Security Accreditation Manager

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO’s member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO’s communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO’s military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO’s mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO’s information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO’s communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise’s: NATO International Civilians (NIC)’s, Military (Mil), and Interim Workforce Consultants (IWC)’s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – 2025-0221

Role Background

REACH refers to the mobile workspace services including the NR client devices, underlying infrastructure, LAN and service desk services. To support NATO Cyber Security Centre (NCSC) for the execution of tasks identified in the Statement of Work (SoW), the NCIA is looking for a subject matter expertise in the delivery of complex, foundational and novel accreditation support capability. This contract is to provide consistent support to NCSC with a deliverable-based (completion-type) contract contributing to the deliverables that are described in the scope of the work below.

Role Duties and Responsibilities

General

• Support Communication Information Systems (CIS) Security assurance of all REACH services,
• Contribute to the enforcement of NATO Policy, Agency Directives and Standard Operating Procedures (SOPs),
• Liaise with all stakeholders to provide operational CIS security support to all REACH services,
• Provide subject matter expert knowledge to assist REACH accreditation process,
• Support information security processes for REACH CIS within the Agency, both for internal operations and for Agency’s customer-funded networks,
• Contribute to the resolution of security requirement conflicts and collaborate with Project Managers (PM), Service Delivery Managers (SDM) and engineers to appropriately convert customer requirements into secure services,
• Coordinate with systems administrators in support of security architecture requirements,
• Identify cyber security-related Key Performance Indicators (KPI) and generate reports to ensure full visibility of all REACH CIS,
• In coordination with NCSC Accreditation Support Office, support all phases of security accreditation processes required to maintain operation status.

Information Security

• Communicate security risks and issues to business managers and others.
• Perform basic risk assessments for large scale enterprise information systems.
• Contribute to the identification of risks that arise from potential technical solution architectures.
• Suggest alternate solutions or countermeasures to mitigate risks.
• Support investigation of suspected attacks and security breaches.

Information Assurance

• Follow standard approaches for the technical assessment of information systems against information assurance policies and business objectives.
• Recognize decisions that are beyond their scope and responsibility level and escalates accordingly.
• Review and performs risk assessments and risk treatment plans.
• Identify typical risk indicators and explains prevention measures.

Vulnerability Management

• Execute Vulnerability Management duties, based on the Security findings reported from the assessment campaigns. This includes:
• Validating the severity of discovered vulnerabilities;
• Contextualizing the vulnerabilities in the light of NATO policies and best practices;
• Determining possible remediation and mitigation measures;
• Defining / Assigning priorities;
• Contacting and liaising with relevant system owners and proposing a remediation plan;
• Track and trace all remediation actions and report to the relevant stakeholders;
• Collect and consolidate the vulnerabilities discovered with the assessment services.
• Support NCIA CIS Support Units and other NATO entities and customers in the process of
• vulnerability remediation.
• Compile draft, review, develop, and provide input on all relevant aspects relating to
• vulnerability management and mitigation process in NATO CIS.
• Brief at both executive and technical levels on Vulnerability Management reports and
• mitigations status, including at flag officer level.

Specialist Advice

• Provide security consultancy and advice to projects, plans and teams.

Essential Skills, Experience and Certifications

• Several years of experience (at least two years) with system security, security architecture, network security engineering, and security governance including policy alignment, risk management, performance management and value delivery,
• Minimum 5 years proven experience in CIS Security,
• Minimum 5 years proven experience in modern CIS secure deployment and configuration troubleshooting,
• Minimum 2 years of extensive experience in the contextual interpretation of Vulnerability Assessments results,
• Comprehensive understanding of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications acquired through a blend of academic or professional training coupled with practical professional experience,
• Proven minimum 5 years professional experience and knowledge in at least three of the following:
• Implementation and integration of Information Assurance protective measures,
• Security mechanisms and administration of LAN and WAN in the large enterprise environment,
• Private and public cloud security,
• Enterprise system administration experience of Windows Active Directory concepts and architecture.
• Enterprise system administration experience of VMWare vSphere environment and architecture, with emphasis on security concepts design and implementation.

Desirable Skills and Experience

• AWS Certified Cloud Practitioner, Certificate of Cloud Security Knowledge, or other cloud/cloud security certifications,
• ISSACA CISM, and/or ISC2 CISSP, CCSP Certification,
• Good knowledge of containerized micro services and applications, Kubernetes, Docker, etc.,
• Good knowledge of main public cloud ecosystems,
• Good knowledge and exposure to cloud standards, architecture, and models,
• Knowledge of industry standard DevSecOps tools and frameworks,
• Knowledge of cloud networking architecture, cloud operations, security, automation, and orchestration,
• Excellent knowledge of, and experience using, common security tools Tenable Nessus, NMAP, Tanium endpoint management, Microsoft Defender, Trelix ePO etc.,
• Knowledge of common MS and Linux updating and patching systems,
• Knowledge of common IT security frameworks and governance models,
• Knowledge of CVSS V2 and V3,
• Knowledge of NATO responsibilities and organization to include NATO Security Policy and supporting directives,
• Understanding of Cyber issues within NATO or NATO member nation environment,
• Prior experience of working in an international environment comprising both military and civilian elements; (please delete if not applicable),
• Knowledge of NATO responsibilities and organization, including ACO and ACT,
• Knowledge about risk management related to Artificial Intelligence tools and developments and its impact on cyber security.

Automation Skills

• Proficiency in automation to create workflows and automate repetitive processes with minimum 2 year experience,
• Ability to identify and implement automation opportunities to enhance efficiency.

Communication and Interpersonal Skills

• Excellent verbal and written communication skills,
• Full proficiency in English,
• Ability to communicate technical information to non-technical users in a clear and concise manner,
• Ability to communicate effectively orally, using tact and diplomacy, and in writing with effective briefing skills.

Customer Service Orientation

• Strong customer service focus with a commitment to user satisfaction,
• Patience and empathy when dealing with user issues and concerns.

Organizational Skills

• Ability to manage and to prioritize tasks effectively,
• Attention to detail in documenting support activities and maintaining accurate records.

Team Collaboration

• Ability to work effectively as part of a team and share knowledge and resources,
• Willingness to collaborate with colleagues to solve complex issues

Others

• The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure,
• The candidate must have the nationality of one of the NATO nations
• Experience in working with NATO,
• Experience of working with NATO Communications and Information Agency,
• Experience of working with national Defence or Government entities.

Education

• A minimum requirement of a bachelor’s degree at a nationally recognized/certified University in a related discipline and 2 years post-related experience.
• Or exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCIA, that is, at least 6 years extensive and progressive expertise in duties related to the function of the post.

Working Location

• Mons, Belgium

Working Policy

• On-site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn’t for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.