OCIO-0048 Enterprise Cybersecurity Incident Coordinator (NS) – MON 2 Dec

Job title:

OCIO-0048 Enterprise Cybersecurity Incident Coordinator (NS) – MON 2 Dec

Company:

EMW

Job description

Deadline Date: Monday 02 December 2024Requirement Title: Enterprise Cybersecurity Incident CoordinatorLocation: Brussels, BelgiumFull time on-site: YesTotal Scope of the request (hours): 1824Required Start Date: 02 January 2025End Contract Date: 31 December 2025Required Security Clearance: NATO Secret1. INTRODUCTIONThe NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise, is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services. The NATO CIO provides Enterprise oversight on cybersecurity issues, and, in close coordination with all relevant NATO civil and military bodies, works towards the continual improvement of the cyber hygiene and cybersecurity posture in the NATO Enterprise.The Office of the NATO CIO (OCIO) is an integrated staff organization comprised of International Staff (IS) and International Military Staff (IMS) members.The OCIO supports the planning, coordination and execution of Defensive Cyberspace Operations (DCO) in NATO networks, as one of the leading members of the DCO Planning and Coordination Cell (DPCC).The Contractor will work on the coordination of the responses to cybersecurity incidents involving Enterprise CIS and services, performed by the Office of the Chief Information Officer (OCIO). The Contractor will execute follow-on activities through engagement with several NATO stakeholders, such as the NATO technical authorities, risk management authorities, and other relevant NATO entities across the Enterprise, including NATO risk managers, CIS Providers (CISPs), the NATO Cyber Threat Assessment Branch (CTAB) and the NATO Cyberspace Operations Centre (CyOC). The Contractor will also be responsible for further development, maintenance and update of the Enterprise Cyber Incident Management framework and supporting processes.2. TASKSThe contractor must be able to perform effectively and efficiently with minimal supervision the following tasks:

• Ensure readiness and response

• Support the Enterprise Cyber Incident Manager (ECIM) in triage, coordination and response efforts;
• Identify, develop and coordinate mitigation and remediation actions, in order to ensure a coherent response, Enterprise-wide, to identified cyber events and incidents of interest;
• Liaise with a wide range of NATO Enterprise stakeholders to ensure accurate information sharing and mitigation actions are communicated in a timely manner.
• Reporting

• Prepare and conduct (as required) Cyber Incident Task Force (CITF) meetings; track progress on lines of effort and escalate issues to ECIM when required;
• Administrative support to the planning, conduct and reporting of CITFs and Incident Coordination and Decision-Making Groups (ICDMGs);
• Prepare internal communication products on NATO Enterprise cyber incidents, including records of meetings and cyber incident reports for senior leadership.
• Evolve Enterprise Cyber Incident Management

• Support ECIM in the development and implementation of the Enterprise cyber incident management Directive and Framework;
• Support the annual update of the Cyber Incident Response Plan (CIRP) and develop its supporting annexes and handbooks;
• Support the preparation, conduct and evaluation of the annual OCIO-led Exercise Enterprise Pathfinder (ENPAF), a key exercise for the Enterprise to ensure readiness to handle cyber security incidents;
• Support that the lessons identified of previous ENPAF iterations and CITFs become learned in the Enterprise cyber incident management process;
• Support ECIM in the preparation and participation in other cyber-related exercises.

3. LOCATION OF DUTYThe work will be executed primarily on site at the NATO HQ offices in Brussels, Belgium. Frequent travels or short deployments to NATO Command Structure bodies would be required. Due to the nature of the work, minimal teleworking can be foreseen.4. TIMELINESThe services of the contractor are required for the period starting 2nd January 2025 until 31st December 2025. A contract extension is possible for the calendar years 2026 and 2027. These contract extensions are subject to performance of the contractor and related NATO regulations and budget availability.5. SPECIFIC WORKING CONDITIONSSecure environment with standard working hours. Occasional non-standard hours may be required in support of the NATO Chief Information Officer urgent tasks.6. TRAVELOccasional business travel may be required. Travel expenses to be reimbursed by NATO based on the NATO per diem rate, in addition to the hourly rate.Requirements

• NATO Scret security clearance
• A degree from a university or establishment of similar standing;
• At least 3 years of experience in cybersecurity incident management and response, preferably in a large organization;
• Experience in cyber incident management exercise planning processes and scenarios;
• Experience in the development of processes and cybersecurity incident response plans, preferably in a large organization;
• Experience in the provision of cybersecurity advice and guidance following incidents happening in and through cyberspace;
• Knowledge and experience coordinating with multiple stakeholders during the response activities to cybersecurity related incidents in large, geographically sparse organizations;
• An excellent knowledge and experience with cybersecurity incident response best practices;
• A good knowledge of the principles, policy and procedures governing cybersecurity, preferably in military and/or defence organizations;
• The ability to draft clear and concise reports, produce and maintain cybersecurity incident reports, security and risks logs and systems in support of cybersecurity incident response activities;

Desirable:

• Cyber security certifications such as CISSP, CISM or equivalent post-graduate degree in cybersecurity;
• Experience within NATO in leading cyber incident response activities;
• Experience in incident management tools;
• Knowledge of the NATO organization, its security policy and supporting directives.

Expected salary

Location

Bruxelles

Job date

Wed, 20 Nov 2024 23:09:22 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesineu.com) you saw this job posting.