Enterprise Security Architect

Spektrum supports apex purchasers (NATO UN EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services specialised aerospace and defence sales delivery and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATOs member countries and its partners. The agency was established in 2012 and is headquartered in Brussels Belgium.

The NCIA provides a wide range of services including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATOs communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATOs military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATOs mission to detect deny and defeat threats to its communication networks.
• Information Management: The NCIA manages NATOs information technology infrastructure including its databases applications and servers.

Overall the NCIA plays a critical role in ensuring the security and effectiveness of NATOs communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATOs principal C3 capability deliverer and CIS service provider. It provides maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV and when required stand together in the face of attack under Article V.

To provide these critical services in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorises: NATO International Civilians (NIC)s Military (Mil) and Interim Workforce Consultants (IWC)s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID OCIO-0061

Role Background

The NATO Chief Information Officer (CIO) ensures ICT coherence across NATOs 50 civil and military bodies serving over 25000 users. Reporting to the Secretary General the CIO oversees Enterprise directives and advises on IT acquisition and services.

In 2025 the OCIO is prioritizing de-risking activities to enable NR and NS accreditation of cloud-based CIS across the NATO Enterprise. This is a critical step in ensuring that NATO can securely adopt cloud technologies while maintaining the confidentialityintegrity and availability of classified information.

To achieve this the OCIO is seeking expert support to assess the feasibility of accrediting NR and NS cloud-based CIS. This includes identifying policy gaps technical challenges and the necessary mitigation measures to align cloud architectures with NATOs stringent accreditation requirements.

In addition the OCIO is seeking expert support to develop a future-proof IAM strategy that will serve the NATO Enterprise mission operational and security requirements.

These efforts will inform policy evolution and drive coherence across the NATO Enterprise both in accreditation and Enterprise IAM strategy. They also support key initiatives such as Digital Transformation and Cloud Adoption ensuring that NATO can leverage secure and scalable cloud capabilities for operational and strategic advantage.

Role Duties and Responsibilities

NR Accreditation Support

• Support the execution and delivery of the NR Accreditation Task Force
• Support the documentation and clarification of policy gaps and issues with regards to the accreditation of cloud-based CIS up to NR.
• Gather assess and provide technical documentation that can be used to support the accreditation of public cloud-based CIS up to NR including technical documentation reference architectures list of security enforcing services in public cloud infrastructure.

Deliverables:

• Meeting minutes of periodic ad-hoc and stakeholder meetings.
• Define and document list of security enforcing services in public cloud CIS aligned and mapped on the requirements of AC322- D(2021)0032-REV1 and other relevant security policies.
• CIS reference architectures consisting of appropriate security measures controls and/or mechanisms for an up to NR cloud-based environment.

NS Accreditation Support

• Support the documentation and clarification of policy gaps and issues with regards to the accreditation of cloud-based CIS up to NS.
• Gather assess and provide technical documentation that can be used to support the
• accreditation of air-gapped private cloud-based CIS up to NS including technical documentation reference architectures list of security enforcing services mapped onto policy requirements.
• Provide expert input and strategic outlook on the feasibility of executing highly classified workloads up to NS in the public cloud. Identify challenges policy gaps and mitigations.

Deliverables

• Meeting minutes of periodic ad-hoc and stakeholder meetings.
• Gap-analysis identification and mapping of appropriate security measures controls and/or mechanisms for an up to NS cloud-based CIS architecture.
• Recommendations and CIS architectural guidance for implementing the necessary measures controls and mechanisms identified as missing in a gap analysis to achieve up to NS accreditation.

Enterprise IAM Strategy

• Support drafting a high-level IAM strategy that aligns with NATO Enterprises mission security posture and operational needs.
• Ensure the IAM strategy fully aligns with NATOs Zero Trust policy and requirements addressing identity-centric security controls.
• Conduct an assessment of existing IAM technologies within NATO to identify gaps redundancies and integration challenges.
• Support development of a high-level roadmap towards a future state IAM system with phased recommendations ensuring a structured approach to adoption.

Deliverables

• Meeting minutes of periodic ad-hoc and stakeholder meetings.
• A high-level strategy outlining NATO Enterprise IAM vision objectives and key principles. Alignment with Zero Trust principles security policies and interoperability requirements. Definition of governance models roles and responsibilities. Identification and documentation of Enterprise IAM requirements mapped on high-level architecture.
• Stakeholder engagement report including a summary of interviews and workshops with NATO Enterprise stakeholders.

Essential Skills and Experience

• Demonstrated relevant experience (5 years) in the area of cyber security and
• defense more specifically on identity and access management accreditation
• processes and security audit/compliance.
• Demonstrated relevant experience in NATO defense or government projects in the area of cloud computing and cyber.
• Proven experience in designing assessing and implementing cloud security
• architectures in large international organisations.
• Experience with commercial cloud provider platforms.
• Knowledge of relevant NATO security requirements and policies.
• Prior experience of working in an environment comprising both military and civilian elements.

Language Proficiency

• A thorough knowledge of one of the two NATO languages both written and spokenis essential and some knowledge of the other is desirable. (Note: Most of the work of the OCIO-NATO HQ is conducted in the English language)

Working Location

• Brussels Belgium

Working Policy

• On-Site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance