Security Accreditation Expert

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Who we are supporting

Allied Command Transformation (ACT) is NATO’s leading agent for change: driving, facilitating, and advocating the continuous improvement of Alliance capabilities to maintain and enhance the military relevance and effectiveness of the Alliance. The main objectives of ACT are: providing appropriate support to NATO missions and operations; leading NATO military transformation; improving relationships, interaction and practical cooperation with partners, nations and international organisations. ACT therefore leads Alliance concept development, capability development, training and lessons learned initiatives and provides unfettered military support to policy development within NATO.

The program

Capability Development & Management Support (CDMS)

DCOS Capability Development (CAPDEV) acts as the Supreme Allied Commander Transformation's Director for guidance, direction and co-ordination of the activities and resources of the Capability Development Directorate. CAPDEV is responsible to:

• Identify and prioritize Alliance capability shortfalls from short to long term, along a continuum of holistic capability development.
• Lead the determination of required capabilities and prioritization of shortfalls to inform the delivery of materiel and non-materiel solutions across the Doctrine, Organisation, Training, Material, and Leadership, Personnel, Facilities and Interoperability (DOTMLPFI) lines of effort to enable a holistic approach to capability development, ensuring improved interoperability, deployability and sustainability of Alliance Forces.

Role Background

Headquarters Allied Command Transformation (HQ SACT), ACT Office of Security (AOS) is the lead for all aspects of security in ACT, including physical security, personnel security, CIS security, and security of information.

The Communication and Information System (CIS) Security Section within AOS provides support to the ACT Security Accreditation Authority. Due to an increase in the number of CIS required to undergo security accreditation, the CIS Section does not have the capacity to provide timely security accreditation support to all CIS in ACT

Security accreditation is the process of assessing the security risk of a CIS at all stages of the CIS lifecycle, from project inception through to eventual withdrawal. The process considers:

• whether the CIS is compliant with NATO security policy; and
• whether the risk associated with its use to store, process or transmit information, in its operational environment, is acceptable.

The security accreditation process is based on a review and acceptance of key deliverables from the developer (project phase) and service provider (operations phase).

NATO has three Security Accreditation Authorities (SAA); ACT has 50-100 CIS requiring accreditation, of which about 60-70% are entirely within the remit of the ACT SAA.

Role Duties and Responsibilities

• Maintain records of the progress of a CIS through NATO security accreditation processes and the application of NATO security regulations.
• Review of security accreditation documentation for CIS and make recommendations for approval. Security accreditation documentation includes the CIS Description, Risk Assessment Results, System-Specific Security Requirements Statement, Security Operating Procedures, Security Test & Validation Plan, Security Test & Validation Results, Incident Reports, etc.
• Ensure that verification activities are properly executed, to confirm that the agreed security measures have been implemented
• Provide support and guidance to CIS developers and service providers. Note that some developers and service providers are based in Europe.
• Contribute to updates of the statement of the security risk for ACT CIS
• Liaising with other roles in the Security Accreditation process
• Representing the ACT SAA in NATO Enterprise meetings, either in person or via VTC.

Essential Qualifications:

• Certification in CIS security or cyber defence disciplines provided by a recognised certification scheme, as a Certified Information Systems Security Professional (CISSP), GIAC Security Expert or ISACA Certified Information Security Manager (CISM).
• At least 5 years demonstrated experience in CIS security, CIS development or CIS service delivery
• Within the 5 years’ experience above, at least 3 years of demonstrated experience working in or in direct support of a national, international or multi-national CIS security accreditation, certification or similar field
• Demonstrated proficiency in English as defined in STANAG 6001 (Standardized Linguistic Profile (SLP) 3333 - Listening, Speaking, Reading and Writing) or equivalent.
• Proficiency in the use of the Microsoft Office Tool suite and collaborative software

Education

• 3 or 4 year university degree or equivalent national academic qualification in computer science, network security, cyber-security or related field 

Working Location

• (Norfolk, VA, USA)

Working Policy

• Onsite

Contract Duration

• Mar 2025 – Dec 2027

Security Clearance

• Valid National or NATO personal security clearance

Language

• Professional English
  • Demonstrated proficiency in English as defined in STANAG 6001 (Standardized Linguistic Profile (SLP) 3333 - Listening, Speaking, Reading and Writing) or equivalent.

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.