SC2023-003335 Security Risk Consultant (NS) - MON 18 Mar

NOTE: This is a relaunch of RFQ SC2023/003099.

Deadline Date: Monday 18 March 2024

Requirement: Security Risk Consultant

Location: The Hague, NL

Full Time On-Site: Yes

Time On-Site: 100%

Total Scope of the request (hours): 418

Required Start Date: 22 April 2024

End Contract Date: 31 December 2024

Required Security Clearance: NATO SECRET

Duties and Role:

The contractor will effectively and efficiently provide, with minimal supervision, the following services, with a special focus on cybersecurity risk management:

• Support the accreditation of NATO CIS by assessing potential cybersecurity risks following a risk management methodology. This includes the identification and assessment of risks for specific NATO CIS in close coordination with NATO accreditation stakeholders (including technical and security authorities).
• Measurement: To the NATO CIO satisfaction with the degree of support on security accreditation of identified NATO CIS and service and the identification, quantification and qualification of possible deficiencies and associated residual risks.
• Support the development of Security Risk Assessment documentation (SRA) in support of NATO CIS accreditation activities, in coordination with the NATO Technical and Security Authorities (e.g. NCIA, SAAs, NSAB).
• Measurement: To the NATO CIO satisfaction with the degree of support in the development of security risks assessment documentation in line with the NATO provided directions and guidance.
• Support the development of mitigation and remediation plans following the identification and assessment of cybersecurity risks for NATO CIS, specifically assessing the residual risks after the application of cybersecurity risk mitigation measures.
• Measurement: To the NATO CIO satisfaction with the degree of support in the qualifying and quantifying possible residual risks linked to the security posture of identified CIS and services before and after the application of risks mitigation measures.

Some in-country teleworking may be authorised in coordination with the Line Management. This requirement is foreseen to be extended into 2024 for the full year.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• The candidate must have knowledge and multiyear experience in organization, management and support of various (international) operations, activities, units and projects related to defence, security, electronics and communications, in the NATO environments.
• The candidate must have previous experience within NATO and/or Industry CIS Security accreditation methodologies and tools;
• The candidate must have previous experience within NATO and/or Industry Enterprise Risks assessment and Management methodologies and tools;
• The candidate must have previous experience in the assessment of risks and the development of risk mitigation plans and contingency measures
• The job requires knowledge of the NATO and Industry risk management frameworks
• The job requires experience with Risks assessment and Risk Management as applied to CIS Security and Cyber Security Fields.
• The candidate must have experience in leading staff work on large and complex projects and to coordinate multiple stakeholders in different and separate locations.
• The candidate must have excellent English writing skills and the ability to brief their work in English.

Desirable experience:

• Demonstrate interest and passion for Cyber Security and Network Security.
• Structured cable deployment, installation and documentation