, part of the services in this SoW shall be delivered during national public holidays at the respective locations of performance.
Please do
NOT
apply for any NATO contract positions unless you meet ALL the following criteria:
Current National or NATO SECRET clearance
Nationality of one of the NATO member countries
Current work visa for the specific location if applying for an in-country position
Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
Introduction:
The NATO Communications and Information Academy (NCI Academy) offers training on both static and deployed NATO communication and information systems (CIS). This includes Consultation, Command, Control, Communications and Intelligence, Surveillance and Reconnaissance (C4ISR), as well as cyber security and cyber defence. Moreover, the NCI Academy plays an instrumental role in designing, developing and rolling out new learning solutions. This is achieved through comprehensive analysis of training requirements and by leveraging cutting-edge learning technologies.
The NCI Academy also provides a range of education and training services through its Academy Learning Environment (ALE). The ALE governs and strategically coordinates the systems and infrastructure that deliver training, including the Training Management System (TMS), Learning Management System (LMS), Academy Training Network (ATN), and future components such as the Adaptive Learning Platform. These systems support multiple delivery methods, such as classroom training, mobile training, Virtual Instructor-Led Training (VILT), and self-paced training. The ALE relies on technological elements like cloud-hosted services (TMS, LMS), virtual environments via the ATN, local networks, and a Virtual Desktop Infrastructure (VDI) that enables remote access.
To ensure these systems remain secure and compliant, the NCI Academy is outsourcingk Cyber Security Engineering and System Accreditation Support for the ALE. The Contractor shall work in close coordination with, and report to, the Academy Technical Capability (TeC) Team.
Objectives:
Provide expert cyber security engineering support to prepare, maintain, and evidence all documentation required to achieve and sustain accreditation/Authorisation to Operate for all ALE systems in operation. This includes supporting secure design, risk assessments, control implementation traceability, security testing and evaluation evidence, and risk treatment records, in compliance with NATO/NCI Agency security policies and standards. In addition, the Contractor shall support the Academy Technical Capability (TeC) Team by delivering the
following outcomes:
Solution Architecture (Secure by Design):
Design secure architectures for ALE systems (on-premises and cloud), evaluating alternatives and trade-offs (cost, performance, scalability), documenting architectural decisions, and preparing security design inputs and technical plans aligned with enterprise/solution architecture standards. Ensure alignment with enterprise security standards and support change initiatives with technical plans.
Information Security (Controls & Risk):
Apply physical, procedural, and technical controls. Conduct risk and business impact analysis, identify vulnerabilities, and design countermeasures. Support security incident investigations and lessons learnt, support response coordination and track remediation to closure.
Information Assurance & Accreditation:
Lead technical assessments of ALE systems. Define accreditation requirements, gather evidence, and coordinate with stakeholders throughout the accreditation lifecycle. Ensure traceability of controls and contribute to assurance processes.
System Hardening & Compliance Support:
Collaborate with system and network administrators, as well as developers, to implement hardening measures across systems and applications, ensuring compliance with security best practices and organizational standards.
