The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise, is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services. The NATO CIO provides Enterprise oversight on cybersecurity issues, and, in close coordination with all relevant NATO civil and military bodies, works towards the continual improvement of the cyber hygiene and cybersecurity posture in the NATO Enterprise.
The Office of the NATO CIO (OCIO) has an integrated staff organization comprised of International Staff (IS) and International Military Staff (IMS) members.
The Enterprise Security Branch (ESec) maintains Enterprise oversight on cybersecurity and enables awareness on specific risks, processes and incidents. It supports the NATO CIO in managing cybersecurity risks and incidents at Enterprise level, advises and supports the decision-making process for identifying the Enterprise risk appetite and risk acceptance for Communications and Information Systems (CIS) Security. The Branch executes functions deriving from the NATO CIO Enterprise risk owner and top-level incident manager roles for cybersecurity, by coordinating incident response, business impact analysis, risk mitigation, mid- to long- term mitigation measures and lessons-identified definition. The Branch also maintains relations with key Enterprise military and civilian stakeholders at strategic, operational, tactical and technical levels.
The Security Processes Section (SPS) is responsible for ensuring correct support and representation in its role of Enterprise incident manager in front of multiple NATO relevant cyberspace stakeholders. The section is also responsible to provide liaison to network security, threats analysis and advanced technical operations in support of the defence of NATO Enterprise Networks, services and capabilities.
The incumbent performs continuous cybersecurity posture monitoring, conducts NATO Enterprise cybersecurity data analytics, and builds Enterprise cybersecurity situational awareness in support to all associated Enterprise cybersecurity processes, including cyber incident management, risk management, and defensive cyberspace operations. They perform data and trend analysis over time to help generate statistics on relevant Enterprise cybersecurity measures, including key performance indicators. They provide continuous and accurate monitoring of cybersecurity alerts, events and incidents, relevant technical information, and the results of security risks assessments, vulnerability assessments and security audits. The incumbent advises on the toolset required to maintain a timely and accurate oversight of the cybersecurity posture and also manages the Enterprise cyber threat intelligence feeds, in coordination with the NATO Enterprise stakeholders.
2. QUALIFICATIONS AND EXPERIENCE
ESSENTIAL
The incumbent must:
DESIRABLE
The following are considered an advantage:
3. MAIN ACCOUNTABILITIES
Contribute to the development of policy, directive and guidance documents in the OCIO areas of responsibility as per their area of expertise. Develop high-level strategic documents and advice to improve network security monitoring and support the Enterprise incident management processes and procedures.
Expertise Development
Maintain and update an Enterprise-wide overview on cybersecurity posture of Enterprise networks and supporting capabilities to advice the role of CIO as Single Point of Authority for the Enterprise CIS. Based on the latest security assessments and developments in cybersecurity threats, propose improvements of security mechanisms with focus on network protection, monitoring and secure management, gathering of ideas and lessons learned from other NATO experts across the Enterprise. Conduct trend analysis in support to incident management, risk management and defensive cyberspace operations processes. Keep abreast with the latest technology developments in their area of responsibilities and provide appropriate advice to the Section Head on NATO enterprise networks cybersecurity posture. Support the provisioning of incident management advice and guidance to NATO Nations, NATO civil and military bodies and partner nations and international organizations. Provide advice on evolving security programs in NATO nations, NATO civilian and military bodies, and non-NATO entities.
Project Management
Support the definition of the section projects plan according to the OCIO role(s) in project management processes used in the NATO Enterprise. Identify main decision-makers and other stakeholders relevant for the project success, participate and contribute to project management boards as required. Maintain full understanding of project and program plans, identify and monitor project implementation risks, provide expertise and leadership in the resolution of exceptions and issues.
Stakeholder Management
Establish and maintain a network of relations with key experts in the NATO Enterprise, with a specific focus on Enterprise-wide network security. Develop close cooperation and working relationships with the NATO Operational community on the lifecycle of Enterprise security processes and practices, with a focus on network monitoring and management.
Knowledge Management
Draft background briefs, progress reports, prepare presentations, and other items for high-level meetings. Identify relevant incident management capabilities in place within the whole NATO Enterprise, in order to provide support and recommendations for harmonization and coherence. Contributes to the information sharing with the relevant NATO bodies and Boards in support of Situational Awareness.
Financial Management
Provide Cybersecurity advice and guidance to NATO bodies, nations, civilian and military stakeholders on the development of the yearly program of work for network monitoring and cybersecurity activities, on the basis of identified threats and vulnerabilities for the Enterprise. Manage a predetermined budget for assigned projects.
Planning and Execution
Coordinate and assess cybersecurity measures involving Enterprise networks and their effectiveness under time-sensitive situations. Coordinate and develop mitigation and remediation actions in coordination with other members of the Risk Management Section to improve Enterprise network security posture.
Perform any other related duty as assigned.
4. INTERRELATIONSHIPS
The incumbent reports to the Head, Security Processes Section. They work in close cooperation with the OCIO members of staff, experts of the various NATO Entities and international organizations.
Direct reports: N/A
Indirect reports: N/A
5. COMPETENCIES
The incumbent must demonstrate:
7. USEFUL INFORMATION REGARDING APPLICATION AND RECRUITMENT PROCESS
Please note that we can only accept applications from nationals of NATO member countries. Applications must be submitted using e-recruitment system, as applicable:
Before you apply to any position, we encourage you to click here and watch our video providing 6 tips to prepare you for your application and recruitment process.
Do you have questions on the application process in the system and not sure how to proceed? Click here for a video containing the information you need to successfully submit your application on time.
More information about the recruitment process and conditions of employment, can be found at our website (http://www.nato.int/cps/en/natolive/recruit-hq-e.htm)
Appointment will be subject to receipt of a security clearance (provided by the national Authorities of the selected candidate), approval of the candidate’s medical file by the NATO Medical Adviser, verification of your study(ies) and work experience, and the successful completion of the accreditation and notification process by the relevant authorities.
NATO will not accept any phase of the recruitment and selection prepared, in whole or in part, by means of generative artificial-intelligence (AI) tools, including and without limitation to chatbots, such as Chat Generative Pre-trained Transformer (Chat GPT), or other language generating tools. NATO reserves the right to screen applications to identify the use of such tools. All applications prepared, in whole or in part, by means of such generative or creative AI applications may be rejected without further consideration at NATO’s sole discretion, and NATO reserves the right to take further steps in such cases as appropriate.