Cybersecurity Risk & Compliance Engineer

Spektrum supports apex purchasers (NATO UN EU and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services specialised aerospace and defence sales delivery and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATOs member countries and its partners. The agency was established in 2012 and is headquartered in Brussels Belgium.

The NCIA provides a wide range of services including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATOs communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATOs military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATOs mission to detect deny and defeat threats to its communication networks.
• Information Management: The NCIA manages NATOs information technology infrastructure including its databases applications and servers.

Overall the NCIA plays a critical role in ensuring the security and effectiveness of NATOs communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATOs principal C3 capability deliverer and CIS service provider. It provides maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV and when required stand together in the face of attack under Article V.

To provide these critical services in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorises: NATO International Civilians (NIC)s Military (Mil) and Interim Workforce Consultants (IWC)s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID 2025-0235

Role Background

NCIA requires the provision of CIS Security Accreditation Engineer services for all the activities as defined in the following sections. For the 2025 Base Services activities will be conducted within and in support of an ongoing NHQ Accreditation project.

NCIA Coherence Branch

Within the Agency CIS Support Unit (CSU) Brussels provides consistent reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS) through his/her delegated representatives ICTM/EXCO IMS who act in the role of Intelligent Customer.

The Coherence (COH) supports the Agencys Demand Management (DM) organization and is responsible for liaison with all customers in the CSUs AoR and supports the Commander CSU in the role as NCIA representative and provides a single entry point for customers. Service Management Branch (SMB) contributes and/or conducts monitoring and measurement of customer satisfaction. SMB supports the management of all agreements

concerning Service Provision Operations and Exercises within the CSU AoR. SMB supports Service Lines in the implementation and improvement of service management processes.

NCIA Service Design and CIS Security

Service Design and CIS Security (SDCS) team consists of subject matter experts mainly providing security compliance risk assessment risk management and security architecture services.

Role Duties and Responsibilities

CIS Security Services

• Collaborate with internal and external auditors to understand security audit results and identify critical vulnerabilities.
• Develop comprehensive remediation strategies including timelines resource allocation and responsible parties.
• Prioritize remediation efforts based on risk assessments and business impact.
• Coordinate with IT security and business units to ensure alignment and efficient execution of remediation activities.
• Monitor the status of remediation efforts providing regular updates to senior management and stakeholders.
• Ensure that remediation activities are completed within the established timelines and meet quality standards.
• Maintain detailed records of remediation activities and outcomes.
• Ensure that all remediation activities align with relevant security frameworks and regulatory requirements.
• Support the development and implementation of IT risk management strategies.
• Review and evaluate organizations CIS security policies and procedures to ensure they align with organizational goals and compliance requirements.

Continuous Improvement:

• Identify areas for improvement in documentation and processes.
• Proactively identify potential vulnerabilities and coordinate preventive measures.
• Contribute to the knowledge base for SDCS team.
• Ensure information is accurate and up-to-date.

Collaboration with IT Teams:

• Work closely with other CSU Brussels IT teams and other NHQ/NCIA/Enterprise stakeholders to ensure CIS security compliance
• Collaborate on projects and initiatives
• Participate in CIS forums and discussions.

Essential Skills Experience and Certifications

• Bachelors or Masters Degree in Cybersecurity Information Technology Computer Science Risk Management or a related field.
• Minimum of 5 years of experience in information security risk management or IT audit roles.
• Experience and knowledge in cyber security frameworks.
• Experience and knowledge in cybersecurity audit reports analysis.
• In-depth understanding of cybersecurity technologies and tools.
• Strong ability to communicate complex security issues to both technical and non-technical audiences.
• Proficiency in managing and coordinating demonstrating skills in team building and guidance.
• Preparing and delivering presentations to stakeholders in different forums.
• Ability to engage with technical teams comprehend challenges and provide informed guidance.
• Skilled in planning executing and overseeing technical CIS activities.
• Experience and knowledge in level of effort estimation to remediate the findings of an audit.
• Experience and knowledge in coordinating remediation and/or mitigation activities.
• Experience and knowledge on drafting remediation plans and maintaining them.
• Strong analytical skills to assess technical issues identify root causes and implement effective solutions.
• General experience on complex enterprise networks with multiple stakeholders and a diverse user community.
• General experience in all lifecycle aspects of Communication Information Systems (CIS) aimed at achieving effective system development and deployment.
• Sound technical knowledge on wide area networks and local area networks.
• Experience in developing technical policy level documents; in CIS and in services management.

Desirable Skills Experience and Certifications

• Previous work experience in international organizations such as NATO or specialized Defence Industry
• Knowledge of NATO CIS Security Policy Directive and Guidance Knowledge of NATO CIS Security Accreditation Process
• ITIL Certification
• Project Management certification.

Working Location

• Brussels Belgium

Working Policy

• Hybrid (There is a possibility to work 1 day per week teleworking from Belgium.)

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance