Cybersecurity Change Management Specialist

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.


• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.


• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.


• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.


• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. Mission

The NCSC Service Delivery Support Section (SDSS) is dedicated to centralizing the coordination of cyber security services delivery in a matrix organizational environment. Our mission is to orchestrate the entire service lifecycle, ensuring that services align to and follow enterprise strategy, policy, and directives established by the NCI Agency management, Chief Operating Officer, Chief Service Operations, Chief Technology Officer, Finance and Acquisition departments. We work closely with Service Area Owners and Service Delivery Managers to enable standardized and effective service delivery. In order to execute this work, the NCI Agency requires support with the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security and cyber defence. This Statement of Work (SoW) specifies the required skillset and experience.

Our vision at the NCSC Service Delivery Support Section (SDSS) is to become the central coordination point for cyber security service delivery, enabling seamless and transparent end-to-end delivery of services to our customers. We will achieve this by operating in and leading three core areas that are detrimental for quality service delivery: Service Design, Service Transition, and Service Operations. These areas leads will guide the Service Area Owners and Service Delivery Managers, provide advice and ad-hoc support with their challenges in Service Management. SDSS will also act a single source of truth in Service Delivery metrics and quality, and will provide centralized and coordinated responses to enterprise-level inquiries and reporting requirements.

Role Duties and Responsibilities

Daily Service Requests review

The purpose of daily service requests review is to monitor all incoming Change Requests as well as Service Requests that do not meet the criteria of the pre-approved “Standard Changes” and re-direct them through the Change Management process. The personnel will:

• Support the team by routinely reviewing the tickets queue to ensure 4 hours response time


• Multi-channel support (phone, email, internal chat) for change reporting


• Develop and maintain a change and configuration management dashboard to reflect up-to-date change status at all times


• Provide regular reporting on change and configuration management performance


• Escalate critical requests to appropriate channels within 4 hours

Technical Review Board

The personnel will: Provide meeting minutes

• The primary purpose of TRBs is to ensure that all Change Requests are properly prepared (investigated, evaluated and risk assessed) for consideration by the D-CAB based on input from all stakeholders who have a vested interest in the Change Requests. Change Manager is expected to lead the meetings and should have sufficient knowledge in Hardware, Systems, Networks, and Cyber Security Tools.

Release and Governance Board

The personnel will:

Provide meeting minutes

• The primary purpose RGBs is to control the Release and Deployment of all CRs approved by the D-CAB. The RGB maintains the scheduling for deployment, cutover and testing of the CRs to ensure the correct implementation of the changes and verify that implementation has not caused any regression of other services, and report them to the D-CAB. Should RGB would not be required or applicable for the week TRB may replace the activity.

Domain Change Advisory Board

The personnel will:

• Provide meeting minutes of analysis of change request monitoring and analysis of events across the Client's networks Internal Change Advisory Board that is chaired by Infrastructure Branch Head to make an informed decision on the Change Manager outputs (assessment, compliance, risk, recommendation).

Ad-hoc SME support sessions

The personnel will:

• Attend the meeting with various stakeholders and senior decisions-making staff


• Create reports that will include the elements in the table below:

Half a day, “open door” session (remotely) where consultancy and advise are provided to interested stakeholders:

• CR processes and governance in general;


• CR updates;


• CR informal planning;


• Other Business.

Configuration Management Database updates

The personnel will:

• Maintain and update over 5,000 records Configuration Items DB


• Address ad-hoc requirements for CI inquiries


• Maintain CMDB access and dashboard in PowerBI

Enterprise Change Management Board

The personnel will:

• Provide meeting minutes and reports

Internal Reporting

The personnel will:

• Provide reporting to NCSC Service Transition Area Lead who is reporting to Service Delivery Support Section Head.


• Create regular reports on change management activities, including successes and areas for improvement

Essential Skills and Experience

• Previous experience in Sr. Change Manager position


• Experience in Cyber Security domain (SIEM, Computer Forensics, Vulnerability Assessment, Network intrusion prevention, Full packet capture, Public Key Infrastructure, Crypto)


• Proven experience in developing and implementing ITIL v3/v4 service management processes and procedures.


• A solid understanding of change management methodologies, tools and techniques and how to apply them effectively.


• Experience working within a matrix management environment.


• Experience of managing change across a global organization.


• Five or more years of relevant change and configuration management experience at management level.


• Five or more years of experience supporting business process/systems changes.


• Advanced level working knowledge of Network design (IP addressing, Routing/Switching, high availability).


• Advanced level of working knowledge of System design (Virtualization, Operating Systems, Back-up and recovery).

Personal qualities required

• Strong stakeholder management skills – can demonstrate evidence of developing and maintaining strong and effective relationships with internal stakeholders at all levels in an organization.


• Flexible and adaptable; able to work in ambiguous situations.


• Excellent coaching skills.


• Excellent communication skills, both written and verbal.

Minimum qualifications required

• Official Project Management certification (Prince2, PMP, PMBOK)


• Official Network Management certification (CCNA, Network+)


• Official Service Management certification (ITIL Foundation, ITIL Transition)


• Information Security or Service Management awareness (ISO 27001/ISO 20000)

Working Location

• Mons, Belgium

Working Policy

• On-Site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance