
Enterprise Cloud Security Specialist
SpektrumSummary
Spektrum is seeking an Enterprise Cloud Security Specialist for a role supporting the NATO Communication and Information Agency (NCIA) in Brussels, Belgium. The position focuses on cyber defence and digital transformation, specifically enhancing NATO's enterprise-wide cyber, AI, ICT, and cloud technology risk governance. The specialist will assess, plan, design, and enhance digital tools underpinning the NATO Enterprise Risk Management (ERM) Framework, with a strong emphasis on cybersecurity vulnerability analysis for cloud environments and secure AI solutions. This role is crucial for strengthening situational awareness and decision-making across NATO Enterprise.
Required Skills
Details
- Experience Required
- 5+ years
- Education Required
- Bachelor's
- Work Authorization
- Security Clearance
- Posted
- Jul 3, 2026
Description
Spektrum have a wide range of exciting opportunities in several global locations. We are always looking to add great new talent to our team and look forward to hearing from you.
Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.
Who we are supporting
The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.
The NCIA provides a wide range of services, including:
- Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
- Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
- Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
- Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
- Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.
Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.
The program
Assistance and Advisory Service (AAS)
The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.
To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.
Role ID – CDT-0016
Role Background
The Cyber and Digital Transformation (CDT) Division advances the Alliance’s agenda on cyber defence and digital transformation, and is developing and coordinating the Alliance’s efforts on countering hybrid threats. The CDT also promotes coherence for Information and Communications Technology (ICT) and cyber security efforts across the NATO Enterprise’s civil and military bodies, ensuring that policies, processes and capabilities are interoperable and aligned with the Alliance’s strategic objectives.
CDT drives NATO’s Digital Transformation, a key objective is to strengthen the ability of Allies and the NATO Enterprise to deter, defend against and counter the full spectrum of cyber and cyber-enabled threats at the speed of relevance, comprehensively across the political, military, and technical levels. In particular, strengthen mechanisms and tools to enhance readiness and resilience against cyber threats across the Alliance, focusing in particular on Mission Vital Infrastructure (MVI).
The Enterprise Cyber Risk Management Supporting Officer supports NATO’s enterprise- wide cyber, artificial intelligence (AI), ICT and cloud technology risk governance by assessing, planning, designing, enhancing, and integrating digital enabling tools underpinning the NATO Enterprise Risk Management (ERM) Framework. The role has a strong focus on cybersecurity vulnerability analysis as a foundation for risk assessments feeding the ERM tool, ensuring that identified technical vulnerabilities are consistently translated into enterprise-level risks, registered and monitored. The position also supports the secure and responsible deployment of AI solutions in the NATO, hybrid or public cloud environment and the integration of cyber-related processes across NATO CIS Operational Authorities (CISOAs) areas of responsibilities.
This role directly supports CDT in its role as NATO Enterprise cybersecurity Risk Owner, strengthening situational awareness, coherence, and decision-making across NATO Enterprise.
We are looking for a well-rounded professional with excellent technical and communication
skills as well as experience in the Cloud and cybersecurity domain. NATO knowledge would
constitute and asset
Role Duties and Responsibilities
Cloud Security Engineering and Architecture Support
- Support the secure design and implementation of cloud-based solutions (IaaS/PaaS/SaaS), including security architecture patterns, hardening baselines, secure connectivity, identity and access management, logging/monitoring, encryption/key management, and secure CI/CD practices.
Accreditation Support and Delivery
- Support the end-to-end security accreditation process through coordination and oversight, ensuring the right stakeholders are engaged, activities are planned, dependencies are managed, and progress is tracked. Facilitate collection and consolidation of inputs and evidence from engineering/service teams, support resolution of issues and findings, and provide status reporting and decision-support to accreditation stakeholders.
Cyber Risk Assessments and Risk Treatment Planning
- Conduct and/or coordinate cyber risk assessments for cloud services and supporting components, ensuring risks are clearly articulated, assessed, documented, and tracked with pragmatic risk treatment options.
2.4. Continuous Assurance, Security Posture and Compliance Monitoring
- Define and support continuous assurance approaches for cloud environments (e.g., control monitoring, vulnerability management, configuration compliance, audit readiness), including reporting that enables operational and executive decision-making. Support the controlled and secure deployment of Cloud solutions:
- Oversee and support projects to implement Cloud solutions across the NATO Enterprise
- Support assurance, accreditation, and lifecycle risk management enabling automation of compliance verification wherever feasible
- Timely and accurate delivery of reports and products
Stakeholder Management and Coordination
- Engage and coordinate multiple stakeholders (technical teams, service owners, risk owners, operational authorities, security/accreditation stakeholders) across locations to align on security requirements, risk posture, and delivery priorities. Prepare and deliver briefings and decision-support materials.
Support to Security Accreditation process
- The contractor shall support the conduction of activities and development of documents in support of the security accreditation process and relevant task force activities for cloud-based environments and AI-enabled systems, ensuring that emerging technologies are aligned with NATO cyber security standards and best practices. Support organisation, reporting and inputs to the CDT Security Accreditation Task Force
- Weekly updates to the Task Force and relevant boards
- Contribute to risk analysis and products on AI (where applicable) and security accreditation
Reporting, Briefings, and Technical Communication
- The contractor shall prepare and deliver briefings, presentations, and reports to NATO committees, Capability Panels, and working groups, clearly communicating technical concepts, progress, and recommendations related to cyber security standards.
Support to Unforeseen and Ad Hoc Requirements.
- The contractor shall provide support to unforeseen or ad hoc requirements within the scope of cyber security, Cloud, AI, and interoperability as requested and prioritised by CDT. Such support shall be subject to mutual agreement on scope, effort, and priority.
Essential Skills, Experience and Certifications
- The candidate must have comprehensive knowledge of the principles of computer communications security, networking, and the vulnerabilities of modern operating systems, applications and cloud.
- The candidate must have demonstrated experience in securing cloud-based environments.
- The candidate must have proven senior experience in cloud security engineering, including architecture and implementation of security controls in complex enterprise environments.
- The candidate must have demonstrated experience in defining and implementing cyber security architectures, including Zero Trust principles.
- The candidate must have experience in the management or delivery of cybersecurity programs across multiple focus areas, including, but not limited to, incidents, risk, and cyber defence.
- The candidate shall have proven experience in cyber risk management, enterprise risk management, or security governance.
- The candidate shall have demonstrable experience in vulnerability analysis and risk assessment, including mapping technical findings to business or operational impact.
- The candidate must have demonstrated experience in operating in an environment with cross functional teams and complex reporting structures.
- The candidate must demonstrate strong English writing and speaking communication and presentation skills, including the ability to convey complex cyber security concepts to both technical and non-technical audiences.
- The candidate shall have demonstrated relevant project management skills and experience in industry or governmental cyber defence area.
- The candidate must demonstrate the ability to analyse complex cyber security specifications and translate them into clear, actionable requirements or standards artefacts.
- The candidate must have proven experience coordinating work across multiple stakeholders (technical and executive), including facilitation, negotiation, prioritisation, and production of decision briefs.
- The candidate must have Knowledge of relevant risk/security frameworks and standards (e.g., ISO 27001/27005, NIST, or equivalent) and the ability to apply them pragmatically in cloud contexts.
- The candidate must demonstrate a strong security-focused and analytical mindset, with attention to detail and problem-solving capability.
Education
- The candidate must possess a university degree in a relevant technical field such as computer science, systems science, or an equivalent technical qualification.
Desirable
- Knowledge of NATO Security Policy and its supporting Directives
- Knowledge of the NATO Digital Policy Committee (DPC) and its substructure.
- Knowledge of NATO CIS Security Accreditation processes, or equivalent national processes.
- Recognised professional certifications in cyber security and/or project management are desirable. These include:
- CCSP (Certified Cloud Security Professional).
- CISM or CRISC (ISACA).
Working Location
- Brussels, Belgium
Working Policy
- Onsite
Travel
- Some travel to other NATO sites may be required
Security Clearance
- Valid National or NATO Secret personal security clearance
We never know what new opportunities might be just over the horizon. If this opportunity isn't for you, please feel free to send us your resume anyway and be the first to know if something suitable for your skills and experience comes up.
