CDT-0013 Enterprise Cyber Risk Management Support Services (NS) BELGIUM - 10 Jul

Deadline Date: Friday 10 July 2026
 
Requirement: Enterprise Cyber Risk Management Support Services
 
Location: Brussels, BELGIUM
 
Full Time On-Site: Yes
 
Time On-Site: 100%
 
Not to Exceed Rate: 87 EUR
 
Total Scope of the request (hours): 890 (estimate)
 
Required Start Date: 17 August 2026
 
End Contract Date: 31 December 2026
 
Required Security Clearance: NATO SECRET
 
Please do NOT apply for any NATO contract positions unless you meet ALL the following criteria:

1. Current National or NATO SECRET clearance
2. Nationality of one of the NATO member countries
3. Current work visa for the specific location if applying for an in-country position

Any applications that do NOT meet all the above - and do not CLEARLY show these on the CV - will be deleted.
 
Introduction

• The Cyber and Digital Transformation (CDT) Division advances the Alliance's agenda on cyber defence and digital transformation, and is developing and coordinating the Alliance's efforts on countering hybrid threats. The CDT also promotes coherence for Information and Communications Technology (ICT) and cyber security efforts across the NATO Enterprise's civil and military bodies, ensuring that policies, processes and capabilities are interoperable and aligned with the Alliance's strategic objectives.
• CDT drives NATO's Digital Transformation, a key objective is to strengthen the ability of Allies and the NATO Enterprise to deter, defend against and counter the full spectrum of cyber and cyber-enabled threats at the speed of relevance, comprehensively across the political, military, and technical levels. In particular, strengthen mechanisms and tools to enhance readiness and resilience against cyber threats across the Alliance, focusing in particular on Mission Vital Infrastructure (MVI).
• The Enterprise Cyber Risk Management Supporting Officer supports NATO's enterprise- wide cyber, artificial intelligence (AI), ICT and cloud technology risk governance by assessing, planning, designing, enhancing, and integrating digital enabling tools underpinning the NATO Enterprise Risk Management (ERM) Framework. The role has a strong focus on cybersecurity vulnerability analysis as a foundation for risk assessments feeding the ERM tool, ensuring that identified technical vulnerabilities are consistently translated into enterprise-level risks, registered and monitored. The position also supports the secure and responsible deployment of AI solutions in the NATO, hybrid or public cloud environment and the integration of cyber-related processes across NATO CIS Operational Authorities (CISOAs) areas of responsibilities.
• This role directly supports CDT in its role as NATO Enterprise cybersecurity Risk Owner, strengthening situational awareness, coherence, and decision-making across NATO Enterprise.
• We are looking for a well-rounded professional with excellent technical and communication skills as well as experience in the AI and cybersecurity domain. NATO knowledge would constitute and asset.

Tasks
 
The NATO CDT division requires a professional who can provide expertise in support of analysis, coordination, and development of documents and strategies to enhance the NATO Enterprise cybersecurity posture in the realm of cybersecurity and AI. The contractor will contribute to the design and evolution of cybersecurity risk assessments in support of AI, artefacts within the cyber security domain, working closely with subject matter experts and relevant NATO stakeholders. The contractor shall provide the following services in an effective and timely manner:
 
Development of an Enterprise Risk Management Tool & Portal
 
Description: The contractor shall engage with relevant stakeholders, including NATO committees, Capability Panels, and national SMEs to expand and enhance the Enterprise Risk Management (ERM) tool prototype and portals supporting cyber, vulnerability, and AI risk management. This includes translating complex cyber security specifications, policies, and operational needs into clear, actionable, and testable requirements. Develop and maintain core functionalities including:

• Enterprise and operational cybersecurity risk registries
• Vulnerability-driven cybersecurity risk assessment tools
• Dashboards and decision-support views
• High-Level Risk Management and Remediation plans
• Up to date maps of CIS, services, dependencies, and AI-enabled capabilities

Measurement: Success will be measured by the delivery of the Risk Management tool and portal supporting traceability from vulnerabilities to risks, risk acceptance decisions, and treatment actions. Timely and accurate delivery of products, artifacts and reports. Clear, concise and comprehensive documentation, dashboards, briefings and registries.
Timeline: Continuously throughout the period of performance.
 
Develop, coordinate, and support the evolution of the Board of CISOA Portal
 
Description: The contractor shall develop, coordinate, review and maintain the evolution of the Board of CISOA Portal, ensuring alignment with NATO policies and internationally recognized frameworks such as NIST and ISO. This includes supporting the lifecycle of standardization artefacts within NATO governance processes.
Enable NATO CIS Operational Authorities to:

• View enterprise-wide cyber, vulnerability and AI risks
• Perform risk-based prioritization of CIS, services, and remediation activities
• Support informed operational and strategic decisions
• Collaborate and facilitate risk information exchange in support of decision-making

Measurement: Success will be measured by the delivery of clear, concise and comprehensive documentation providing an overview/dashboard and acceptance of the BCISOA Portal in accordance with NATO standards, supported by artefacts from relevant governance bodies, compliance with applicable frameworks, and alignment with operational cyber security requirements.
Timeline: Continuously throughout the period of performance, with key deliverables aligned to governance cycles.
 
Artificial Intelligence Risk Analysis & Deployment Support
 
Description: The contractor shall support the risk assessment and governance of Artificial Intelligence solutions across NATO.
The contractor will identify and assess AI-related risks, including:

• Security and resilience risks
• Data protection, confidentiality, and integrity concerns
• Explainability, trust, and operational risks
• Ethical and governance considerations

Measurement: Success will be measured by the timely and accurate delivery of risk assessments and governance artifacts in compliance with applicable frameworks, and alignment with operational cyber security requirements.
Timeline: Continuously throughout the period of performance, with key deliverables aligned to governance cycles.
 
Deployment of AI solutions
 
Description: The contractor shall define, document, and maintain cyber security conformance criteria and audit objectives supporting the controlled and secure deployment of AI solutions in NATO infrastructure.
Support the controlled and secure deployment of AI solutions:

• Oversee and support the embedding of AI risks into NATO enterprise risk registers
• Support assurance, accreditation, and lifecycle risk management enabling automation of compliance verification wherever feasible
• Align AI deployments with NATO policies and principles
• Timely and accurate delivery of reports and products

Measurement: Success will be measured by the delivery of clear, concise and comprehensive documentation providing an overview/dashboard on CDT AI deliverables.
Timeline: Initial development by the end of Q4 2026, with continuous updates and refinement thereafter.
 
Enterprise Risk Awareness & Information Sharing
 
Description: The contractor shall improve coherence, situational awareness, and information sharing across NATO in the areas of cyber, vulnerability, and AI-enabled risk management.

• Support enterprise-level reporting and dashboards for the CDT
• Weekly updates of the CDT senior management
• Contribute to common risk taxonomies, metrics, and reporting standards across the Alliance

Measurement: Success will be measured by the delivery of validated, timely and accurate reports and products aligned with NATO security policies.
Timeline: Continuously throughout the period of performance.
 
Support to Security Accreditation process
 
Description: The contractor shall support the conduction of activities and development of documents in support of the security accreditation process and relevant task force activities for cloud-based environments and AI-enabled systems, ensuring that emerging technologies are aligned with NATO cyber security standards and best practices.

• Support organisation, reporting and inputs to the CDT Security Accreditation Task Force
• Weekly updates to the Task Force and relevant boards
• Contribute to risk analysis and products on AI (where applicable) and security accreditation

Measurement: Success will be measured by the integration of security standards into cloud and AI-related initiatives, demonstrated alignment with security requirements, and stakeholder validation of delivered outputs, reports and products.
Timeline: Continuously throughout the period of performance.
 
Reporting, Briefings, and Technical Communication
 
Description: The contractor shall prepare and deliver briefings, presentations, and reports to NATO committees, Capability Panels, and working groups, clearly communicating technical concepts, progress, and recommendations related to cyber security standards.
Measurement: Success will be measured by the timely delivery of high-quality reports and presentations, documented briefings, and stakeholder feedback demonstrating clarity, relevance, and effectiveness of communication.
Timeline: Continuously throughout the period of performance.
 
Support to Unforeseen and Ad Hoc Requirements.
 
Description: The contractor shall provide support to unforeseen or ad hoc requirements within the scope of AI and cyber security as requested and prioritised by CDT. Such support shall be subject to mutual agreement on scope, effort, and priority.
Measurement: Success will be measured by the timely and effective delivery of agreed support activities, as documented in tasking requests, and acceptance of outputs by CDT.
Timeline: Continuously throughout the period of performance.
 
Requirements
Profile:

• The candidate must possess a university degree in a relevant engineering or technical field such as computer science, systems science, or an equivalent technical qualification.
• The candidate must have comprehensive knowledge of the principles of computer communications security, networking, and the vulnerabilities of modern operating systems, applications and cloud.
• The candidate must have at least three (3) years of demonstrated experience working with national or international CIS and cyber security, including their application and auditing at both governance and operational levels.
• The candidate must have demonstrated experience in securing cloud-based environments.
• The candidate must have demonstrated experience in defining and implementing cyber security architectures, including Zero Trust principles.
• The candidate must have good knowledge of securing AI-enabled systems and data-driven capabilities.
• The candidate must have experience in the management or delivery of cybersecurity programs across multiple focus areas, including, but not limited to, incidents, risk, and cyber defence.
• The candidate shall have proven experience in cyber risk management, enterprise risk management, or security governance.
• The candidate shall have demonstrable experience in vulnerability analysis and risk assessment, including mapping technical findings to business or operational impact.
• The candidate must have experience working with risk management tools, portals, dashboards, or GRC platforms.
• The candidate must have strong understanding of vulnerability management and exposure analysis; risk registers, prioritization, and treatment workflows; Enterprise CIS environments and dependencies; familiarity with AI concepts and AI-related risks; strong stakeholder coordination skills across technical, operational, and governance domains
• The candidate must have demonstrated experience in operating in an environment with cross functional teams and complex reporting structures.
• The candidate must demonstrate strong English writing and speaking communication and presentation skills, including the ability to convey complex cyber security concepts to both technical and non-technical audiences.
• The candidate shall have demonstrated relevant project management skills and experience in industry or governmental cyber defence area.
• The candidate must demonstrate the ability to analyse complex cyber security specifications and translate them into clear, actionable requirements or artefacts.
• The candidate must demonstrate a strong security-focused and analytical mindset, with attention to detail and problem-solving capability.
• Knowledge of NATO Security Policy and its supporting Directives is desirable.
• Knowledge of the NATO Digital Policy Committee (DPC) and its substructure is desirable.
• Knowledge of NATO CIS Security Accreditation processes, or equivalent national processes, is desirable.
• Recognised professional certifications in cyber security and/or project management are desirable.