Cybersecurity Risk & Compliance Engineer

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role ID – 2025-0235

Role Background

NCIA requires the provision of CIS Security Accreditation Engineer services for all the activities as defined in the following sections. For the 2025 Base Services, activities will be conducted within and in support of an ongoing NHQ Accreditation project.

NCIA – Coherence Branch

Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost-effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.

The Coherence (COH) supports the Agency’s Demand Management (DM) organization, and is responsible for liaison with all customers in the CSU’s AoR and supports the Commander CSU in the role as NCIA representative and provides a single entry point for customers. Service Management Branch (SMB) contributes and/or conducts monitoring and measurement of customer satisfaction. SMB supports the management of all agreements

concerning Service Provision, Operations and Exercises within the CSU AoR. SMB supports Service Lines in the implementation and improvement of service management processes.

NCIA – Service Design and CIS Security

Service Design and CIS Security (SDCS) team consists of subject matter experts mainly providing security compliance, risk assessment, risk management and security architecture services.

Role Duties and Responsibilities

CIS Security Services

• Collaborate with internal and external auditors to understand security audit results and identify critical vulnerabilities.
• Develop comprehensive remediation strategies, including timelines, resource allocation, and responsible parties.
• Prioritize remediation efforts based on risk assessments and business impact.
• Coordinate with IT, security, and business units to ensure alignment and efficient execution of remediation activities.
• Monitor the status of remediation efforts, providing regular updates to senior management and stakeholders.
• Ensure that remediation activities are completed within the established timelines and meet quality standards.
• Maintain detailed records of remediation activities and outcomes.
• Ensure that all remediation activities align with relevant security frameworks and regulatory requirements.
• Support the development and implementation of IT risk management strategies.
• Review and evaluate organization’s CIS security policies and procedures to ensure they align with organizational goals and compliance requirements.

Continuous Improvement:

• Identify areas for improvement in documentation and processes.
• Proactively identify potential vulnerabilities and coordinate preventive measures.
• Contribute to the knowledge base for SDCS team.
• Ensure information is accurate and up-to-date.

Collaboration with IT Teams:

• Work closely with other CSU Brussels IT teams and other NHQ/NCIA/Enterprise stakeholders to ensure CIS security compliance,
• Collaborate on projects and initiatives,
• Participate in CIS forums and discussions.

Essential Skills, Experience and Certifications

• Bachelor’s or Master’s Degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field.
• Minimum of 5 years of experience in information security, risk management, or IT audit roles.
• Experience and knowledge in cyber security frameworks.
• Experience and knowledge in cybersecurity audit reports analysis.
• In-depth understanding of cybersecurity technologies and tools.
• Strong ability to communicate complex security issues to both technical and non-technical audiences.
• Proficiency in managing and coordinating, demonstrating skills in team building and guidance.
• Preparing and delivering presentations to stakeholders in different forums.
• Ability to engage with technical teams, comprehend challenges, and provide informed guidance.
• Skilled in planning, executing, and overseeing technical CIS activities.
• Experience and knowledge in level of effort estimation to remediate the findings of an audit.
• Experience and knowledge in coordinating remediation and/or mitigation activities.
• Experience and knowledge on drafting remediation plans and maintaining them.
• Strong analytical skills to assess technical issues, identify root causes, and implement effective solutions.
• General experience on complex enterprise networks with multiple stakeholders and a diverse user community.
• General experience in all lifecycle aspects of Communication Information Systems (CIS) aimed at achieving effective system development and deployment.
• Sound technical knowledge on wide area networks and local area networks.
• Experience in developing technical policy level documents; in CIS and in services management.

Desirable Skills, Experience and Certifications

• Previous work experience in international organizations, such as NATO, or specialized Defence Industry,
• Knowledge of NATO CIS Security Policy, Directive and Guidance, Knowledge of NATO CIS Security Accreditation Process,
• ITIL Certification,
• Project Management certification.

Working Location

• Brussels, Belgium

Working Policy

• Hybrid (There is a possibility to work 1 day per week teleworking from Belgium.)

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.