Deadline Date: Monday 23 January 2023
Requirement: Enterprise Risk Management Supporting Officer
Location: Brussels, BE
Full time on-site: Yes
NATO Grade: A3/G17/88
Total Scope of the request (hours): 1672
Required Start Date: As soon as possible, but no later than 23 February 2023
End Contract Date: 31 December 2023
Required Security Clearance: NATO SECRET
Annex A – Special Terms and Conditions
The contractor will be responsible for complying with the respective national requirements for working permits, visas, taxes, social security etc. whilst working on site at NATO HQ Brussels, Belgium.
No special status is either conferred or implied by the host organisation, NATO HQ Brussels, Belgium to the contractor whilst working on-site.
The contractor will be responsible for complying with all the respective National Health COVID-19 regulations in Belgium before taking up the position.
NATO is undergoing a major adaptation of its overall approach to cybersecurity. As part of its mandate, the NATO Chief Information Officer (CIO) is overseeing the coherence of the NATO Enterprise ICT (Information Communication Technology) capabilities and services and is the single point of authority (SPA) for cybersecurity. The NATO CIO is responsible for developing and implementing a cybersecurity strategy through a comprehensive cyber adaptation programme. This includes significant interaction with executive stakeholders, both military and civilian, required to oversee the NATO Enterprise coherence and cybersecurity efforts.
As part of its mandate, the Office of the NATO CIO (OCIO) needs to execute and enforce the role of SPA for cybersecurity, which includes the assessment of the Enterprise Surface of Attack and the management of eventual cybersecurity risks stemming from NATO CIS and assets.
Within this framework, the OCIO has developed a series of projects to support the Enterprise ICT coherence and cybersecurity, developing and refining the Enterprise Risk Management processes and tools.
The aim is to use a deeper integration of existing cyber-related processes (e.g. Accreditation, Threat Assessment, Capability Development etc.) into the Risk Management Process and Framework to improve the baseline level of support to existing Cyber Risk Management enabling tools (e.g. Registries, assessment tools, up-to-date maps).
In this context, the support to the Board of CISOA portal and to the risk management process of the various NATO CIS Operational Authorities Enterprise-wide is essential. The OCIO aims at better integrating the functionalities of the Enterprise Risk Management tool prototype (portal) and further improving coherence, information sharing and Situational Awareness in the area of risk management in support of the OCIO’s role of main NATO Enterprise Risk Owner.
The contractor will effectively and efficiently provide, with minimal supervision, the following services, with a special focus on cybersecurity risk management:
2.1 Expand the functionalities of the Enterprise Risk Management tool prototype (portal) supporting the Cyber Risk Management enabling tools (e.g. Registries, assessment tools, up-to-date maps). The portal is used as a baseline to include additional features in support of the accreditation process, coordinated with all recognised Security Accreditation Process Stakeholders (SAAs, CISOAs, CISPs and CISPIAs) by the OCIO itself.
o Measurement: To the NATO CIO satisfaction with the degree of support provided in managing and supporting the Cyber Risk Management enabling tools (e.g. Registries, assessment tools, up-to-date maps) ;
2.2 Support the integration of existing cyber-related processes (e.g. Accreditation, Threat Assessment, Capability Development etc.) into the Risk Management Process and Framework, by integrating and feeding the necessary inputs.
o Measurement: The degree and quality of support in the development of Risk Management Process and Framework, taking into consideration existing risks and methodologies.
2.3 Develop and coordinate the work to support the ‘Board of CISOA portal’ and to improve and facilitate the risk management process of the various NATO CIS Operational Authorities, Enterprise-wide, including CISOAs able to operate prioritization of CIS and services.
o Measurement: The degree and quality of support to the BCISOA portal and the improvement in the risk management process as a consequence of said support.
2.4 Improve coherence, information sharing and situational awareness in the area of risk management in support of the OCIO role of main NATO Enterprise Risk Owner.
o Measurement: The degree and quality of support to information sharing and situational awareness over Enterprise risk status in support of decision-making function of ECISOA.
3. LOCATION OF DUTY
The work will be executed primarily on site at the NATO HQ offices in Brussels, Belgium. Frequent travels or short deployments to NATO Command Structure bodies would be required. Due to the nature of the work, minimal teleworking can be foreseen.
The services of the contractor are required for the period starting 23rd of February 2023 until 31 December 2023.
5. SPECIFIC WORKING CONDITIONS
Secure environment with standard working hours. Occasional non-standard hours may be required in support of the NATO Chief Information Officer urgent tasks.
Occasional business travel may be required. Travel expenses to be reimbursed to the individual directly (in addition to the hourly rate) under NATO rules.
7. SECURITY AND NON-DISCLOSURE AGREEMENT
The contractor must be in possession or capable of possessing a security clearance of NATO SECRET.
A signed Non-Disclosure Agreement will be required.