Requirement: Cyber Security Accreditation Support
Location: Braine-L'Alleud, Belgium
Cost Not to Exceed: 13,950 EUR per sprint
Period of Performance: As soon as possible but not later than 1 September 2026 until 31 December 2026
Required Security Clearance: NATO SECRET
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:
- Current National or NATO SECRET clearance
- Nationality of one of the NATO member countries
- Current work visa for the specific location if applying for an in-country position
Introduction
The ITM Recovery Increment 1 (ITM RC1) project will replace the legacy Automated Information Systems (AIS) NS classification network with a modernized ITM Operational Network (ON) at NS in a private cloud across the NATO Command Structure (NCS). The project structure includes 14 Work Packages, organized in 4 pillar teams with about 30 people interacting daily with each other and externally too. This RFQ falls under WP02 Cyber Security scope.
Obectives
The NCI Agency is seeking to engage a suitably qualified and experienced CIS Security Accreditation Specialist to support its Cybersecurity and Accreditation activities. The Contractor personnel shall provide expert advice, conduct security risk assessments, and manage the full lifecycle of security accreditation documentation for NATO Communication and Information Systems (CIS).
Scope of Work
The Contractor personnel shall deliver the following services throughout the contract period:
Security Accreditation Advisory
Provide security accreditation advice and guidance to NCI Agency Project and System Managers across the full lifecycle of NATO CIS.
Act as the focal point between NCI Agency and NATO Security Accreditation Authorities (SAAs).
Build and sustain effective communications with Security Accreditation Boards, NATO SAAs, and NCI Agency organisational units supporting the accreditation process.
Security Risk Assessment
Conduct Security Risk Assessments (SRA) in support of NATO CIS projects, including identification of threat levels and vulnerabilities for all assets comprising NATO CIS, derivation of residual risks, and provision of risk management recommendations.
Accreditation Documentation
Identify, plan, request, and manage the development of all required accreditation documentation, including but not limited to the CIS Description, Security Accreditation Plan (SAP), Security Risk Assessment Report (SRAR), Security Requirement Statements (SRS), Security Operating Procedures (SecOPs), and Security Test and Verification Plan (STVP).
Subject Matter Expertise and Coordination
Stay abreast of technological developments relevant to cybersecurity, network security, and cloud security.
Provide subject-matter-related briefings and presentations to NCI Agency stakeholders and management.
Coordinate and cooperate with activities across other Business Areas within NCI Agency.
Perform any other related duties as directed by the section head.
Requirements
Mandatory Requirements
Qualifications
- The candidate must hold a university degree in Information Security, Telecommunications, Electronics, or Avionics.
- Alternatively, in the absence of such a degree, the candidate must have compensating relevant professional experience and hold at least one of the following certifications: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager).
- The candidate must have at least 2 years of experience in Security Accreditation of major Communication and Information Systems (CIS) within acquisition and/or development programmes for a large organisation.
- The candidate must have at least 2 years of experience applying security risk assessment methodologies and tools.
- The candidate must have at least 2 years of experience in the planning, design, and implementation of security components for major CIS.
- The candidate must have a proven ability to communicate effectively both orally and in writing.
- The candidate must have demonstrated briefing and presentation skills to senior stakeholders.
- Demonstrated interest and expertise in Cyber Security, Network Security, and Cloud Security is desirable and will be positively weighted during technical evaluation.
- Familiarity with international security standards, in particular ISO/IEC 27001, is desirable and will be positively weighted during technical evaluation.
- Experience working in or with NATO or other international defence organisations is desirable and will be positively weighted during technical evaluation.
- Any resource proposed for this Statement of Work requires a valid NATO SECRET security clearance prior to the start of the engagement.


