Officer, Cyber Resilience

Primary Location

Belgium-Brussels

NATO Body

NATO International Staff (NATO IS)

Schedule

Full-time

Application Deadline

27-Jan-2025, 12:59:00 AM

Salary (Pay Basis)

7,504.44

Grade

NATO Grade G17

'PENDING BUDGET APPROVAL'

• SUMMARY
  
  
  

The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across the NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services considering the implications of independent initiatives on the Enterprise.

The NATO CIO Office is an integrated staff organization comprising members of the International Staff (IS) and the International Military Staff (IMS).

The Enterprise Security Branch (ESB) maintains Enterprise oversight on cyber security and enables cyber awareness by interfacing with the main NATO cybersecurity entities. It supports the CIO in managing cybersecurity risks and incidents at Enterprise level, advises and supports the decision-making process for setting the Enterprise risk appetite and risk acceptance for CIS Security. In particular, the Branch supports the CIO’s role of Enterprise risk owner and Enterprise incident manager for cybersecurity, coordinating immediate response, business impact analysis, risk mitigation, mid- to long-term mitigation measures and lessons-identified definition.

The Enterprise Risk Management Section (ESRM) is responsible for ensuring the execution of the Enterprise CIS Operational Authority (CISOA) role across NATO, adopting a modern and effective risk management methodology, driving activities of other Enterprise cybersecurity processes (Incident Management and Defensive Cyberspace Operations (DCO)). The Section also offers support to accreditation efforts for NATO CISs at Enterprise Level, including the coordination of auditing activities, provision of Cryptographic support, Personal Data Protection policy changes for the Enterprise.

The incumbent is responsible for building resilience and supporting the three Enterprise cybersecurity processes (Risk Management, Incident Management and Defensive Cyber Operations), as well as supporting to enhance\innovate the capacity of these processes whenever dictated by resources constraints. The incumbent also takes the role, when required, of Risk Manager in support of risk-driven activities (such as Incident Management and DCOs), and the development of analyses and assessments which are instrumental for risk-based decision-making of the CIO as Single Point of Authority (SPA) of NATO Cybersecurity.

• QUALIFICATIONS AND EXPERIENCE
  
  
  

Essential

The incumbent must:

• possess a degree from a university or from an institute of recognised standing preferably in ICT or related discipline ;
• have at least 3 years of experience in the Cybersecurity field, preferably in large international organizations;
• have demonstrated experience in Risk Management-related activities, preferably in support of different cybersecurity processes such as Incident Management, Risk Management or Cyber Operations;
• have strong written and oral communication skills, including the ability to draft documents and presentations for a senior audience;
• possess knowledge and experience in coordinating with multiple stakeholders in large, decentralized and multi-cultural organizations ;
• possess a good knowledge of the principles, policy and procedures governing cyber defence;
• have the ability to draft clear and concise reports, produce and maintain security and risks’ logs and databases in support of security activities;
• demonstrate sound political judgement;
• have experience in writing speeches and speaking notes for senior officials;
• have competencies with off-the-shelf MS software (e.g. MS Excel, Word, Outlook, SharePoint and PowerPoint);
• possess the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other;
• be flexible to work outside of normal office hours and travel when required.
  
  
  

DESIRABLE

The following would be considered an advantage:

• knowledge and experience in supporting the activities of Defensive Cyberspace Operations;
• knowledge of the NATO organization and its cybersecurity policy and supporting directives .
• MAIN ACCOUNTABILITIES
  
  
  

Planning and Execution

Prepare, plan and organise the Board of CIS Operational Authorities (BCISOA), Cyber Risk Management Group (CRMG)’s meetings. Draft, coordinate and distribute agendas, share the documents and presentations with the stakeholders across the NATO Enterprise, and draft the minutes of the meetings. Augment the Risk Management activities in support of Risk-based decision making of the Enterprise CISOA, the execution of Incident Management and Defensive Cyber Operations. Support the development of High-Level risk assessments instrumental for risk-based decisions within the three cybersecurity processes (RM, IM and DCOs) , collecting and analyzing all available technical information and resources, acting as “Risk Management SME” in the execution of various risk management activities. Provide risk-based assessments and recommendations to facilitate HOTO between IM and DCOs processes with Risk Management and act as Risk Management SME in the execution of the abovementioned cybersecurity processes as resilience-building mechanism.

Knowledge Management

Organize, administrate and directly contribute to the sharing and distributing of information and knowledge within the office and with stakeholders across the NATO Enterprise, using tools such as MS SharePoint, MS Outlook, and the tasker tracker systems. Draft memoranda and cover letters to documents. On the basis of briefings, discussions and investigations, assess the security programs in place in NATO nations, NATO civil and military bodies, and non-NATO nations / international organizations. Develop and maintain a log of the non-accredited systems and assess the status of the accreditation process at Enterprise level, possibly making suggestions and plans to improve it. In cooperation with OCIO staff and points of contacts across the NATO Enterprise, develop and enhance knowledge related to sharing and distributing information. Maintain an effective follow-up and/or reminder system for pending actions. Control the quality, quantity and relevance of input to the knowledge management systems. Draft speeches and speaking notes for senior officials. Type and format all kinds of documents, using the standard software packages used by NATO (MS Word, Excel, and PowerPoint).

Stakeholder Management

Interact with high-level Boards to facilitate risk-informed decisions. Write comprehensive reports for the use of responsible national and/or security authorities. Coordinate activities in support of the work of decision-making Boards. Liaise and cooperate with the NATO Enterprise entities points of contact (International Staff, International Military Staff, Agencies and other NATO bodies) with regard to meetings’ planning, preparation and running. Develop contacts and cooperation in support of the conduct of the BCISOA and CRMG activities. Maintain accurate lists of stakeholders for information exchange. Clarify and contribute to stakeholders' expectations. Represent the CIO across different Boards, Groups and Committees, including the NATO CIS Security Accreditation Board (NSAB), the Senior Executive Group (SEG), the Cyber Defense Committee (CDC), as well as working groups, including the BCISOA Working Group and the Cyber Risk Management Group as directed by the Head

Expertise Development

Contribute to enhancing processes and procedures that improve the overall functioning of the NATO Enterprise. Maintain and apply expertise regarding the initiatives tracked via the BCISOA and CRMG and other committees they support. Provide Cybersecurity advice and guidance to the section head, on the basis of the performance of the three cybersecurity processes, perceived threats, current resources status and vulnerabilities for the Enterprise. Prepare advice to the OCIO management regarding their participation and contribution to the respective meetings.

Project Management

Oversee and monitor the execution of assigned projects in support of the OCIO goals and objectives and provide specialist input where required.

Perform any other related duty as assigned.

• INTERRELATIONSHIPS
  
  
  

The incumbent reports to the Section Head, Enterprise Risk Management. The incumbent deals with senior government and military personnel in NATO and partner nations, NATO civil and military bodies, and non-NATO nations and organizations.

Direct reports: N/a

Indirect reports: N/a

• COMPETENCIES
  
  
  

The incumbent must demonstrate:

• Analytical Thinking: Sees multiple relationships;
• Flexibility: Adapts to unforeseen situations;
• Impact and Influence: Takes multiple actions to persuade;
• Initiative: Is decisive in a time-sensitive situation;
• Organizational Awareness: Understands organisational climate and culture;
• Teamwork: Cooperates.
  
  
  

6. CONTRACT

Contract to be offered to the successful applicant (if non-seconded): Definite duration contract of three years; possibility of renewal for up to three years, during which the incumbent may apply for conversion to an indefinite duration contract.

Contract clause applicable:

In accordance with the contract policy, this is a post in which turnover is desirable for political reasons in order to be able to accommodate the Organisation's need to carry out its tasks as mandated by the Nations in a changing environment, for example by maintaining the flexibility necessary to shape the Organisation's skills profile, and to ensure appropriate international diversity.

The maximum period of service foreseen in this post is 6 years. The successful applicant will be offered a 3-year definite duration contract, which may be renewed for a further period of up to 3 years. However, according to the procedure described in the contract policy the incumbent may apply for conversion to an indefinite contract during the period of renewal and no later than one year before the end of contract.

If the successful applicant is seconded from the national administration of one of NATO’s member States, a 3-year definite duration contract will be offered, which may be renewed for a further period of up to 3 years subject also to the agreement of the national authority concerned. The maximum period of service in the post as a seconded staff member is six years.

Serving staff will be offered a contract in accordance with the NATO Civilian Personnel Régulations.

• USEFUL INFORMATION REGARDING APPLICATION AND RECRUITMENT PROCESS
  
  
  

Please note that we can only accept applications from nationals of NATO member countries. Applications must be submitted using e-recruitment system, as applicable:

• For NATO civilian staff members only: please apply via the internal recruitment portal ( link );
• For all other applications: www.nato.int/recruitment
  
  
  

Before you apply to any position, we encourage you to click here and watch our video providing 6 tips to prepare you for your application and recruitment process.

Do you have questions on the application process in the system and not sure how to proceed? Click here for a video containing the information you need to successfully submit your application on time.

More information about the recruitment process and conditions of employment, can be found at our website (http://www.nato.int/cps/en/natolive/recruit-hq-e.htm)

Appointment will be subject to receipt of a security clearance (provided by the national Authorities of the selected candidate), approval of the candidate’s medical file by the NATO Medical Adviser, verification of your study(ies) and work experience, and the successful completion of the accreditation and notification process by the relevant authorities.

NATO will not accept any phase of the recruitment and selection prepared, in whole or in part, by means of generative artificial-intelligence (AI) tools, including and without limitation to chatbots, such as Chat Generative Pre-trained Transformer (Chat GPT), or other language generating tools. NATO reserves the right to screen applications to identify the use of such tools. All applications prepared, in whole or in part, by means of such generative or creative AI applications may be rejected without further consideration at NATO’s sole discretion, and NATO reserves the right to take further steps in such cases as appropriate.

• ADDITIONAL INFORMATION
  
  
  

NATO is committed to diversity and inclusion, and strives to provide equal access to employment, advancement and retention, independent of gender, age, nationality, ethnic origin, religion or belief, cultural background, sexual orientation, and disability. NATO welcomes applications of nationals from all member Nations, and strongly encourages women to apply.

Building Integrity is a key element of NATO’s core tasks. As an employer, NATO values commitment to the principles of integrity, transparency and accountability in accordance with international norms and practices established for the defence and related security sector. Selected candidates are expected to be role models of integrity, and to promote good governance through ongoing efforts in their work.

Due to the broad interest in NATO and the large number of potential candidates, telephone or e-mail enquiries cannot be dealt with.

Applicants who are not successful in this competition may be offered an appointment to another post of a similar nature, albeit at the same or a lower grade, provided they meet the necessary requirements.

The nature of this position may require the staff member at times to be called upon to travel for work and/or to work outside normal office hours.

The organization offers several work-life policies including Teleworking and Flexible Working arrangements (Flexitime) subject to business requirements.

Please note that the International Staff at NATO Headquarters in Brussels, Belgium is a non-smoking environment.

For information about the NATO Single Salary Scale (Grading, Allowances, etc.) please visit our website . Detailed data is available under the Salary and Benefits tab.