Head, Cyber Threat Assessment Branch

1.         SUMMARY

The Joint Intelligence and Security Division (JISD), under the leadership of the Assistant Secretary General for Intelligence and Security (ASG I&S), comprises two principal pillars: Intelligence – headed by the Deputy ASG for Intelligence; and the NATO Office of Security (NOS) – headed by the Deputy ASG for Security.

Intelligence is responsible for ensuring the situational awareness of the North Atlantic Council and the Military Committee, for the analysis of the indications and warnings in support of the NATO Crisis Response System and for the development of intelligence policies and capabilities for NATO. Its functional areas address: intelligence analysis and production, intelligence policy and capability development.

The joint civilian and military Intelligence Production Unit (IPU) delivers strategic intelligence-based analysis to support North Atlantic Council (NAC) and Military Committee (MC) decision making on strategic issues of concern. The IPU produces a range of planned and tasked intelligence products on regional issues in Eurasia, Africa and the Middle East, and on transnational issues such as hybrid operations, terrorism, instability, weapons of mass destruction and energy security.

The Cyber Threat Analysis Branch (CTAB) is responsible for providing evidence- and intelligence-based assessments of the cyber threat landscape to empower NATO stakeholders to make risk-informed decisions. CTAB delivers strategic assessments on the cyber threats to NATO, but also provides situational awareness for NATO stakeholders. The multidisciplinary team combines all-source data with cutting edge technologies to support and enhance the Alliance leadership’s understanding on the nature of cyber competition and conflict. CTAB systematically identifies strategic patterns and trends in cyber space and generates tailored insights to support network defence and mission assurance with predictive analysis, cyber threat intelligence, and threat hunting.

The incumbent will oversee the work of the Cyber Threat Assessment Branch and guide the development of cyber assessments of interest to the Alliance. They will lead staff efforts to produce quality cyber threat analyses to meet the growing Allied demand, to better understand the cyber threat landscape and what it means for NATO.

They will be primarily responsible for:

• Providing threat related assessments;  
• Applying innovative thinking, performance analysis and modern computer engineering principles to solve complex technological problems;
• Supporting the development of improved data analytics capabilities for CTAB and the IPU;
• Collaborating with relevant stakeholders within NATO, Allies, Partners, and Industry;
• Advise IPU leadership on budgetary needs for CTAB;
• Chairing intelligence-driven working groups, including the annual NATO Cyber Threat Intelligence Conference;
• Maintaining a proficiency in current and emerging cyber threats and attacks, as well as security vulnerabilities.

2.         QUALIFICATIONS AND EXPERIENCE

ESSENTIAL

The incumbent must:

• possess a university degree, preferably in the field of cyber defence, information technology, political science, international security or other related studies;
• have at least 8 years related experience, out of which at least 5 years in the area of cyber defence operations or analysis and 2 years managerial experience in leading and mentoring a diverse team;
• have in-depth knowledge and experience related to the technical developments in the cyber threat landscape;
• have recent experience in activities that derive intelligence on cyber threats (capabilities and intent of cyber threat actors) and cyber vulnerabilities to assist in developing cyber situational awareness;
• be familiar with strategic issues and challenges facing the Alliance and NATO’s geopolitical environment;
• have held cyber defence responsibilities in a government of a NATO Nation or in an International Organisation such as EU, UN, OSCE or NATO;
• have extensive experience working for a national intelligence or security service;
• have excellent communication skills (both written and oral), and experience in preparing alerts and reports;
• possess the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other.

DESIRABLE

The following would be considered an advantage:

• experience with the nexus between technology and policy;
• experience in the field of data analytics, data science, or machine learning;
• experience synthesising qualitative and quantitative information from a large variety of sources, create original insight, and communicate in written, verbal and graphical forms. 

3.         MAIN ACCOUNTABILITIES 

People Management

Oversee the work of the Cyber Threat Analysis Branch and provide guidance and direction. Provide tasking and oversight for CTAB projects and ensure they are delivered within required deadlines. Promote transparency in decision-making, equal access to opportunities for all staff and an inclusive management culture. Ensure that all staff under their responsibility are clear on Organizational, Divisional and Directorate objectives. Collaborate with Executive Management on personnel matters. Provide regular and fair feedback on performance, informally as appropriate and via the Performance Review and Development (PRD) system. Participate in a collegial review of performance to discuss possible development and mobility opportunities for individuals, identify high potentials and help ensure common standards are applied in the process. Participate in recruitment procedures for vacant posts in the Division, in accordance with NATO guidelines and with the best interests of the Organization in mind.

Planning and Execution

Oversee production of all CTAB intelligence products based on monitoring and analysing cyber related information from all available sources and provide timely and relevant operational and strategic intelligence assessments. Coordinate production and cooperate with other NATO Intelligence Enterprise bodies. Determine input into short- and medium-term work plans and manage implementation of projects to achieve branch objectives. Propose to the Chain of Command production projects as necessary in response to changing developments and current events. Plan and develop processes and capabilities to systematically identify strategic patterns and trends in cyber space and generate tailored insights to support network defence and mission assurance with predictive analysis and cyber threat intelligence. Find opportunities to automate and innovate NATO’s cyber threat intelligence capability. 

Stakeholder Management

Establish and maintain close working relations with contacts to security and intelligence services of Allied nations. Carry out appropriate liaison with other Allied entities, IS and IMS Divisions, and members of other NATO authorities. Establish and maintain relationships with industry partners and International Organisations (including the EU) to support the CTAB mission. Provide support to the North Atlantic Council (NAC), the Military Committee and other relevant customers by providing sound cyber threat analysis in briefings, assessments and other appropriate analytical products.

Serve as a key interlocutor for the NATO cyber community. Represent IPU/JISD at meetings, conferences, and seminars as required. Represent the IPU at a senior level with both internal and external stakeholders when directed by the Director IPU or JISD leadership.

Organisational Efficiencies

Review and prepare presentations, speaking notes, background briefs, and other forms of intelligence production; report on challenges or questions with which the IPU is concerned. Facilitate information-sharing, with proper information handling procedures, with a view to transferring knowledge across CTAB, the IPU, and with key cyber interlocutors.  Contribute to NATO representation by developing and communicating information supportive of NATO’s interests. 

Project Management

Support the development and presentation of technical and operational cyber defence requirements for NATO-wide capabilities and projects that have a direct impact on CTAB or the IPU. Manage projects and/or programmes as directed by the IPU Director. Assist in the management of cyber intelligence capability initiatives and any resulting actions.

Act as Chairperson of cyber threat intelligence workshops and conferences as required and appropriate. Brief and lecture groups, represent the Alliance at conferences, workshops or seminars as directed. Conduct and lead bilateral meetings on cyber threats with national intelligence counterparts.

Financial Management

Determine and verify the correct use of assigned financial resources, and advise the JISD Chain of Command on appropriate annual funding. Take responsibility of the budget related to CTAB’s capability development.

Perform any other related duty as assigned.

4.         INTERRELATIONSHIPS

The incumbent reports to the Director, IPU. They will work in close coordination with other Sections within the Division, as well as with other Divisions in the International Staff, with the NATO Military Authorities, with national Delegations as well as Alliance capitals, and other NATO Agencies. They will also maintain good working relations in their field of competence with industry, partner countries and relevant International Organisations on cyber defence related matters.

Direct reports: 7

Indirect reports: N/a.

5.         COMPETENCIES

The incumbent must demonstrate:

• Achievement: Creates own measures of excellence and improves performance;
• Change Leadership: Personally leads change;
• Clarity and accuracy: Monitors data or projects;
• Conceptual thinking: Applies learned concepts;
• Flexibility: Adapts own strategy;
• Impact and Influence: Takes multiple actions to persuade;
• Initiative: Plans and acts up to a year ahead;
• Leadership: Promotes team effectiveness;
• Organisational Awareness: Understands organisational Climate and culture;
• Self-Control: Responds calmly.