North Atlantic Treaty Organization (NATO)

Staff Officer (Enterprise Security)

North Atlantic Treaty Organization (NATO)

Job Description

  1.           SUMMARY The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across the NATO Enterprise’s 41 civil and military bodies and more than 25,000 users.  The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise, is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services considering the implications of independent initiatives on the Enterprise. The NATO CIO Office is an integrated staff organization comprising members of the International Staff (IS) and the International Military Staff (IMS). The CIO Office is administratively linked to the Defence Investment (DI) Division, this may change in accordance with the evolution of the responsibilities and structure of the CIO Office. The Enterprise Security Branch maintains Enterprise oversight on cyber security, enables cyber awareness, and continually improves the NATO Enterprise’s cyber hygiene and cyber defence in close coordination with all relevant NATO civil and military bodies. In particular, the branch supports the NATO CIO to perform the Communications and Information Systems Operational Authority (CISOA) role for the NATO Enterprise.   The branch maintains the Enterprise Risk Register (addressing Enterprise residual risks) and coordinates its activity with all local CISOAs and security accreditation authorities (SAA) across the enterprise. The branch engages with the NATO cyber and security communities and supports the NATO PKI Management Authority activities (NPMA). S/he supports the NATO CIO’s CISOA role for the NATO Enterprise, through the development of advice and by maintaining awareness on the NATO Enterprise cyber issues. S/he maintains the Enterprise Risk Register and liaises with the local CISOAs and the appropriate entities at governance and management level. 2.            QUALIFICATIONS AND EXPERIENCE ESSENTIAL S/he must have:
  • A university degree or equivalent qualification from an institute of recognised standing; in information and communitions technology or cyber security related discipline;

  • 5 years of experience in a large organisation in a cyber security role;

  • A thorough understanding of cyber security in the international environment, of commercial and civilian standards, and of best practices;

  • Detailed knowledge of and working experience in  security and network technologies, such as IPv6, firewalls, virtual private networks, intrusion detection and forensic appliances;

  • Experience of conducting security risk assessments;

  • Experience in the use and/or implementation  of security tools and the interpretation of raw data related to security ;

  • Experience in dealing with security incidents, interpretation of CIS security auditing tool results;

  • Experience in ICT projects and programmes management, including security aspects;

  • Excellent written skills, in particular the ability to present complex CIS security issues in simple terms in order to facilitate consensus and decision-making; and

  • The following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; II (“Elementary”) in the other.

DESIRABLE The following would be considered an advantage:
  • Experience with systems security, security architectures, network security engineering, security governance and risk management;

  • Experience within international organisations and a good knowledge of their methods of work and practices with regards to their CIS security;

  • Experience in using security risk assessments tools (e.g. PILAR, EBIOS); and

  • Detailed knowledge of NATO responsibilities and organisations in the field of CIS security.

3.            MAIN ACCOUNTABILITIES Policy Development Contribute to the development of policy documents , in particular to support the NATO CIO’s CISOA role for the NATO Enterprise.Plan and coordinate the development of security architectures for the NATO Enterprise CIS. In close coordination with the local CIS Operational Authorities and SAA, review and agree the Security Risk Management processes at NATO Enterprise level and determine if and how they will affect daily operations Ensure that Enterprise-level Service Level Agreements (SLA), or similar mechanisms, established with the providers of ICT and CIS services (CISP) include the requirements for implementation, operation, monitoring and change management of security measures. Identify the Enterprise-wide requirements for Business Continuity and ensure they are translated into appropriate directives for the NATO Enterprise bodies. Expertise Development Conduct Analysis and provide advice in the field of Enterprise-wide CIS Security. Advise the NATO CIO on NATO Enterprise residual security risk acceptance.Advise the NATO CIO on implementing a cyber hygiene in and improving the cyber posture of the NATO Enterprise CIS. Conduct security risk assessments, as part of security risk management, jointly with CISP and SAA or other designated NATO authority, for the NATO Enterprise CIS. In close cooperation with local CISOAs conduct the operational evaluation of the NATO Enterprise CIS and validating/authorizing the CIS for operational use. Advise on the security interoperability and integration of new capabilities and services in the existing NATO Enterprise infrastructure. Provide staff support to NATO committees, in particular the Cyber Defence Committee, Security Committee and C3 Board. Stakeholder Management Reach out and coordinate as necessary with all relevant NATO Enterprise stakeholders, ensuring the collaborative development of policy material. Coordinate with the NATO Office of Security, the local CISOAs, the SAA and other security experts across the NATO Enterprise for the development of the security risk assessment for the NATO Enterprise capabilities and services. Ensure consistency in handling residual security risks across the NATO Enterprise. Support the NATO CIO to chair a board of Enterprise CIS Operational Authorities, enhancing coordination across the Enterprise. As required, engage with industry and academia in the post’s domain of expertise. Representation of the Organization Represent and speak on behalf of the CIO Office in committees, panels, working groups, industry and academia on matters pertaining to the post’s domain of expertise. Develop and communicate information  supportive of CIO’s vision and act as the focal point on those matters. Project Management Produce the necessary plans for the delivery of staff products in support of CIO Office efforts. Determine the direction of the CIO projects, such as the establishement of an enterprise-wide risk assessment and risk management mechanisms…and act as a project manager as required. Information Management Maintain the Enterprise Security Risk Register and a plan to manage the Enterprise residual risks. Maintain awareness, in conjunction with the SAA and the CISP, of breaches or suspected breaches of security, which may have a major impact on the NATO Enterprise CIS and participate in the investigation based on the severity, spread and nature of the incident. Perform any other related duty as assigned. 4.            INTERRELATIONSHIPS S/he reports to the NATO CIO and works in close cooperation with the NATO Office of Security, the local CISOAs, the Security Accreditation Authorities and other relevant security experts. S/he works with other directorates in DI and other branches of the NATO HQ C3 Staff as well as the International Military Staff (IMS). S/he is required to maintain close liaison with the NATO Enterprise bodies and National Representatives as appropriate. Direct reports: N/A. Indirect reports: N/A. 5.            COMPETENCIES S/he must demonstrate:
  • Analytical Thinking: Makes complex plans or analyses;

  • Clarity and Accuracy: Checks own work;

  • Conceptual Thinking: Applies learned concepts;

  • Customer Service Orientation: Takes personal responsibility for correcting problems;

  • Impact and Influence: Takes multiple actions to persuade;

  • Initiative: Is decisive in a time-sensitive situation;

  • Organizational Awareness: Understands organizational climate and culture; and

  • Teamwork: Solicits inputs and encourages others.

6.            CONTRACT Contract to be offered to the successful applicant (if non-seconded): Definite duration contract of three years; possibility of renewal for up to three years, during which the incumbent may apply for conversion to an indefinite duration contract. Contract clause applicable: In accordance with the contract policy, this is a post in which turnover is desirable for political reasons in order to be able to accommodate the Organisation's need to carry out its tasks as mandated by the Nations in a changing environment, for example by maintaining the flexibility necessary to shape the Organisation's skills profile, and to ensure appropriate international diversity. The maximum period of service foreseen in this post is 6 years. The successful applicant will be offered a 3-year definite duration contract, which may be renewed for a further period of up to 3 years. However, according to the procedure described in the contract policy the incumbent may apply for conversion to an indefinite contract during the period of renewal and no later than one year before the end of contract. If the successful applicant is seconded from the national Administration of one of NATO’s member States, a 3-year definite duration contract will be offered, which may be renewed for a further period of up to 3 years subject also to the agreement of the national authority concerned. The maximum period of service in the post as a seconded staff member is six years. Serving staff will be offered a contract in accordance with the NATO Civilian Personnel Régulations. 7.            RECRUITMENT PROCESS Please note that we can only accept applications from nationals of NATO member countries. Applications must be submitted using e-recruitment system, as applicable:
  • For NATO civilian staff members only: please apply via the internal recruitment portal (for more information, please contact your local Civilian HR Manager);

  • For all other applications:

Please note that at the time of the interviews, candidates will be asked to provide evidence of their education and professional experience as relevant for this vacancy. Appointment will be subject to receipt of a Security Clearance (provided by the national Authorities of the selected candidate) and approval of the candidate’s medical file by the NATO Medical Adviser. More information about the recruitment process and conditions of employment, can be found at our website ( 8.            ADDITIONAL INFORMATION: NATO is committed to diversity and inclusion, and strives to provide equal access to employment, advancement and retention, independent of gender, age, nationality, ethnic origin, religion or belief, cultural background, sexual orientation, and disability. NATO welcomes applications of nationals from all member Nations, and strongly encourages women to apply Building Integrity is a key element of NATO’s core tasks. As an employer, NATO values commitment to the principles of integrity, transparency and accountability in accordance with international norms and practices established for the defence and related security sector. Selected candidates are expected to be role models of integrity, and to promote good governance through ongoing efforts in their work. Due to the broad interest in NATO and the large number of potential candidates, telephone or e-mail enquiries cannot be dealt with. Applicants who are not successful in this competition may be offered an appointment to another post of a similar nature, albeit at the same or a lower grade, provided they meet the necessary requirements. The nature of this position may require the staff member at times to be called upon to travel for work and/or to work outside normal office hours. The organization offers several work-life policies including Teleworking and Flexible Working arrangements (Flexitime) subject to business requirements. Please note that the International Staff at Nato Headquarters in Brussels, Belgium is a non-smoking environment. *Salary value as per 2020. Subject to future adjustments in accordance with North Atlantic Council decision.
Apply Now