CHIEF INFORMATION SECURITY OFFICER (IT SPECIALIST)

CHIEF INFORMATION SECURITY OFFICER (IT SPECIALIST)

Organization: US EUCOM ARMY ELEMENT NATO SCHOOL OFFICE OF THE COMMANDANT

Type of Appointment: Permanent

Announcement Type: Internal/External

Area of Consideration: WHO MAY APPLY: Current INTERNAL Local National Employees throughout Germany. This covers all current Local National employees of the U.S. Forces in Germany, including U.S. Air Force and AAFES-Europe within Germany and EXTERNAL Local National Applicants, who reside in Germany.

Major Duties: The incumbent leads and coordinates the development and implementation of IT information security directives, policies, and procedures, especially with regard to information processed, stored and transmitted on the NATO Restricted and NATO Secret networks. Works closely with the Communications and Information Systems Department (CJ-6), data owners, data custodians and governance groups in developing such policies and procedures, while providing authoritative advice and guidance on existing related NATO regulations and industry standards as well as their applicability. Develops, documents and ensures that a formal process for creating, updating, and adopting of IT security policies is in place at NSO. Oversees compliance of NSO systems with policies, standards, and guidelines, ensuring that these conform to NATO-wide as well as internal regulatory and reporting requirements. As the responsible IT security incident response manager, ensures that processes for non-compliance exist and are functional, and reviews existing internal controls to monitor and report exceptions and violations. Recommends and implements, as directed, improvements of controls necessary to monitor compliance. Identifies systems that require accreditation and prepares for, initiates, and accompanies systems accreditation processes, including site surveys, assesses their outcome and takes corrective actions as required. Provides respective reports to DD CJ-2 and higher management. Ensures the correct and secure operation of information processing facilities by verifying that operating procedures exist, are properly documented, and made available to and followed by staff for the protection against malicious code and cyber-attacks, data and system backup maintenance, media and equipment handling, technical and computer room management, the separation of test, development and operational systems, as well as the preservation of confidentiality and integrity of information. In conjunction with CJ-6, develops and maintains a disaster recovery plan for CIS systems so as to guarantee continued ICT support of critical business functions. Participates in the change management process by reviewing and providing input to all planning documents outlining new concepts and requirements impacting on CIS so as to ensure that cyber security aspects are adequately considered and detailed in plans. Leads and coordinates the establishment of Security Requirement Statements for any CIS capabilities at NSO, both from a technical as well as a policy perspective. Develops, implements and maintains a risk management program for CIS at NSO, to include processes for risk assessment, mitigation, and evaluation. Conducts a formal risk analysis on a periodical basis to identify vulnerabilities and their potential or actual impact NSO's information and technology assets, which could hamper or endanger the School's mission as well as damage NATO and its information security interests. Identifies and estimates the cost of protective measures to remove or mitigate vulnerabilities to an acceptable level and recommends necessary, yet cost-efficient measures. Based on findings provides input to the disaster recovery plan. Performs other duties as assigned.

Qualification Requirements: Description of the Education & Training Levels: Education & Training Levels E&T Level I&II: not creditable for positions in this occupational series. E&T Level III A: The completed apprenticeship must be in the Computer Science occupation (Informatikkaufmann/frau) or in another area that is directly related to the position to be filled; PLUS 4 years of job related experience as defined below. E&T Level IIIB, IIIC: PLUS 4 years of job related experience as defined below. E&T Level IVA: The completed apprenticeship must be in the Computer Science occupation (Informatikkaufmann/frau) or in another area that is directly related to the position to be filled; PLUS 3 years of job related experience as defined below. E&T Level IVB, C and D: The completed education, training and certification must be in the Computer Science occupation or in another area that is directly related to the position to be filled; PLUS 3 years of job related experience as defined below. E&T Level V: University or equivalent graduation in a closely related field or study; PLUS 2 years of job related experience. Or E&T level V with a state certification in computer science (staatlich geprüfter Informatiker) or a diploma in computer science (Diplominformatiker), (general (Allgemeine Informatik), Industrial (Wirtschaftsinformatik), multimedia information (Medieninformatik), engineering computer science (Technische Informatik, Ingenieur-Informatik , or equivalent; No additional experience required. Any work experience that involves the confidentiality, integrity, and availability of systems, network, and data through the planning, analysis, development, implementation, maintenance, and/or enhancement of information systems security programs, policies, procedures, and tools. Includes experience in developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, network, and data, and promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.
LANGUAGE PROFICIENCY LEVEL: English Language Proficiency Level B2 required. You may test yourself for free at one of the various online providers, who offer tests under the 'Common European Framework of Reference for Languages' (CEFR). Description of the Language Levels: Language Levels

Selective Placement Factors: General Information for LN Job Announcements - please read: General Information

Conditions of Employment: This position is a Nonappropriated Fund Position. Employee may perform the work at a location away from the regular worksite (e.g. at home) on a non-routine, ad-hoc basis. This includes work performed to complete a short-term special assignment or to accommodate special circumstances. Possible weekend, holiday and evening work required. Frequent multiple-day temporary duty travel (TDY) to long-distance destinations is required. We offer: - employment in an international environment with a welcoming atmosphere - high level of job security and attractive pay under German tariff agreements (CTA II; Protection Agreement) including, but not limited to, the following tariff entitlements: - 30 days of annual leave; 36 days for severely handicapped employees (Additional time-off on 24 & 31 December per tariff agreement) - vacation and Christmas pay (total of 13 monthly salaries) - various additional social benefits (e.g., employer pension scheme through Allianz group insurance; property accrual payments) Beyond the tariff agreement, - usually, time off on 8-9 U.S. holidays due to work hour redistribution (Governed by shop agreement) - employer-specific programs for flexible work schedules; mobile work; length-of-service/performance awards - health promotion and fitness programs, including free use of employer-run Fitness centers.