Officer, Incident Management (2 posts)

Through this competition, NATO IS is aiming to Recruit for 2 positions: 

• Officer, Incident Management (G17)(OCIOxxxx) - Pending budget approval
• Officer, Incident Management (G17)(OCIO0013)

1.     SUMMARY 

The NATO Chief Information Officer (CIO) function brings Information and Communications Technology (ICT) coherence across NATO Enterprise’s civil and military bodies. The NATO CIO is empowered to realize the Allies’ vision for the NATO Enterprise is accountable to the Secretary General and is responsible for the development of Enterprise directives and advice on the acquisition and use of information technologies and services. The NATO CIO provides Enterprise oversight on cybersecurity issues, and, in close coordination with all relevant NATO civil and military bodies, works towards the continual improvement of the cyber hygiene and cybersecurity posture in the NATO Enterprise.

The Office of the NATO CIO (OCIO) is an integrated staff organization comprised of International Staff (IS) and International Military Staff (IMS) members.

The Enterprise Security Branch (ESec) maintains Enterprise oversight on cybersecurity and enables awareness on specific risks, processes and incidents. It supports the NATO CIO in managing cybersecurity risks and incidents at Enterprise level, advises and supports the decision-making process for identifying the Enterprise risk appetite and risk acceptance for CIS Security. The Branch executes functions deriving from the NATO CIO Enterprise risk owner and top-level incident manager roles for cybersecurity, coordinating incident response, business impact analysis, risk mitigation, mid- to long- term mitigation measures and lessons-identified definition. The Branch also maintains relations with key Enterprise military and civilian stakeholders at strategic, operational, tactical and technical levels.

The Security Processes Section (SPS) is responsible for ensuring correct support and representation in its role of Enterprise incident manager in front of multiple NATO relevant cyberspace stakeholders. The section is also responsible to provide liaison to network security, threats analysis and advanced technical operations in support of the defence of NATO-as-Enterprise Networks, services and capabilities.

The incumbent works within the Security Processes section and supports the coordination of the NATO Enterprise cyber incident management and response activities involving NATO enterprise CIS and services, in accordance with NATO’s Cyber Incident Response Plan (CIRP). The incumbent supports the update and maintenance of the Enterprise Incident Management framework and related processes.

2.    QUALIFICATIONS AND EXPERIENCE

ESSENTIAL

The incumbent must:

• hold a university degree, or an equivalent level of qualification, preferably in a cyber security related discipline;
• have at least 3 years of experience in cybersecurity, ideally in incident management and preferably in large civilian and/or international organization(s);
• demonstrate experience in the generation, provision and long-term assessment of cybersecurity recommendations and guidance originating from incidents happening in and through cyberspace;
• have knowledge and experience in coordinating multiple stakeholders’ responses to cyber incidents in large, decentralized and multi-cultural organizations;
• have a good knowledge and experience in the cybersecurity domain and specifically in incident response processes;
• have working knowledge of network and infrastructure security principles, along with best practices for implementing protective measures, monitoring and logging;
• have experience in leading staff work on large and complex projects and to coordinate multiple stakeholders in different and separate locations;
• have a good knowledge of the principles, policy and procedures governing cyber defence;
• have the ability to draft clear and concise reports, produce and maintain security and risks logs and databases in support of security activities;
• be flexible and willing to work outside of normal office hours, during incident management activities, and travel when required; 
• possess the following minimum levels of NATO’s official languages (English/French): V (“Advanced”) in one; I (“Beginner”) in the other.

DESIRABLE

The following are considered an advantage:

• cybersecurity certifications such as CISSP, CCSP, CISM or equivalent post-graduate degree in cybersecurity; 
• experience with NATO’s cybersecurity environment, specifically in the CIS security field and related functions;
• understanding of the NATO organisation, its security policy and supporting directives.

3.    MAIN ACCOUNTABILITIES

Policy Development

Contribute to the development of policy, directive and guidance documents in the OCIO areas of responsibility as per the incumbent’s area of expertise. Provide advice to the Section Head on NATO enterprise incident management processes and procedures. Provide incident management advice and guidance to NATO Nations, NATO civil and military bodies and partner nations and international organizations. Develop high-level strategic documents and advice to improve enterprise incident management processes and procedures.

Expertise Development

Maintain and update an Enterprise-wide incident management framework to support the role of CIO as single point of authority for the Enterprise CIS. Based on the latest Security assessments and developments in cybersecurity threats, propose changes and improvements to the Framework, gathering ideas and lessons learned from other NATO experts across the Enterprise. Identify, develop and test new capabilities in support of Enterprise cyber incident management. Keep abreast with the latest technology developments in the incumbent’s area of responsibilities and provide appropriate advice. Propose updates and improvements based on lessons identified from real life experience and from exercises.

Project Management

Support the definition of the section projects plan according to the OCIO role(s) in project management processes used in the NATO Enterprise. Identify main decision-makers and other stakeholders relevant for the project success, participate and contribute to project management boards as required. Maintain full understanding of project and program plans, identify and monitor project implementation risks, provide expertise and leadership in the resolution of exceptions and issues. Establish and maintain a network of relations with key project leaders in the NATO Enterprise, with a specific focus on ICT and Cybersecurity projects.

Planning and Execution

Coordinate and assess incident response activities involving Enterprise CIS and their effectiveness under pressure. Coordinate and develop mitigation and remediation actions in coordination with other members of the Risk Management Section in order to assure a coherent response Enterprise-wide to perceived threats and identified incidents.

Stakeholder Management

Establish and maintain a network of relations with key experts in the NATO Enterprise, with a specific focus on Enterprise-wide incident management. Develop close cooperation and working relationships with the NATO Operational community on the lifecycle of Enterprise security processes and practices, with a focus on incident management. Represent the Section at NATO and in various international settings, including in dialogues with government, civilian and military national representatives and giving presentations at conferences and seminars. 

Knowledge Management

Draft background briefs, progress reports, prepare presentations, and other items for high-level meetings. Contribute to the information sharing with relevant NATO bodies and stakeholders (e.g. NATO Cyber Risk management Group (CRMG), the NATO Board of CISOA (BCISOA)) that contribute and support cyber incident management activities. On the basis of briefings, discussions and investigations, provide advice on evolving security programmes in NATO nations, NATO civilian and military bodies, and non-NATO entities.

Financial Management

Manage a predetermined budget for assigned projects.

4.    INTERRELATIONSHIPS

The incumbent reports to the Head, Security Processes Section. The incumbent works in close cooperation with the OCIO members of staff, NATO Communications and Information Agency (NCIA), the Joint Intelligence and Security Division (JISD) the Cyberspace Operations Centre (CyOC), the NATO Cyber Risk Management Group (CRMG) and the NATO Board of CIS Operational Authorities (BCISOA) as well with experts of the various NATO Entities.

Direct reports: N/A

Indirect reports: N/A

5.    COMPETENCIES

The incumbent must demonstrate:

• Analytical Thinking: Sees multiple relationships;
• Flexibility: Adapts to unforeseen situations;
• Impact and Influence: Takes multiple actions to persuade;
• Initiative: Is decisive in a time-sensitive situation;
• Organizational Awareness: Understands organisational climate and culture;
• Teamwork: Cooperates.