Job Description
EXPERIENCE AND EDUCATION:
Essential Qualifications/Experience:
· Knowledge and multiyear experience in organisation, management and support of various (international) operations, activities, units and projects related to Defence, security, electronics and communications, in the National or NATO environments
· Good knowledge of the cybersecurity audit and compliance concepts, process and activities
· Good knowledge of the principles, policy and procedures governing cybersecurity, preferably in military and/or defence organizations
Desirable Qualifications/Experience:
· Previous experience with NATO cybersecurity audits, remediation plans and analysis of different cybersecurity audits’ reports
· Previous experience with the NATO cybersecurity and cyber risk-management environments, preferably with a degree of experience in operational activities
· Previous NATO experience in one or more cybersecurity fields, cyber defence, cyberspace operations, risk and incident management
DUTIES/ROLE:
· Support the daily risk-management activities of the Section conducted through the NATO Cyber Risk Management Group (CRMG) and the NATO Board of CISOA (BCISOA), to facilitate risk-informed decisions of the OCIO leadership
· Assist and coordinate the development, execution and oversight of the Enterprise Vulnerability Assessment Plan (EVAP)
· Support Cybersecurity compliance activities including the analysis of audit results, with focus on root-cause factors and possible improvements
· Ensure that the NATO Enterprise cyberspace attack surface is constantly monitored and analysed through regular auditing activities, with results being promptly analysed and assessed in support of risk-informed decisions
· Coordinate and support risk-management activities and analysis in the context of Defensive Cyberspace Operations campaigns, directly coordinating plans and activities with the Enterprise Incident Management Team, and assessing and monitoring related results
· Assist and contribute to the development and/or updating of OCIO’s Directives
· Ensure that reports and products of the section are constantly refined through results of security audits conducted on the external attack surface of the NATO Enterprise and re-assessments of its security posture
· Provide support to various CIS-related activities, as directed by the Head of the Enterprise Risk Management Section
· Support the development of the OCIO’s annual High-Level Risk Assessment, in coordination with other officers and as directed by the Head of the Enterprise Risk Management Section
· Conduct ad-hoc activities as directed by the Head of the Enterprise Risk Management Section