORKING CONDITIONS

Secure environment with standard working hours. Occasional nonstandard hours may be required in support of the NATO Chief Information Officer urgent tasks.

7. TRAVEL

Frequent travels or short deployments to NATO Command Structure bodies would be required

Travel expenses to be reimbursed by NATO based on the NATO per diem rate in addition to the hourly rate.

8. SECURITY AND NONDISCLOSURE AGREEMENT

The contractor must be in possession or capable of possessing a security clearance of NATO SECRET.

A signed NonDisclosure Agreement will be required.

3. PROFILE

• The contractor shall have knowledge and multiyear experience in organization management and support of various (international) operations activities units and projects related to defence security electronics and communications in the NATO environments;
• The contractor shall demonstrate a minimum 3 years of experience in Cybersecurity and specifically in CIS Architecture or network Engineering fields;
• The contractor shall have previous experience within NATO and/or Industry CIS Security accreditation methodologies and tools;
• The contractor shall have previous experience within NATO and/or Industry Enterprise cybersecurity Risks assessment and Management methodologies and tools;
• The contractor should have previous experience and a good knowledge of the principles policy and procedures governing cybersecurity;
• The job requires knowledge of the NATO and Industry risk management frameworks;
• The job requires experience with Risks assessment and Risk Management as applied to CIS Security and Cyber Security Fields;
• The contractor should have experience managing large and complex projects in collaboration with multiple stakeholders in different and separate locations;
• The Contractor shall be able working with limited supervision and the same time reporting any relevant inputs to the team workers and leadership;
• The job requires the ability to draft clear and concise reports and documentation produce and maintain databases in support of security and accreditation activities;
• The job requires mature judgement and political sensitivity and the ability to instil confidence in his/her direct dealings with senior civilian and military officials;
• The Contractor must have excellent English writing skills and the ability to brief their work in English.

8. SECURITY AND NONDISCLOSURE AGREEMENT

• The contractor must be in possession or capable of possessing a security clearance of NATO SECRET.

Required Experience:

Chief