Companies Spektrum Enterprise Cyber Risk Specialist

About the role

Spektrum · Onsite

Spektrum have a wide range of exciting opportunities in several global locations.  We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.


Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

  • Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
  • Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
  • Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
  • Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
  • Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.


Role ID – CDT-0013

Role Background

The Cyber and Digital Transformation (CDT) Division advances the Alliance’s agenda on cyber defence and digital transformation, and is developing and coordinating the Alliance’s efforts on countering hybrid threats. The CDT also promotes coherence for Information and Communications Technology (ICT) and cyber security efforts across the NATO Enterprise’s civil and military bodies, ensuring that policies, processes and capabilities are interoperable and aligned with the Alliance’s strategic objectives.

CDT drives NATO’s Digital Transformation, a key objective is to strengthen the ability of Allies and the NATO Enterprise to deter, defend against and counter the full spectrum of cyber and cyber-enabled threats at the speed of relevance, comprehensively across the political, military, and technical levels. In particular, strengthen mechanisms and tools to enhance readiness and resilience against cyber threats across the Alliance, focusing in particular on Mission Vital Infrastructure (MVI).

The Enterprise Cyber Risk Management Supporting Officer supports NATO’s enterprise- wide cyber, artificial intelligence (AI), ICT and cloud technology risk governance by assessing, planning, designing, enhancing, and integrating digital enabling tools underpinning the NATO Enterprise Risk Management (ERM) Framework. The role has a strong focus on cybersecurity vulnerability analysis as a foundation for risk assessments feeding the ERM tool, ensuring that identified technical vulnerabilities are consistently translated into enterprise-level risks, registered and monitored. The position also supports the secure and responsible deployment of AI solutions in the NATO, hybrid or public cloud environment and the integration of cyber-related processes across NATO CIS Operational Authorities (CISOAs) areas of responsibilities.

This role directly supports CDT in its role as NATO Enterprise cybersecurity Risk Owner, strengthening situational awareness, coherence, and decision-making across NATO Enterprise.

We are looking for a well-rounded professional with excellent technical and communication skills as well as experience in the AI and cybersecurity domain. NATO knowledge would constitute and asset.

Role Duties and Responsibilities

2.1 Development of an Enterprise Risk Management Tool & Portal

  • The contractor shall engage with relevant stakeholders, including NATO committees, Capability Panels, and national SMEs to expand and enhance the Enterprise Risk Management (ERM) tool prototype and portals supporting cyber, vulnerability, and AI risk management. This includes translating complex cyber security specifications, policies, and operational needs into clear, actionable, and testable requirements.

2.2. Develop, coordinate, and support the evolution of the Board of CISOA Portal

  • The contractor shall develop, coordinate, review and maintain the evolution of the Board of CISOA Portal, ensuring alignment with NATO policies and internationally recognized frameworks such as NIST and ISO. This includes supporting the lifecycle of standardization artefacts within NATO governance processes.

2.3. Artificial Intelligence Risk Analysis & Deployment Support

  • The contractor shall support the risk assessment and governance of Artificial Intelligence solutions across NATO.

2.4. Deployment of AI solutions

  • The contractor shall define, document, and maintain cyber security conformance criteria and audit objectives supporting the controlled and secure deployment of AI solutions in NATO infrastructure.

2.5. Enterprise Risk Awareness & Information Sharing

  • The contractor shall improve coherence, situational awareness, and information sharing across NATO in the areas of cyber, vulnerability, and AI-enabled risk management.
    • Support enterprise-level reporting and dashboards for the CDT
    • Weekly updates of the CDT senior management
    • Contribute to common risk taxonomies, metrics, and reporting standards across the Alliance

2.6. Support to Security Accreditation process

  • The contractor shall support the conduction of activities and development of documents in support of the security accreditation process and relevant task force activities for cloud-based environments and AI-enabled systems, ensuring that emerging technologies are aligned with NATO cyber security standards and best practices.

2.7. Reporting, Briefings, and Technical Communication

  • The contractor shall prepare and deliver briefings, presentations, and reports to NATO committees, Capability Panels, and working groups, clearly communicating technical concepts, progress, and recommendations related to cyber security standards.

2.8. Support to Unforeseen and Ad Hoc Requirements.

  • The contractor shall provide support to unforeseen or ad hoc requirements within the scope of AI and cyber security as requested and prioritised by CDT. Such support shall be subject to mutual agreement on scope, effort, and priority.

Essential Skills, Experience and Certifications

  • The candidate must have comprehensive knowledge of the principles of computer communications security, networking, and the vulnerabilities of modern operating systems, applications and cloud.
  • The candidate must have at least three (3) years of demonstrated experience working with national or international CIS and cyber security, including their application and auditing at both governance and operational levels.
  • The candidate must have demonstrated experience in securing cloud-based environments.
  • The candidate must have demonstrated experience in defining and implementing cyber security architectures, including Zero Trust principles.
  • The candidate must have good knowledge of securing AI-enabled systems and data- driven capabilities.
  • The candidate must have experience in the management or delivery of cybersecurity programs across multiple focus areas, including, but not limited to, incidents, risk, and cyber defence.
  • The candidate shall have proven experience in cyber risk management, enterprise risk management, or security governance.
  • The candidate shall have demonstrable experience in vulnerability analysis and risk assessment, including mapping technical findings to business or operational impact.
  • The candidate must have experience working with risk management tools, portals, dashboards, or GRC platforms.
  • The candidate must have strong understanding of:
    • Vulnerability management and exposure analysis
    • Risk registers, prioritization, and treatment workflows
    • Enterprise CIS environments and dependencies
    • Familiarity with AI concepts and AI-related risks
    • Strong stakeholder coordination skills across technical, operational, and governance domains
  • The candidate must have demonstrated experience in operating in an environment with cross functional teams and complex reporting structures.
  • The candidate must demonstrate strong English writing and speaking communication and presentation skills, including the ability to convey complex cyber security concepts to both technical and non-technical audiences.
  • The candidate shall have demonstrated relevant project management skills and experience in industry or governmental cyber defence area.
  • The candidate must demonstrate the ability to analyse complex cyber security specifications and translate them into clear, actionable requirements or artefacts.
  • The candidate must demonstrate a strong security-focused and analytical mindset, with attention to detail and problem-solving capability.

Education

  • The candidate must possess a university degree in a relevant engineering or technical field such as computer science, systems science, or an equivalent technical qualification.

Desirable

  • Knowledge of NATO Security Policy and its supporting Directives.
  • Knowledge of the NATO Digital Policy Committee (DPC) and its substructure.
  • Knowledge of NATO CIS Security Accreditation processes, or equivalent national.
  • Recognised professional certifications in cyber security and/or project management.

Working Location

  • Brussels, Belgium

Working Policy

  • Onsite

Travel

  • Some travel to other NATO sites may be required

Security Clearance

  • Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you, please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up. 

Ready to apply to Spektrum?
Apply to Spektrum

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get the worldwide-remote edge.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free