1. SUMMARY

The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise, is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services. The NATO CIO provides Enterprise oversight on cybersecurity issues, and, in close coordination with all relevant NATO civil and military bodies, works towards the continual improvement of the cyber hygiene and cybersecurity posture in the NATO Enterprise.

The Office of the NATO CIO (OCIO) has an integrated staff organization comprised of International Staff (IS) and International Military Staff (IMS) members.

The Enterprise Security Branch (ESec) maintains Enterprise oversight on cybersecurity and enables awareness on specific risks, processes and incidents. It supports the NATO CIO in managing cybersecurity risks and incidents at Enterprise level, advises and supports the decision-making process for identifying the Enterprise risk appetite and risk acceptance for Communications and Information Systems (CIS) Security. The Branch executes functions deriving from the NATO CIO Enterprise risk owner and top-level incident manager roles for cybersecurity, by coordinating incident response, business impact analysis, risk mitigation, mid- to long- term mitigation measures and lessons-identified definition. The Branch also maintains relations with key Enterprise military and civilian stakeholders at strategic, operational, tactical and technical levels.

The Security Processes Section (SPS) is responsible for ensuring correct support and representation in its role of Enterprise incident manager in front of multiple NATO relevant cyberspace stakeholders. The section is also responsible to provide liaison to network security, threats analysis and advanced technical operations in support of the defence of NATO Enterprise Networks, services and capabilities.

The incumbent performs continuous cybersecurity posture monitoring, conducts NATO Enterprise cybersecurity data analytics, and builds Enterprise cybersecurity situational awareness in support to all associated Enterprise cybersecurity processes, including cyber incident management, risk management, and defensive cyberspace operations. They perform data and trend analysis over time to help generate statistics on relevant Enterprise cybersecurity measures, including key performance indicators. They provide continuous and accurate monitoring of cybersecurity alerts, events and incidents, relevant technical information, and the results of security risks assessments, vulnerability assessments and security audits. The incumbent advises on the toolset required to maintain a timely and accurate oversight of the cybersecurity posture and also manages the Enterprise cyber threat intelligence feeds, in coordination with the NATO Enterprise stakeholders.

2. QUALIFICATIONS AND EXPERIENCE

ESSENTIAL

The incumbent must:

• have a university degree, or an equivalent level of qualification from an institute of recognised standing, in ICT or a cyber-security related discipline;
• have at least 3 years of experience in cybersecurity with focus on network monitoring and situational awareness, and cybersecurity data analytics, preferably in a large organisation;
• have experience in supporting the design, implementation and management of  network security monitoring capabilities in  large distributed IT environment, including collection, correlation, aggregation and analysis of secure data and events;
• have experience in the generation, provision and long-term assessment of cybersecurity recommendations and guidance originating from incidents happening in and through cyberspace and/or evidences coming from the threat analysis;
• have knowledge and experience in trend analysis and advanced technical operations in support of the defence of large Enterprise Networks;
• have experience developing cybersecurity dashboards, correlating information from multiple sources;
• be experienced in coordinating multiple stakeholders in large, decentralized and multi-cultural organizations;
• possess an excellent knowledge of network and infrastructure security principles, along with best practices for implementing protective measures, monitoring and logging;
• have a good knowledge of the principles, policy and procedures governing cybersecurity;
• be able to draft clear and concise reports, produce and maintain security and risks logs and databases in support of cybersecurity activities;
• be flexible to work outside of normal office hours, during incident management activities, and travel when required;
• possess the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other.

DESIRABLE

The following are considered an advantage:

• cybersecurity certifications such as CISSP, CCSP, CISM or equivalent post-graduate degree in cybersecurity;
• experience with NATO’s cybersecurity environment, specifically in the CIS security field and related functions;
• experience in the monitoring and assessment of security audits’ results in support of the risk management processes of a large organization;
• experience in leading staff work on large and complex projects and to coordinate multiple stakeholders in different and separate locations;
• experience in incident and risk management tools;
• knowledge of the NATO organisation, its security policy and supporting directives.

3. MAIN ACCOUNTABILITIES

Policy Development

Contribute to the development of policy, directive and guidance documents in the OCIO areas of responsibility as per their area of expertise.  Develop high-level strategic documents and advice to improve network security monitoring and support the Enterprise incident management processes and procedures.

Expertise Development

Maintain and update an Enterprise-wide overview on cybersecurity posture of Enterprise networks and supporting capabilities to advice the role of CIO as Single Point of Authority for the Enterprise CIS. Based on the latest security assessments and developments in cybersecurity threats, propose improvements of  security mechanisms with focus on network protection, monitoring and secure management, gathering of ideas and lessons learned from other NATO experts across the Enterprise. Conduct trend analysis in support to incident management, risk management and defensive cyberspace operations processes. Keep abreast with the latest technology developments in their area of responsibilities and provide appropriate advice to the Section Head on NATO enterprise networks cybersecurity posture. Support the provisioning of incident management advice and guidance to NATO Nations, NATO civil and military bodies and partner nations and international organizations. Provide advice on evolving security programs in NATO nations, NATO civilian and military bodies, and non-NATO entities.

Project Management

Support the definition of the section projects plan according to the OCIO role(s) in project management processes used in the NATO Enterprise. Identify main decision-makers and other stakeholders relevant for the project success, participate and contribute to project management boards as required. Maintain full understanding of project and program plans, identify and monitor project implementation risks, provide expertise and leadership in the resolution of exceptions and issues.

Stakeholder Management

Establish and maintain a network of relations with key experts in the NATO Enterprise, with a specific focus on Enterprise-wide network security. Develop close cooperation and working relationships with the NATO Operational community on the lifecycle of Enterprise security processes and practices, with a focus on network monitoring and management.

Knowledge Management

Draft background briefs, progress reports, prepare presentations, and other items for high-level meetings. Identify relevant incident management capabilities in place within the whole NATO Enterprise, in order to provide support and recommendations for harmonization and coherence. Contributes to the information sharing with the relevant NATO bodies and Boards in support of Situational Awareness.

Financial Management

Provide Cybersecurity advice and guidance to NATO bodies, nations, civilian and military stakeholders on the development of the yearly program of work for network monitoring and cybersecurity activities, on the basis of identified threats and vulnerabilities for the Enterprise. Manage a predetermined budget for assigned projects.

Planning and Execution

Coordinate and assess cybersecurity measures involving Enterprise networks and their effectiveness under time-sensitive situations. Coordinate and develop mitigation and remediation actions in coordination with other members of the Risk Management Section to improve Enterprise network security posture.

Perform any other related duty as assigned.

4. INTERRELATIONSHIPS

The incumbent reports to the Head, Security Processes Section. They work in close cooperation with the OCIO members of staff, experts of the various NATO Entities and international organizations.  

Direct reports: N/A

Indirect reports: N/A

5. COMPETENCIES

The incumbent must demonstrate:

• Analytical Thinking: Sees multiple relationships;
• Flexibility: Adapts to unforeseen situations;
• Impact and Influence: Takes multiple actions to persuade;
• Initiative: Is decisive in a time-sensitive situation;
• Organizational Awareness: Understands organisational climate and culture;
• Teamwork: Cooperates.