Deadline Date: Friday 29 November 2024
Requirement: Provision of CIS Security Officer (Security Compliance and Audits)
Location: Brussels, BELGIUM
Full-Time On-Site: Yes
Time On-Site: 100%
Not to Exceed: 2025 BASE: NTE/ sprint 3,060 EUR (46 sprints, total NTE 140,760 EUR)
Number of sprints is calculated considering a starting date 02 JAN 2025. This will be adjusted based on actual starting date.
2026 and 2027 Options: Up to a maximum of 46 sprints per year (price per sprint will be determined by applying the price adjustment).
Period of Performance: 2025 BASE: As soon as possible not later than 6th January 2025 (tentative) – 31st December 2025 with possibility to the following options:
• 2026 Option: 1st January 2026 until 31st December 2026
• 2027 Option: 1st January 2027 until 31st December 2027
Required Security Clearance: NATO Secret
Introduction:
NCIA – Coherence Branch
Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.
The Coherence (COH) supports the Agency’s Demand Management (DM) organization, and is responsible for liaison with all customers in the CSU’s AoR and supports the Commander CSU in the role as NCIA representative and provides a single entry point for customers. Service Management Branch (SMB) contributes and/or conducts monitoring and measurement of customer satisfaction. SMB supports the management of all agreements concerning Service Provision, Operations and Exercises within the CSU AoR. SMB supports Service Lines in the implementation and improvement of service management processes.
NCIA – Service Design and CIS Security
Service Design and CIS Security (SDCS) team consists of subject matter experts mainly providing security compliance, risk assessment, risk management and security architecture services.
The service under this SOW have to be delivered by a resource with qualifications and experience as CIS Security Officer (Security Compliance and Audits). The resource will provide services related to main activities as described in Scope of Work section below, under the direction of the Head, Service Design and CIS Security (SDCS) team.
Objective:
The main objectives of this statement of work can be summarized as follow:
* Organize, coordinate and perform CIS security compliance and verification activities;
* Support CIS security accreditation activities and remediation tasks;
* Support and participate high-level, multi-stakeholder CIS security related meetings and forums.
Scope of Work:
Under the direction / guidance of the CIS Security Manager, the services provided will be supporting the following activities:
* CIS Security Services
o Coordinate system vulnerability assessments to identify weaknesses in security posture.
o Analyse Cyber Security Hygiene Indicators report and prioritize remediation activities.
o Ensure proper security testing protocols are in place before any system upgrades or changes.
o Maintain documentation and evidence for all security tests performed on NATO HQ CIS.
o Collaborate with stakeholders to define security accreditation requirements.
o Review and update accreditation documentation for compliance with NATO policies and directives.
o Coordinate and plan security audits to ensure systems adhere to NATO security accreditation standards.
o Prepare audit reports with detailed findings and corrective action recommendations.
o Oversee follow-up actions post-audit to ensure implementation of security improvements.
o Track remediation progress for security vulnerabilities discovered during audits.
o Perform post-accreditation monitoring to ensure continued compliance.
o Review security incident reports and incorporate findings into future audit cycles.
o Provide expertise in the design and analysis of CIS architectures, equipment, and system technical specifications, including security-related requirements.
o Engage with relevant NATO HQ bodies, NCIA bodies, and others on network and application system issues affecting CIS operation and maintenance, including staging, pre-production, and production environments.
o Coordinate and support the design, planning, and testing of network infrastructures and related applications and data, including security aspects.
o Coordinate discussions and the elaboration of technical and security details for required solutions, in close coordination with Subject Matter Experts (SMEs).
o Prepare written technical documentation throughout the planning and implementation of CIS initiatives.
o Work in close coordination with the NHQ CIS Security Officer(s) in NATO Office of Security,
o Represent the Service Design & CIS Security (SDCS) Team in appropriate meetings and working groups.
o Report to the Service Design & CIS Security (SDCS) Team Head.
o Perform any other duties as required.
* Continuous Improvement:
o Identify areas for improvement in documentation and processes.
o Proactively identify potential vulnerabilities and coordinate preventive measures.
o Contribute to the knowledge base for SDCS team.
o Ensure information is accurate and up-to-date.
* Collaboration with IT Teams:
o Work closely with other CSU Brussels IT teams and other NHQ/NCIA/Enterprise stakeholders to ensure CIS security compliance,
o Collaborate on projects and initiatives,
o Participate in CIS forums and discussions.
o It is expected that ONE resource is providing the above services.
o The contractor will provide the service on-site and there is a possibility to work 1 day per week teleworking from Belgium, providing services during NATO HQ working hours.
o The measurement of execution for this service is sprints, with each sprint planned for a duration of 1 week.
o The content and scope of each sprint will be agreed in writing, during the sprint-planning meeting, based on the activities mentioned above.
Coordination and Reporting:
The contractor shall participate in weekly status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Team Leaders instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.
Schedule:
This task order will be active immediately after signing of the contract by both parties
It is expected the service starts as soon as possible but no later than 06th January 2025 and ending no later than 31st December 2025.
If the 2026 option is exercised, the period of performance is 01st January 2026 to 31st December 2026
If the 2027 option is exercised, the period of performance is 01st January 2027 to 31st December 2027
Constraints:
All the deliverables provided under this statement of work will be based on NCIA templates or agreed with the project point of contact.
Security:
The services provided by the proposed resource require a valid NATO SECRET security clearance.
Practical Arrangements:
The contractor will be required to provide the service primarily on-site at NATO Head Quarter – Brussels – Belgium as part of this engagement. There is a possibility to work 1 day per week teleworking from Belgium.
Services under this SOW must be accomplished by ONE contractor.
The resource providing services under this SOW will be part of the NCIA Service Delivery and CIS Security (SD&CS) team.
No travel is expected. However, if required during the execution of this contract, travel costs are out of scope and will be borne by the NCI Agency separately in accordance to the provisions of the AAS+ Framework Contract.
Requirements:
Security:
* The services provided by the proposed resource require a valid NATO SECRET security clearance.
Qualifications:
The consultancy support for this service requires a CIS Security Officer (Security Compliance and Audits) with the following qualifications:
Essential qualifications
* University Degree and 3 years function related experience or Higher Secondary Education and completed advanced vocational training leading to a professional qualification or professional accreditation with 4 years post related experience.
* Experience and knowledge in cyber security compliance testing and audits.
* Experience in vulnerability management, vulnerability assessments tools, cyber security hygiene and cyber security compliance frameworks.
* General experience in all lifecycle aspects of Communication Information Systems (CIS) aimed at achieving effective system development and deployment. Sound technical knowledge on wide area networks and local area networks.
* Proficiency in managing and coordinating, demonstrating skills in team building and guidance.
* Experience in the development and use of Information Technologies (e.g. servers, switches, web technologies, encryption equipment, etc.). This must include the range of activities involved in planning, organizing, coordinating, and assessing the CIS related activities to accomplish assigned functions and tasks.
* Detailed knowledge of CIS architectural design as applied to computer systems.
* Experience in developing technical policy level documents; in CIS and in services management.
* Experience in implementing CIS security criteria and associated applications, assessing the effectiveness of security software, resolving problems.
Desirable qualifications:
* Previous work experience in international organizations, such as NATO, or specialized Defence Industry,
* Knowledge of NATO CIS Security Policy, Directive and Guidance,
* ITIL Certification,
* Project Management certification.