1. SUMMARY

The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise, is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services. The NATO CIO provides Enterprise oversight on cybersecurity issues, and, in close coordination with all relevant NATO civil and military bodies, works towards the continual improvement of the cyber hygiene and cybersecurity posture in the NATO Enterprise.

The Office of the NATO CIO (OCIO) has an integrated staff organization comprised of International Staff (IS) and International Military Staff (IMS) members.

The Enterprise Strategy Branch (EStrat) identifies, elicits and harmonizes NATO bodies’ ICT needs into a coherent set of Enterprise’s requirements. It supports the definition, evolution and implementation of a long-term Enterprise strategy for ICT management following NATO nations’ guidance. The branch develops and maintains the implementation strategies to meet business requirements while respecting the diverse funding processes and sources supporting the NATO Enterprise. The branch prepares the CIO’s engagement with senior NATO boards and committees, oversees Enterprise architectural developments, monitors ICT services provision performance and maintains oversight of large ongoing projects and programs.

The mission of the Enterprise Architecture Section (EAS) is to ensure coherence, security, interoperability and cost effectiveness of the current and future Information and Communications Technology (ICT) architecture while planning its long-term evolution to best support NATO Enterprise business requirements and customers. The Section works in close coordination with several NATO bodies, such as the Consultation, Command and Control Board (C3B), as the owner and maintainer of NATO Enterprise Architecture frameworks and methodologies, exercising a governance role, Allied Command Transformation, NATO Communication and Information Agency (NCI Agency), Emerging Security Challenges Division, and other relevant stakeholders across the NATO Enterprise. It also needs to be aligned with key NATO processes such as NATO Security Investment Programme (NSIP) and others as required, in order to support OCIO’s strategic management function.

The incumbent leads and coordinates the activities related to Security Architecture as part of the EAS, supporting the Section Head in establishing, maintaining and exploiting an Enterprise Architecture function from an ICT security perspective. This role also includes socializing the EAS initiatives within the Enterprise and representing the OCIO in various fora when required. In addition, the role interacts with Industry and academia in order to keep abreast of latest ICT services security evolutions and provides essential input to the NATO Enterprise ICT Service Strategy.

2. QUALIFICATIONS AND EXPERIENCE

ESSENTIAL

• The incumbent must:
• hold a University degree from an institute of a recognised standing in ICT, computer science or cybersecurity;
• have a minimum of 3 years’ experience in business, information, application, technology and system architecture and integration, with practical experience (participation and/or advice) in projects on design and/or implementation of Communications and Information Services security;
• have extensive experience with IT risks, cybersecurity, services security techniques and auditing, open system architectures and technology evaluation (related security protocols, standards and technologies, including cryptography);
• have experience in project management;
• possess knowledge of the major cyber security industry players, their technical architectures and their commercial products;
• be able to contribute to a diverse team in a challenging multi-cultural and multi-national environment;
• possess expert level drafting skills, in particular the ability to present complex ICT security issues in simple terms;
• have excellent analytical and problem solving skills;
• be able  to prepare and deliver convincing presentations, and to present complex information technology issues in simple terms to non-technical audiences in order to facilitate consensus building and decision-making;
• have the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other.

DESIRABLE

The following are considered an advantage:

• market leading certifications for Enterprise IT and regulatory security standards & compliance frameworks (ISO27001, NIST, CIS, PCI-DSS, GDPR, OWASP, …);
• market leading certifications for Enterprise Architecture, such as TOGAF;
• market leading certification in IT Service Management, such as ITIL;
• understanding of new emerging cyber security concepts such as Zero Trust,  SASE, XDR, CASB and DevSecOps;
• experience in operating within both on-premise and cloud-based environments
• experience with large, international organisations and a good knowledge of their methods of work and practices.

3. MAIN ACCOUNTABILITIES

Project Management

Lead the development of Security Architecture products and artefacts within the OCIO by following the Office strategic goals and other guidance set by NATO senior governance committees, including North Atlantic Council (NAC) and Military Committee (MC) endorsed strategies, C3 Board endorsed NATO EA Policies, and agreed EA directives. Lead and coordinate internal and external Security Architecture resources, including NATO and industry teams.  Support the section projects plan according to the OCIO role(s) in project management processes used in the NATO Enterprise. Identify main decision-makers and other stakeholders relevant for the project success, participate and contribute to project management boards as required. Maintain control of project and program plans, identify and monitor project implementation risks, provide expertise and leadership in the resolution of exceptions and issues. Establish and maintain a network with key project leaders in the NATO Enterprise, with a specific focus on ICT and Cybersecurity projects.

Policy Development

Contribute to the development of policy, directive and guidance documents in the OCIO areas of responsibility. Develop strategic documents and advice to improve Enterprise Architecture policy related to key areas of the NATO Enterprise ICT, such as Cloud Computing, Artificial Intelligence, Data Analytics, edge computing, mobile devices integration and cybersecurity.

Expertise Development

Support the Section Head in managing the definition, formalization, implementation and monitoring of an ICT services strategy through the definition of Security Architecture artefacts. Support the NATO CIO coherence role, through an oversight of the NATO Security Architecture, in close coordination with all relevant NATO civil and military bodies. Provide Security Architecture advice and guidance to the Section Head, NATO Nations, NATO civil and military bodies and partner nations and international organizations. Develop point papers and other deliverables in support of the Section Head role for Enterprise Architecture making. Develop OCIO knowledge and practices in the field of Enterprise Architectures, acting as a key reference for the IT Security domain in the NATO Enterprise. Keep abreast with the latest technology developments in their area of responsibilities and provide appropriate advice.

Stakeholder Management

Engage and coordinate with all relevant NATO Enterprise stakeholders, ensuring a broad collaboration during the development of policies, directives, guidance, implementation plans, standards and best practices. Closely coordinate with staff working on the IT security and cybersecurity issues across the NATO enterprise. Engage with Industry and Academia in the post’s domain of expertise, as required. Develop close cooperation and working relationships with stakeholders, including the C3B, the Agencies Supervisory Boards, the Military Committee, the Resource Planning and Policy Board, and other relevant senior policy committees and boards, in accordance with the evolution of the OCIO responsibilities and available resources. Represent and speak on behalf of the Section Head in committees, panels or working groups industry and academia on matters pertaining to the post’s domain of expertise. Act as the focal point on those matters.

Knowledge Management

Assess the Security Architecture programs in place in NATO nations, NATO civil and military bodies, and non-NATO nations / international organizations, in order to provide support and recommendations, becoming a point of reference for the NATO Enterprise IT Security architectural approach. Draft background briefs, progress reports, prepare presentations, and other items for high-level meetings.

Planning and Execution

Determine input to the EAS work plans and manage the implementation of the section tasks to achieve section objectives.

Financial Management

Provide inputs to the OCIO budget / Programme of Work. Maintain an overview of assigned budgets, their execution and reporting.

Perform any other related duty as assigned.

4. INTERRELATIONSHIPS

The incumbent reports to the Head, Enterprise Architecture. They work in close cooperation with the OCIO members of staff as well with experts of the various NATO Entities, Industry and Academia. 

Direct reports: N/A

Indirect reports: N/A

5. COMPETENCIES

The incumbent must demonstrate:

• Analytical Thinking: Sees multiple relationships;
• Flexibility: Adapts to unforeseen situations;
• Impact and Influence: Takes multiple actions to persuade;
• Initiative: Is decisive in a time-sensitive situation;
• Organizational Awareness: Understands organisational climate and culture;
• Teamwork: Cooperates.