Cloud Governance and Risk Manager

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

To address the complex nature of cloud transformation, the NATO Enterprise Cloud Operating Model (NECOM) has been designed to facilitate and harmonize a common approach towards leveraging cloud services across the NATO Enterprise, ensuring the effectiveness, security, compliance, and interoperability of all its different cloud environments while maintaining coherence and synchronization with extant capability planning processes. Key elements of NECOM include the Cloud Strategy Group (CSG) and the Cloud Service Broker (CSB) functions. The CSB function is composed of a multi-disciplinary team with expertise extending across the domains necessary to efficiently build and operate cloud services, such as technology, project management, financial management, acquisition and legal. NCIA is responsible for implementing the CSB. To support the strategic success of the Cloud Service Broker (CSB), the NCIA Chief Technology Office - Cloud Centre of Excellence (CTO-CCoE) seeks support for orchestrating various initiatives related to establishing a cloud service provider security trust assurance and risk registry.

Role Duties and Responsibilities

• Program and Project Management: Orchestrate and manage initiatives focused on establishing a security trust assurance and risk registry for cloud service providers, readiness for security accreditation and other initiatives as required.
• Compliance Management: Ensure cloud service providers comply with their shared responsibility model as per the custom organizational security framework.
• Pilot Programs: Lead and manage pilot programs with major cloud service providers to test and validate compliance and security measures.
• Security Accreditation: Drive efforts to achieve security accreditation for cloud systems, ensuring adherence to NATO policies and directives.
• Stakeholder Collaboration: Collaborate with internal and external stakeholders, including security teams, cloud service providers, and regulatory bodies.
• Risk Management: Identify, assess, and mitigate risks associated with cloud service provider security and compliance.
• Documentation and Reporting: Maintain comprehensive documentation and provide regular reports on program status, compliance metrics, and risk assessments.
• Training and Development: Develop and deliver training programs to enhance the cloud security knowledge and skills of team members.
• Continuous Improvement: Implement continuous improvement processes to enhance the efficiency and effectiveness of cloud security programs.
• Cloud Auditing: Plan and oversee the auditing of cloud service providers to ensure compliance with security standards and frameworks.
• Compliance as Code: Implement and manage compliance as code practices to automate security and compliance checks within cloud environments.
• Strategic Planning: Contribute to the strategic planning of cloud security initiatives, aligning them with organizational goals.

Essential Skills and Experience

• Minimum of 7 years of experience in technical program management, with a focus on cloud security and compliance.

Certifications:

• Project Management Professional (PMP), Prince2 or Certified ScrumMaster (CSM)
• Certified Cloud Security Professional (CCSP)
• Certificate of Cloud Security Knowledge (CCSK)
• Certificate of Cloud Auditing Knowledge (CCAK)
• Other certifications demonstrating strong experience of cloud security

Technical Skills:

• In-depth knowledge of cloud security frameworks and standards (e.g., CSA STAR, NIST, ISO/IEC 27001).
• Proficiency in cloud platforms (AWS, Azure, Google Cloud).
• Strong understanding of the shared responsibility model in cloud computing.
• Successful track record of advising complex international organizations on cloud governance, cloud compliance, cloud auditing.
• Experience with continuous assurance and compliance (e.g. automation, compliance as a code)

Programmatic Skills:

• Excellent project management skills, including planning, execution, and monitoring.
• Strong analytical and problem-solving abilities.
• Effective communication and stakeholder management skills.
• Ability to lead cross-functional teams and drive results.

Preferred Qualifications:

• Experience with security trust assurance and risk registries.
• Familiarity with security accreditation processes and standards.
• Proven track record of managing complex cloud security projects.

Others:

• The Contractor must have the nationality of one of the NATO nations.

Education

• Bachelor's degree in Computer Science, Information Technology, or a related field. A Master's degree is preferred.

Working Location

• The Hague, Netherlands

Working Policy

• On-Site

Travel

• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance

We never know what new opportunities might be just over the horizon. If this opportunity isn't for you please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.