2024-0199 Provision of CIS Security Officer Support (NS) - TUE 22 Oct
Brussels, Brussels, Belgium
Deadline Date: Tuesday 22 October 2024
Requirement: Provision of CIS Security Officer Support
Location: Brussels, BE
Full Time On-Site: Yes
Time On-Site: 100%
Not to Exceed: 2024 BASE: NTE 13,400 EUR (4 sprints, NTE/ sprint 3,350 EUR)
Number of sprints is calculated considering a starting date 25 NOV 2024. This will be adjusted based on actual starting date.
2025 – 2026 and 2027 Options: Up to a maximum of 48 sprints (price per sprint will be determined by applying the price adjustment formula as outlined in CO‐115786‐AAS+ Special Provisions article 6.5.)
Period of Performance: 2024 BASE: As soon as possible not later than 25th November 2024 (tentative) – 31st December 2024 with possibility to exercise the following options:
2025 Option: 1st January 2025 until 31st December 2025
2026 Option: 1st January 2026 until 31st December 2026
2027 Option: 1st January 2027 until 31st December 2027
Required Security Clearance: NATO SECRET
1 INTRODUCTION
This is a position within the NATO Communications and Information Agency (NCIA), an organization of the North Atlantic Treaty Organization (NATO).
NCI Agency – Coherence Branch
Within the Agency CIS Support Unit (CSU) Brussels provides consistent, reliable and cost‐effective ICT service delivery to all NATO customers located in the NATO compound in Brussels, including understanding and managing the interface with the Secretary General and Deputy Director General International Military Staff (DG IMS), through his/her delegated representatives ICTM/EXCO IMS, who act in the role of Intelligent Customer.
The Coherence (COH) supports the Agency’s Demand Management (DM) organization, and is responsible for liaison with all customers in the CSU’s AoR and supports the Commander CSU in the role as NCI Agency representative and provides a single entry point for customers. SMB contributes and/or conducts monitoring and measurement of customer satisfaction. SMB supports the management of all agreements concerning Service Provision, Operations and Exercises within the CSU AoR. SMB supports Service Lines in the implementation and improvement of service management processes.
NCI Agency – Service Design and CIS Security
Service Design and CIS Security (SDCS) team consists of subject matter experts mainly providing security compliance, risk assessment, risk management and security architecture services.
Under the direction of the Head, Service Design and CIS Security (SDCS) team, in CSU Brussels, the CIS Security Officer serves as the CSU Brussels senior CIS Security expert. The incumbent will support the identification, prioritization, and response to risk components, security audits, and compliance issues for CSU Brussels. He/she may represent CSU Brussels, as well as the interests of NATO HQ business customers (ICTM, NDS, and IMS) in discussion and definition of applicable NATO and Organization‐wide policies, procedures and guidance relating to information security and risk management and may develop and standardize applicable internal processes and procedures compliant with such documents. In addition, he/she will support security accreditation activities on NATO HQ LANs supported by CSU Brussels.
2 OBJECTIVES
The main objectives of this statement of work can be summarized as follows:
- Organize, coordinate and perform security compliance initiatives (e.g. Vulnerability Assessment, penetration testing, third party reviews);
- Support accreditation activities;
- Supports technical discussions from CIS security perspective related to new capabilities, reviews and assessments;
- Represent the team in meetings and provide briefings to a higher‐level audience.
3 SCOPE OF WORK
Under the direction / guidance of the CIS Security Manager, the CIS Security Officer will be supporting the following activities:
1) CIS security services
a) Apply NATO Policies and Guidelines for all aspects of CIS security and keep knowledge thereof up‐to‐date;
b) Develop, implement and execute Security Test and Verification activities (ST&V);
c) Support the development, traceability and versioning of security related documentation (CSRS, SSRS, SISRS, SecOPs, SRA, etc.);
d) Support the monitoring of the correct implementation of security measures within the Area of Responsibility;
e) Support control and compliance initiatives (e.g. Vulnerability Assessment, self‐assessment, third party reviews);
f) Support technical discussions from CIS security perspective related to new capabilities, reviews and assessments
g) Assist his/her superiors and recommends solutions;
h) Works on own initiative with limited supervision, and possibly leads others as required;
i) Deputizes for higher grade staff, if required;
j) Performs other duties as may be required.
2) Continuous Improvement:
a) Identify areas for improvement in documentation and processes.
b) Proactively identify potential vulnerabilities and coordinate preventive measures.
c) Contribute to the knowledge base for SDCS team.
d) Ensure information is accurate and up‐to‐date.
3) Collaboration with IT Teams:
a) Work closely with other CSU Brussels IT teams to ensure cohesive security strategies.
b) Collaborate on projects and initiatives.
c) Participate in IT forums and discussions.
The contractor will provide the service on‐site with a possibility of 1 day teleworking per week from Belgium. The contractor will provide services during NATO HQ working hours.
The measurement of execution for this service is sprints, with each sprint planned for a duration of 1 week.
4 DELIVERABLES AND PAYMENT MILESTONES
The following deliverables are expected from the service on this statement of work:
2024 BASE: 25 November 2024 to 31 December 2024:
Deliverable: Sprints of Provision of CIS Security Officer Support
Cost Ceiling: 4 X 3,350 EUR = 13,400 EUR
Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor
Number of sprints is calculated considering a starting date 25 NOV 2024. This will be adjusted based on actual starting date.
Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2024, at a later time, within the same scope and cost.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority
2025 OPTION: 01 January 2025 to 31 December 2025:
Deliverable: 48 sprints of Provision of CIS Security Officer Support
Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.
Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor
Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2025, at a later time, within the same scope and cost.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority
2026 OPTION: 01 January 2026 to 31 December 2026:
Deliverable: 48 sprints of Provision of CIS Security Officer Support
Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.
Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor
Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2025, at a later time, within the same scope and cost.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority
2027 OPTION: 01 January 2027 to 31 December 2027:
Deliverable: 48 sprints of Provision of CIS Security Officer Support
Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.
Payment Milestones: Upon completion of each fourth sprint and at the end of the service. Completion of each milestone shall be accompanied documented in Delivery Acceptance Sheet (DAS) – (Annex B), signed for acceptance by the Purchaser’s authorized point of contact and the Contractor
Subject on actual requirements, contractor performance and available funding, the Purchaser reserves the right to exercise optional sprints for 2025, at a later time, within the same scope and cost.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a DAS, signed by the Contractor and Purchaser’s authority
5 COORDINATION AND REPORTING
The contractor shall participate in weekly status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to the Team Leaders instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her service during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report shall be a short email to the NCIA Point of Contact mentioning briefly the service held and the development achievements during the sprint.
6 SCHEDULE
This task order will be active immediately after signing of the contract by both parties
It is expected the service starts as soon as possible but no later than 25th November 2024 and ending no later than 31st December 2024.
If the 2025 option is exercised, the period of performance is 01st January 2025 to 31st December 2025
If the 2026 option is exercised, the period of performance is 01st January 2026 to 31st December 2026
If the 2027 option is exercised, the period of performance is 01st January 2027 to 31st December 2027
7 CONSTRAINTS
All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact
8 SECURITY
The duties of the consultant require a valid NATO SECRET security clearance.
9 PRACTICAL ARRANGEMENTS
The contractor will be required to provide the service primarily on‐site at NATO Headquarters – Brussels ‐ Belgium as part of this engagement. There is a possibility to work 1 day per week teleworking from Belgium.
This service must be accomplished by ONE contractor. In the event the consultant leaves during the contract period, he or she shall be replaced by a new consultant who has the required qualifications and is acceptable.
This individual hired for this position will be part of the NCIA Service Desk and CIS Security (SDCS) team.
10 QUALIFICATIONS
[See Requirements]
Requirements
8 SECURITY
- The duties of the consultant require a valid NATO SECRET security clearance.
10 QUALIFICATIONS
The consultancy support for this service requires a CIS Security Officer with the following qualifications:
1) Essential qualifications
- Experience in monitoring the provision of CIS Security services on a variety of platforms including firewalls, servers, routers, and endpoints;
- Experience in coordinating complex discussion concerning IT requirement review for implementation;
- Experience with Security Test and Planning including execution and reporting;
- Knowledge of a broad range of CIS Security disciplines;
- Knowledge and experience with industry standard collaboration tools;
- Knowledge and experience with change management process and industry standard change management tools.
2) Desirable qualifications:
- Experience working within classified network environments;
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure.
- Knowledge of a NATO CIS Security Policy, Directive and Guidance;
- Full proficiency in the English language.
- Certified ITIL Foundation or higher;
- PRINCE2;
- CISSP.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits C CISSP Clearance Compliance Firewalls ITIL Monitoring NATO Pentesting Risk assessment Risk management SecOps Security Clearance Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.