Social network you want to login/join with:
OCIO-0015 Enterprise Security Accreditation and (ECISOA) - TUE 8 Oct, Brussels
Client:
EMW
Location:
Brussels, BE
Job Category:
Other
EU work permit required:
Yes
Job Reference:
e19cabcf5e36
Job Views:
7
Posted:
23.03.2025
Expiry Date:
07.05.2025
Job Description:
Deadline Date: Tuesday 8 October 2024
Requirement: Enterprise Security Accreditation and ECISOA
Full Time On-Site: Yes
Time On-Site: 100%
Total Scope of the request (hours): 190
Required Start Date: 18 November 2024
End Contract Date: 31 December 2024
Required Security Clearance: NATO SECRET
Special Terms and Conditions: The contractor will be responsible for complying with the respective national requirements for working permits, visas, taxes, social security etc. whilst working on site at NATO HQ Brussels, Belgium.
The contractor will be responsible for complying with all the respective National Health COVID-19 regulations in Belgium before taking up the position.
1. INTRODUCTION
NATO is undergoing a major adaptation of its overall approach to cybersecurity. As part of its mandate, the NATO Chief Information Officer (CIO) is overseeing the coherence of the NATO Enterprise ICT capabilities and services and is the single point of authority for cybersecurity. The NATO CIO is responsible for developing and implementing a cybersecurity strategy through a comprehensive cyber adaptation effort.
As part of its mandate, the NATO Office of the CIO (OCIO) needs to execute and enforce the role of NATO Enterprise CIS Operational Authority (ECISOA) allowing the NATO CIO to perform its role of Enterprise Risk owner. The main goal is to ensure risks identified as part of supporting existing processes (security accreditation, incident management, etc.) are properly evaluated, operationally validated and formally accepted, keeping and maintaining an overall view on the global Enterprise security posture.
To support this effort, OCIO requires services that will leverage in-depth knowledge of Risk Management (Risk Assessment methodology, Processes and Best practices), to support the roles of ECISOA and the related risk management-supporting activities.
2. TASKS
The contractor will effectively and efficiently provide, with minimal supervision, the following services, with a special focus on cybersecurity risk management:
1. Support CIO in his role of Enterprise CISOA in the issuance of different decision-making-related documentation such as Authorizations to Operate (ATOs) and interim ATOs (iATO) for systems and Networks, as required.
2. Assess, verify risks and develop suggestions in support of the Enterprise Risk acceptance function of the CIO.
3. Support the development of Cybersecurity Risk Management Processes and Frameworks.
4. Maintain a Board of CISOA as a stable coordination framework between the various local CISOA among various HQs and Subordinate commands.
5. Support the activity of the Cyber Risk Management Group (CRMG).
6. Support the Enterprise CISOA in the development and execution of the accreditation process, for NATO CIS at Enterprise level.
7. Support and contribute to the process of policy changes related to CIS security and its management in coordination with the SAA and CISP.
3. PROFILE
* The candidate must have knowledge and multiyear experience in organization, management and support of various (international) operations related to defence, security, electronics and communications, in the NATO environments.
* The candidate must have previous experience within NATO CIS Operational Authority dealing with accreditation procedures, Risk Assessment and Crypto implementation.
* The candidate must have previous experience in developing contingency plans, mitigation measures and Authorization To Operate (ATO) and interim Authorizations to Operate (iATO).
* The job requires knowledge of the NATO Security Accreditation Processes and operational evaluation of CIS.
* The job requires experience with Risks assessment and Risk Management as applied to CIS Security and Cyber Security.
* Experience in supporting or driving Policy changes related to CIS security and its management.
* Knowledge in the development of Cybersecurity Risk Management Processes and Frameworks.
* The candidate must have experience in leading staff work on large and complex projects and to coordinate multiple stakeholders in different locations.
* The candidate must have a NATO SECRET security clearance.
* The candidate must have excellent English writing skills and the ability to brief their work in English.
4. LOCATION OF DUTY
The work will be executed primarily on site at the NATO HQ offices in Brussels, Belgium.
5. TIMELINES
The services of the contractor are required for the period starting at the earliest possible but not later than 18th November 2024 until 31th December, 2024.
6. SPECIFIC WORKING CONDITIONS
Secure environment with standard working hours. Occasional non-standard hours may be required in support of urgent tasks.
7. TRAVEL
Occasional business travel may be required. Travel expenses to be reimbursed under NATO rules.
8. SECURITY AND NON-DISCLOSURE AGREEMENT
The contractor must be in possession or capable of possessing a security clearance of NATO SECRET.
A signed Non-Disclosure Agreement will be required.
#J-18808-Ljbffr