Cyberspace Strategic Risk and Issue Manager
JOB DETAIL
1. POST CONTEXT
Supreme Headquarters Allied Powers Europe (SHAPE) provides an integrated Strategic Effects framework, employing a multi-domain and multi-region focus to create a 360-degree approach, with the flexibility to enable, upon direction, a seamless transition from Baseline Activities and Current Operations (BACO) up to the Maximum Level of Effort (MLE). SHAPE supports SACEUR in fulfilling his terms of reference, as directed by the North Atlantic Council.
The Cyberspace Directorate directs monitors and coordinates all Cyberspace Operations (CO), Electronic Warfare (EW), Electro Magnetic Spectrum (EMS) activity and Communications and Information Systems (CIS) functional area activities and staff functions across ACO.
The J6 Cyberspace Division provides the strategic staff functions for cyberspace aspects within ACO’s strategic direction, planning and risk management to support NATO-led operations, initiatives, exercises and activities.
The Cyberspace Strategic Plans and Policy Branch will provide military Subject Matter Expert (SME) advice, strategic direction and oversight of all cyberspace functional area activities across ACO.
This post is primarily involved in the formulation of NATO 2030 initiative cyberspace input to Military Advice, Policies, Doctrine and Plans (at the strategic level).
The incumbent will provide Cyberspace Strategic Risk and Issue management advice in support of its Cyber Security Risk and Issue Management and Risk Acceptance tasks, of the NATO Security Accreditation (SA) process and of the Cyber Risk Management Group (CRMG), to allow ACO CIS Operational Authority (CISOA) to take informed decisions in a coordinated manner regarding cybersecurity risks and issues.
2. PRINCIPAL DUTIES
The incumbent’s duties are:
1) Request and coordinate the inputs / requirements of the ACO CISOA community to establish priorities, to align efforts and to coordinate related efforts in regards to support requirements from NCIA (e.g. VAs), SA Authority (SAA) support, etc.
2) Present ACO related products / outcomes to the Enterprise board of CISOAs for relevant de-confliction, approval or further coordination efforts, as required.
3) Advise ACO CISOA (SHAPE ACOS J6 Cyberspace) on the conditions and limitations upon which a decision to accept (or not) the security risk and the consequences, and issue the Interim Approval to Operate for CIS when the security accreditation is not finalized and more time is required or when the operational needs dictate so.
4) Contribute to the ACO Strategic Risk & Issue Registry which will list all the identified ACO Strategic Cyber Risks & Issues, their mitigation measures and measurement, linked to the ASMP 2023-2027 ACO Cyberspace Strategic Objectives, Strategic Initiatives and organizational functions through the support of the ACO Strategic Management WG.
5) Coordinate and discuss with the Subordinate Commands the Strategic level Cyber Risks and Issues for inclusion into the ACO Strategic Cyber Risks & Issues registry or bring at Enterprise level.
6) Propose changes to the ACO Cyber Security Posture to contribute to the establishment and maintenance of the Cyber Security Posture Situational Awareness.
7) Assess, propose and prepare escalation of any risk and/or issue identified to belong to the Enterprise Level, and brings it to the CRMG via the ACO CISOA Advisory Board or as directed.
8) Review the CRMG topics, coordinate the appropriate actions, and advise the ACO CISOA accordingly.
9) Lead and direct effective coordination among the ACO CIS operational and security authorities for Cyber Risks and Issues, advising ACO CISOA to escalate the Risk and Issue to the Board of CISOA (BCISOA) if it is deemed appropriate.
10) Initiate the interaction with all ACO stakeholders for the determination of the residual cyber risk that should be considered as acceptable by the Security Accreditation Authority (SAA).
11) Identify the risk factors and accordingly the threats, the weaknesses and the vulnerabilities in the overall ACO security environment where the CIS systems are authorised to operate.
3. SPECIAL REQUIREMENTS AND ADDITIONAL DUTIES
The employee may be required to perform a similar range of duties elsewhere within the organisation at the same grade without there being any change to the contract
The work is normally performed in a Normal NATO office working environment.
Normal Working Conditions apply.
The risk of injury is categorised as: No risk / risk might increase when deployed
4. ESSENTIAL QUALIFICATIONS
1. Professional/Experience
1) Minimum of 5 years’ experience within military CIS delivery, CIS sustainment, cybersecurity, or cyber defense.
2) Minimum of 3 years’ experience in NATO or national CIS/Cyber security.
3) Knowledge of NATO risk management process
2. Education/Training
University Degree in information technology, information systems engineering, business administration, quality engineering or related discipline and 4 years post related experience, or Higher Secondary education and completed advanced vocational training in that discipline leading to a professional qualification or professional accreditation with 5 years post related and 2 years function related experience.
3. Language
English SLP 3333 (Listening, Speaking, Reading and Writing)
NOTE: The work both oral and written in this post and in this Headquarters as a whole is conducted mainly in English.
5. DESIRABLE QUALIFICATIONS
1. Professional/Experience
1) Experience within NATO CIS security
2) Experience within NATO Risks and Issues management process.
3) Experience with J2 functions (security accreditation/security assessment)
2. Education/Training
1) CIS Network Planner Course
2) Electronic Warfare Course
3) Project Management: Prince II or Project Management Professional (PMP) or internationally recognized equivalent.
4) Service Management: ITIL version 3 or internationally recognized equivalent.
5) CIS Security: CISSP or CISM or internationally recognized equivalent.
6. ATTRIBUTES/COMPETENCIES
1) Personal Attributes: Self-starter; Organised and skilled in documenting and expressing complex interoperability arrangements.
2) Professional Contacts: Maintains liaison with the NATO and ACO Cyberspace communities.
a. Provide advice to the Strategic Risk and Issue Assessment for Cyber inputs into the Strategic Management Working Group (SMWG) (including Cryptographic).
b. Provides representation to the Cyber Risk Management Group (CRMG) run by the Office of the Chief Information Office (OCIO).
c. Provides coordination with the ACO Security Accreditation Authority (SAA) regarding the assessment of Cyberspace elements SA and residual risk for ACO CISOA
d. Maintains coordination with the NATO 2030 task force.
e. Provides liaison with various NATO 2030 planning groups located within the C3B substructure.
3) Contribution To Objectives: As the NATO 2030 progressing activities are underway in ACO, the incumbent will have a key supporting role in liaising with the various bodies and groups ensuring Cyberspace risks and issues are effectively identified, assessed, and addressed at the strategic level allowing ACO to successfully advance in the path for digital transformation of NATO.
7. CONTRACT
The successful candidate will fill this post as a Project Related NATO International Civilian (PLN) with a three-year definite duration contract within the NATO 2030 Agenda. On expiry of this term the PLN will be deleted or absorbed into the ceiling pending approval or will exceptionally be considered for extension.
The salary will be the basic entry-level monthly salary defined by the NATO Grade of the post, which may be augmented by allowances based on the selected staff member’s eligibility, and which is subject to the withholding of approximately 20% for pension and medical insurance contributions.
Applicants who prove to be competent for the post but who are not successful in this competition may be offered an appointment in another post of a similar nature, which might become vacant in the near future, albeit at the same or lower grade, provided they meet the necessary requirements.
ADDITIONAL INFORMATION
Applications are to be submitted using NATO Talent Acquisition Platform (NTAP)(https://nato.taleo.net/careersection/2/jobsearch.ftl?lang-en) Applications submitted by other means (e.g. mail, e-mail, fax, etc) are not accepted.
More information to be found on these links:
NTAP allows adding attachments. A copy of the qualification/certificate covering the highest level of education required by the job description must be provided as an attachment.
Essential information must be included in the application form. Particular attention should be given to Education and Experience section of the application form. The application should be in English.
Shortlisted candidates will be requested to provide original documentary evidence and a set of copies supporting statements in their applications.
After submitting your application, you will receive an acknowledgement of receipt of your application.
Remarks:
A) Only nationals from the 31 NATO member states can apply for vacancies at SHAPE.
B) Applications are automatically acknowledged within one working day after submission. In the absence of an acknowledgement please make sure the submission process is completed, or, re-submit the application.
C) Candidates’ individual telephone, e-mail or telefax enquiries cannot be dealt with. All candidates will receive an answer indicating the outcome of their application.
