OCIO-0048, Enterprise Cybersecurity Incident Coordinator

Duties

The contractor must be able to perform effectively and efficiently with minimal supervision the following tasks:

• Ensure readiness and response
• Support the Enterprise Cyber Incident Manager (ECIM) in triage, coordination and response efforts;
• Identify, develop and coordinate mitigation and remediation actions, in order to ensure a coherent response, Enterprise-wide, to identified cyber events and incidents of interest;
• Liaise with a wide range of NATO Enterprise stakeholders to ensure accurate information sharing and mitigation actions are communicated in a timely manner.

Reporting

• Prepare and conduct (as required) Cyber Incident Task Force (CITF) meetings; track progress on lines of effort and escalate issues to ECIM when required;
• Administrative support to the planning, conduct and reporting of CITFs and Incident Coordination and Decision-Making Groups (ICDMGs);
• Prepare internal communication products on NATO Enterprise cyber incidents, including records of meetings and cyber incident reports for senior leadership.

Evolve Enterprise Cyber Incident Management

• Support ECIM in the development and implementation of the Enterprise cyber incident management Directive and Framework;
• Support the annual update of the Cyber Incident Response Plan (CIRP) and develop its supporting annexes and handbooks;
• Support the preparation, conduct and evaluation of the annual OCIO-led Exercise Enterprise Pathfinder (ENPAF), a key exercise for the Enterprise to ensure readiness to handle cyber security incidents;
• Support that the lessons identified of previous ENPAF iterations and CITFs become learned in the Enterprise cyber incident management process;
• Support ECIM in the preparation and participation in other cyber-related exercises.

Requirements

To perform work under this SOW requires following qualifications:

• A degree from a university or establishment of similar standing;
• At least 3 years of experience in cybersecurity incident management and response, preferably in a large organization;
• Experience in cyber incident management exercise planning processes and scenarios;
• Experience in the development of processes and cybersecurity incident response plans, preferably in a large organization;
• Experience in the provision of cybersecurity advice and guidance following incidents happening in and through cyberspace;
• Knowledge and experience coordinating with multiple stakeholders during the response activities to cybersecurity related incidents in large, geographically sparse organizations;
• An excellent knowledge and experience with cybersecurity incident response best practices;
• A good knowledge of the principles, policy and procedures governing cybersecurity, preferably in military and/or defence organizations;
• The ability to draft clear and concise reports, produce and maintain cybersecurity incident reports, security and risks logs and systems in support of cybersecurity incident response activities;

Desirable

• Cyber security certifications such as CISSP, CISM or equivalent post-graduate degree in cybersecurity;
• Experience within NATO in leading cyber incident response activities;
• Experience in incident management tools;
• Knowledge of the NATO organization, its security policy and supporting directives.