Cybersecurity Change Management Specialist

Spektrum supports apex purchasers (NATO UN EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services specialised aerospace and defence sales delivery and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATOs member countries and its partners. The agency was established in 2012 and is headquartered in Brussels Belgium.

The NCIA provides a wide range of services including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATOs communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATOs military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATOs mission to detect deny and defeat threats to its communication networks.
• Information Management: The NCIA manages NATOs information technology infrastructure including its databases applications and servers.

Overall the NCIA plays a critical role in ensuring the security and effectiveness of NATOs communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATOs principal C3 capability deliverer and CIS service provider. It provides maintains and defends the NATO enterprisewide information technology infrastructure to enable Allies to consult together under Article IV and when required stand together in the face of attack under Article V.

To provide these critical services in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performanceengaged workforce. The NCI Agency workforce strategically consists of three major categorises: NATO International Civilians (NIC)s Military (Mil) and Interim Workforce Consultants (IWC)s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSCs role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM) the centre executes a portfolio of programmes and projects around 219 MEUR euros per year in order to uplift and enhance critical cyber security services. Mission

The NCSC Service Delivery Support Section (SDSS) is dedicated to centralizing the coordination of cyber security services delivery in a matrix organizational environment. Our mission is to orchestrate the entire service lifecycle ensuring that services align to and follow enterprise strategy policy and directives established by the NCI Agency management Chief Operating Officer Chief Service Operations Chief Technology Officer Finance and Acquisition departments. We work closely with Service Area Owners and Service Delivery Managers to enable standardized and effective service delivery. In order to execute this work the NCI Agency requires support with the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security and cyber defence. This Statement of Work (SoW) specifies the required skillset and experience.

Our vision at the NCSC Service Delivery Support Section (SDSS) is to become the central coordination point for cyber security service delivery enabling seamless and transparent endtoend delivery of services to our customers. We will achieve this by operating in and leading three core areas that are detrimental for quality service delivery: Service Design Service Transition and Service Operations. These areas leads will guide the Service Area Owners and Service Delivery Managers provide advice and adhoc support with their challenges in Service Management. SDSS will also act a single source of truth in Service Delivery metrics and quality and will provide centralized and coordinated responses to enterpriselevel inquiries and reporting requirements.

Role Duties and Responsibilities

Daily Service Requests review

The purpose of daily service requests review is to monitor all incoming Change Requests as well as Service Requests that do not meet the criteria of the preapproved Standard Changes and redirect them through the Change Management process. The personnel will:

• Support the team by routinely reviewing the tickets queue to ensure 4 hours response time
• Multichannel support (phone email internal chat) for change reporting
• Develop and maintain a change and configuration management dashboard to reflect uptodate change status at all times
• Provide regular reporting on change and configuration management performance
• Escalate critical requests to appropriate channels within 4 hours

Technical Review Board

The personnel will: Provide meeting minutes

• The primary purpose of TRBs is to ensure that all Change Requests are properly prepared (investigated evaluated and risk assessed) for consideration by the DCAB based on input from all stakeholders who have a vested interest in the Change Requests. Change Manager is expected to lead the meetings and should have sufficient knowledge in Hardware Systems Networks and Cyber Security Tools.

Release and Governance Board

The personnel will:

Provide meeting minutes

• The primary purpose RGBs is to control the Release and Deployment of all CRs approved by the DCAB. The RGB maintains the scheduling for deployment cutover and testing of the CRs to ensure the correct implementation of the changes and verify that implementation has not caused any regression of other services and report them to the DCAB. Should RGB would not be required or applicable for the week TRB may replace the activity.

Domain Change Advisory Board

The personnel will:

• Provide meeting minutes of analysis of change request monitoring and analysis of events across the Clients networks Internal Change Advisory Board that is chaired by Infrastructure Branch Head to make an informed decision on the Change Manager outputs (assessment compliance risk recommendation).

Adhoc SME support sessions

The personnel will:

• Attend the meeting with various stakeholders and senior decisionsmaking staff
• Create reports that will include the elements in the table below:

Half a day open door session (remotely) where consultancy and advise are provided to interested stakeholders:

• CR processes and governance in general;
• CR updates;
• CR informal planning;
• Other Business.

Configuration Management Database updates

The personnel will:

• Maintain and update over 5000 records Configuration Items DB
• Address adhoc requirements for CI inquiries
• Maintain CMDB access and dashboard in PowerBI

Enterprise Change Management Board

The personnel will:

• Provide meeting minutes and reports

Internal Reporting

The personnel will:

• Provide reporting to NCSC Service Transition Area Lead who is reporting to Service Delivery Support Section Head.
• Create regular reports on change management activities including successes and areas for improvement

Essential Skills and Experience

• Previous experience in Sr. Change Manager position
• Experience in Cyber Security domain (SIEM Computer Forensics Vulnerability Assessment Network intrusion prevention Full packet capture Public Key Infrastructure Crypto)
• Proven experience in developing and implementing ITIL v3/v4 service management processes and procedures.
• A solid understanding of change management methodologies tools and techniques and how to apply them effectively.
• Experience working within a matrix management environment.
• Experience of managing change across a global organization.
• Five or more years of relevant change and configuration management experience at management level.
• Five or more years of experience supporting business process/systems changes.
• Advanced level working knowledge of Network design (IP addressing Routing/Switching high availability).
• Advanced level of working knowledge of System design (Virtualization Operating Systems Backup and recovery).

Personal qualities required

• Strong stakeholder management skills can demonstrate evidence of developing and maintaining strong and effective relationships with internal stakeholders at all levels in an organization.
• Flexible and adaptable; able to work in ambiguous situations.
• Excellent coaching skills.
• Excellent communication skills both written and verbal.

Minimum qualifications required

• Official Project Management certification (Prince2 PMP PMBOK)
• Official Network Management certification (CCNA Network)
• Official Service Management certification (ITIL Foundation ITIL Transition)
• Information Security or Service Management awareness (ISO 27001/ISO 20000

Working Location

• Mons Belgium

Working Policy

• OnSite

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance