3906 Enterprise Cloud Expert Support Services
- Cloud Security Engineering and Architecture Support
- Accreditation Support and Delivery
- Cyber Risk Assessments and Risk Treatment Planning
The Cyber and Digital Transformation (CDT) Division advances the Alliance's agenda on cyber defense and digital transformation, and is developing and coordinating the Alliance's efforts on countering hybrid threats. The CDT also promotes coherence for Information and Communications Technology (ICT) and cyber security efforts across the NATO Enterprise's civil and military bodies, ensuring that policies, processes and capabilities are interoperable and aligned with the Alliance's strategic objectives.
CDT drives NATO's Digital Transformation, a key objective is to strengthen the ability of Allies and the NATO Enterprise to deter, defend against and counter the full spectrum of cyber and cyber\-enabled threats at the speed of relevance, comprehensively across the political, military, and technical levels. In particular, strengthen mechanisms and tools to enhance readiness and resilience against cyber threats across the Alliance, focusing in particular on Mission Vital Infrastructure (MVI).
The Enterprise Cyber Risk Management Supporting Officer supports NATO's enterprise\- wide cyber, artificial intelligence (AI), ICT and cloud technology risk governance by assessing, planning, designing, enhancing, and integrating digital enabling tools underpinning the NATO Enterprise Risk Management (ERM) Framework. The role has a strong focus on cybersecurity vulnerability analysis as a foundation for risk assessments feeding the ERM tool, ensuring that identified technical vulnerabilities are consistently translated into enterprise\-level risks, registered and monitored. The position also supports the secure and responsible deployment of AI solutions in the NATO, hybrid or public cloud environment and the integration of cyber\-related processes across NATO CIS Operational Authorities (CISOAs) areas of responsibilities.
This role directly supports CDT in its role as NATO Enterprise cybersecurity Risk Owner, strengthening situational awareness, coherence, and decision\-making across NATO Enterprise.
2\. TASKS
The NATO CDT division requires a professional who can provide expertise in support of analysis, coordination, and development of documents and strategies to enhance the NATO Enterprise cybersecurity posture in the realm of cybersecurity and Cloud. The contractor will contribute to the design and evolution of cybersecurity risk assessments in support of Cloud, artifacts within the cyber security domain, working closely with subject matter experts and relevant NATO stakeholders. The contractor shall provide the following services in an effective and timely manner:
2\.1 Cloud Security Engineering and Architecture Support
Description
Support the secure design and implementation of cloud\-based solutions (IaaS/PaaS/SaaS), including security architecture patterns, hardening baselines, secure connectivity, identity and access management, logging/monitoring, encryption/key management, and secure CI/CD practices.Measurement: Success will be measured by the delivery of analysis and reports supporting the implementation of cloud\-based solutions in accordance with specific requirements from the management. Timely and accurate delivery of products, artifacts and reports. Clear, concise and comprehensive documentation, dashboards, briefings and registries.
Timeline: Continuously throughout the period of performance.
2\.2\. Accreditation Support and Delivery
Description
Support the end\-to\-end security accreditation process through coordination and oversight, ensuring the right stakeholders are engaged, activities are planned, dependencies are managed, and progress is tracked. Facilitate collection and consolidation of inputs and evidence from engineering/service teams, support resolution of issues and findings, and provide status reporting and decision\-support to accreditation stakeholders.Measurement: Success will be measured by the delivery of clear, concise and comprehensive documentation providing an overview on plans and activities conducted in accordance with specific requirements from the management.
Timeline: Continuously throughout the period of performance, with key deliverables aligned to governance cycles.
2\.3\. Cyber Risk Assessments and Risk Treatment Planning
Description
Conduct and/or coordinate cyber risk assessments for cloud services and supporting components, ensuring risks are clearly articulated, assessed, documented, and tracked with pragmatic risk treatment options.Measurement: Success will be measured by the timely and accurate delivery of risk assessments and governance artifacts in compliance with applicable frameworks, and alignment with operational cyber security requirements.
Timeline: Continuously throughout the period of performance, with key deliverables aligned to governance cycles.
2\.4\. Continuous Assurance, Security Posture and Compliance Monitoring
Description
Define and support continuous assurance approaches for cloud environments (e.g., control monitoring, vulnerability management, configuration compliance, audit readiness), including reporting that enables operational and executive decision\-making. Support the controlled and secure deployment of Cloud solutions:- Oversee and support projects to implement Cloud solutions across the NATO Enterprise
- Support assurance, accreditation, and lifecycle risk management enabling automation of compliance verification wherever feasible
- Timely and accurate delivery of reports and products
Timeline: Initial development by the end of Q4 2026, with continuous updates and refinement thereafter.
2\.5\. Stakeholder Management and Coordination
Description
Engage and coordinate multiple stakeholders (technical teams, service owners, risk owners, operational authorities, security/accreditation stakeholders) across locations to align on security requirements, risk posture, and delivery priorities. Prepare and deliver briefings and decision\-support materials.Measurement: Success will be measured by the effective and timely feedback provided by and to stakeholders on different documents and products. Accurate reports and products are required.
Timeline: Continuously throughout the period of performance.
2\.6\. Support to Security Accreditation process
Description
The contractor shall support the conduction of activities and development of documents in support of the security accreditation process and relevant task force activities for cloud\-based environments and AI\-enabled systems, ensuring that emerging technologies are aligned with NATO cyber security standards and best practices.- Support organization, reporting and inputs to the CDT Security Accreditation Task Force
- Weekly updates to the Task Force and relevant boards
- Contribute to risk analysis and products on AI (where applicable) and security accreditation
Timeline: Continuously throughout the period of performance.
2\.7\. Reporting, Briefings, and Technical Communication
Description
The contractor shall prepare and deliver briefings, presentations, and reports to NATO committees, Capability Panels, and working groups, clearly communicating technical concepts, progress, and recommendations related to cyber security standards.Measurement: Success will be measured by the timely delivery of high\-quality reports and presentations, documented briefings, and stakeholder feedback demonstrating clarity, relevance, and effectiveness of communication.
Timeline: Continuously throughout the period of performance.
2\.8\. Support to Unforeseen and Ad Hoc Requirements.
Description
The contractor shall provide support to unforeseen or ad hoc requirements within the scope of cyber security, Cloud, AI, and interoperability as requested and prioritized by CDT. Such support shall be subject to mutual agreement on scope, effort, and priority.Measurement: Success will be measured by the timely and effective delivery of agreed support activities, as documented in tasking requests, and acceptance of outputs by CDT.
Timeline: Continuously throughout the period of performance.
3\. TIMELINES
The services of the contractor are required for the period 15 August 2026 until 31st December 2026\.
Possible extension of the contract in 2027 and 2028\. Contract extensions are subject to performance of the contractor, budget availability and related NATO regulations.
4\. SPECIFIC WORKING CONDITIONS
The work will be performed in an office\-based environment within a secure setting, under standard working hours. Occasional non\-standard working hours may be required to support urgent or high\-priority tasks.
5\. TRAVEL
The contractor will be expected to undertake business travel in support of specification development and coordination with security engineering stakeholders across NATO entities.
The frequency and duration of travel will depend on operational requirements and tasking needs.
Travel expenses will be reimbursed to the individual directly (in addition to the hourly rate) under NATO rules. Travel to Shape will not be reimbursed.
6\. SECURITY AND NON\-DISCLOSURE AGREEMENT
The contractor must be in possession of a NATO SECRET security clearance.
The contractor will be required to sign a Non\-Disclosure Agreement prior to commencing work.
Requirements
7\. REQUIREMENTS
Cette annonce provient de indeed. Voir l'annonce originale ↗