About this NATOIS-0043 ICT Security Architect (NS) - WED 22 Jul role at EMW, Inc.
Deadline Date: Wednesday 22 July 2026
Requirement: ICT Security Architect
Location: Brussels, BE
Full Time On-Site: Flexibility for part-time teleworking
Total Scope of the request (hours): On the basis of 38 hours per week, a total of 2500 hours is requested until 31/08/2028. There is a possibility to work 28-32 hours per week.
Period of Performance: 01 Sep 2026 – 31 December 2026 (~500 hours)
Extension options:
Option 1: 01 January – 31 December 2027 (~1200 hours)
Option 2: 01 January – 31 August 2028 (~800 hours)
Required Security Clearance: NATO SECRET
Note: For all Level-of-Effort and Completion-Type requests processed outside of the IWC Value Stream, and for which the contractor will not be reimbursed directly by NCIA for travel expenses, additional travel funding shall be allocated on a Not-to-exceed basis when the yearly Option is exercised.
Profile Description Summary: The Information and Communication Technology Management (ICTM) Directorate has a portfolio of ICT-related projects with a diverse nature, some rather infrastructure related and others related to software acquisition and development. ICTM has a requirement for an expert in ICT security architecture for these projects.
Their efforts will focus on supporting the work of the Security Authority being the JISD/NOS, in particular with security architecture advice and guidance to ICT-related projects and with security auditing activities.
Division: International Staff (IS) - ICTM
Mission: ICTM provides support and services to the North Atlantic Council (NAC), its Committees, IS and IMS staff, and, when required, to Member and Partner Nation Delegations based in the HQ. The Directorate comprises of two pillars: Information Communication Technology (ICT) and Digital Information Management Services (DIMS).
Vision: ICTM is a recognised and trusted Directorate for the implementation of ICT-related projects for the IS. PRINCE2 has been adopted as methodology. In order to guarantee the (cyber-) security of systems that are being implemented, ICTM follows a security approval process, agreed by the Security Authority. As part of this process, security-related documentation needs to be submitted to a variety of stakeholders for review and approval.
Background: The incumbent will be embedded in the Security Architect Authority, being the Joint Intelligence and Security Division/NATO Office of Security (JISD/NOS), in order to enable the Security Approval/Accreditation Process of ICTM-led projects. In the past years ICTM and JISD/NOS have developed templates and examples of the documentation set that needs to be submitted as part of a Security Approval/Accreditation Process, as well as specific procedures applicable within the NHQ CIS Governance. These templates and procedures will be made available to the expert.
Objectives:
- Provide security architecture-related advice to NHQ ICT-related projects
- Contribute to the oversight of the Security Approval/Accreditation process of NHQ ICT-related projects and to CIS Security Risk Management activities
- Support the security auditing activities of JISD/NOS
Scope of Work:
Security Architecture and Risk Management:
- Provide security-related advice and guidance to project managers and other project stakeholders regarding ecurity design matters throughout the entire project lifecycle, including security approval-related activities;
- Perform Security Risk Assessments and make recommendations for risk mitigation and acceptance
Security Architect/Approval:
- Review security-related documents or Approval/Accreditation Documentation Sets (ADS) from
- ICT-projects including but not limited to Security Test and Verifications, Security Audit Reports, etc.;
- Draft security recommendations and Security Approval/Accreditation letters
Security Auditing:
- Contribute as necessary to the Security Auditing activities
- Ensure continuous functionality of the SIEM / UEBA systems and that all relevant security logs are properly ingested
- Develop custom SIEM / UEBA queries, reports and dashboards in order to support and enhance Security Auditing activities
Project Team member:
- As required, to develop security-related documentation such as Security Architecture including non-functional requirements, based on project scope
- Make recommendations as necessary on how to improve the existing processes or templates
- Represent the team in internal meetings related to cybersecurity.
Reporting: Bi-weekly status reports to NATO supervisor
Duties and Role:
- Security Architecture Advice and Guidance to Project Managers;
- CIS Security Risk Management;
- Review of ADSs from security architecture perspective;
- Assess ADS requests;
- Contribute to Security Audit activities;
- Contribute to the continuous improvement of internal processes;
- Other security-related duties as required by the NATO supervisor.
Location: The Service will be 100% at NATO Headquarters in Brussels. Due to the nature of the service, there will be flexibility for part-time teleworking from Belgium
Period of Performance: The services of the contractor are required for the period starting 1st September 2026 until 31st December 2026.
Option 2027: 01 January until 31 December 2027
Option 2028: 01 January until 31th August 2028.
Travel: None to minimal travel is expected.
Requirements
REQUIRED EXPERTISE AND QUALIFICATION
- The candidate must have a currently active NATO SECRET security clearance
- Minimum 8 years of experience in ICT security-related functions;
- Proven, strong expertise in ICT security architecture and security Accreditation/Approval process;
- Experience in participating in ICT systems and applications implementations.
- Experience in both on-premise and cloud deployments.
- Experience with SIEM and UEBA technologies and tools.
- Ideally, the incumbent should also have experience in working: in an international organization or governmental environment; in a classified environment; within complex multi-stakeholders environments; with log analytics and user behavior monitoring and auditing.
- Technically oriented university degree (information management, electronic engineering, etc.) or equivalent completed advanced vocational training;
- Proven understanding and technical knowledge of the ICT infrastructure & security services (directory services, database, PKI, firewall, etc.), latest software technologies either on-premises or cloud-based;
- Good understanding of project management methodologies and tools (e.g. PRINCE2);
- Good knowledge of security architecture frameworks and methodologies (e.g. SABSA)
- Proven experience in organizing workshops and conducting meetings and presentations;
- Excellent drafting and communication skills;
- Desirable: knowledge and practice of NATO CIS security related directives.
- Desirable: national certification on cybersecurity risk management or security accreditation processes (e.g. Prestataires d’accompagnement et de conseil en sécurité des systèmes d’information (PACS), IT-Grundschutz, ENS)
- Desirable: formal training or certifications on SIEM or UEBA/UAM tools (e.g. Splunk, Everfox suite)
- Desirable: Artificial Intelligence (AI) related security architecture
- Language requirements: Possess the following minimum levels of NATO’s official languages (English): V (“Advanced”)