Home
Jobs
Spektrum
Cybersecurity Change Management Specialist

Cybersecurity Change Management Specialist

On site

Mons, Belgium

Full Time

10-04-2025

Share this job:

Score my CV Apply

Job Specifications

Spektrum have a wide range of exciting opportunities in several global locations.

We are always looking to add great new talent to our team and look forward to hearing from you.

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who We Are Supporting

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. Mission

The NCSC Service Delivery Support Section (SDSS) is dedicated to centralizing the coordination of cyber security services delivery in a matrix organizational environment. Our mission is to orchestrate the entire service lifecycle, ensuring that services align to and follow enterprise strategy, policy, and directives established by the NCI Agency management, Chief Operating Officer, Chief Service Operations, Chief Technology Officer, Finance and Acquisition departments. We work closely with Service Area Owners and Service Delivery Managers to enable standardized and effective service delivery. In order to execute this work, the NCI Agency requires support with the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security and cyber defence. This Statement of Work (SoW) specifies the required skillset and experience.

Our vision at the NCSC Service Delivery Support Section (SDSS) is to become the central coordination point for cyber security service delivery, enabling seamless and transparent end-to-end delivery of services to our customers. We will achieve this by operating in and leading three core areas that are detrimental for quality service delivery: Service Design, Service Transition, and Service Operations. These areas leads will guide the Service Area Owners and Service Delivery Managers, provide advice and ad-hoc support with their challenges in Service Management. SDSS will also act a single source of truth in Service Delivery metrics and quality, and will provide centralized and coordinated responses to enterprise-level inquiries and reporting requirements.

Role Duties And Responsibilities

Daily Service Requests review

The purpose of daily service requests review is to monitor all incoming Change Requests as well as Service Requests that do not meet the criteria of the pre-approved “Standard Changes” and re-direct them through the Change Management process. The personnel will:

Support the team by routinely reviewing the tickets queue to ensure 4 hours response time
Multi-channel support (phone, email, internal chat) for change reporting
Develop and maintain a change and configuration management dashboard to reflect up-to-date change status at all times
Provide regular reporting on change and configuration management performance
Escalate critical requests to appropriate channels within 4 hours

Technical Review Board

The personnel will: Provide meeting minutes

The primary purpose of TRBs is to ensure that all Change Requests are properly prepared (investigated, evaluated and risk assessed) for consideration by the D-CAB based on input from all stakeholders who have a vested interest in the Change Requests. Change Manager is expected to lead the meetings and should have sufficient knowledge in Hardware, Systems, Networks, and Cyber Security Tools.

Release and Governance Board

The personnel will:

Provide meeting minutes

The primary purpose RGBs is to control the Release and Deployment of all CRs approved by the D-CAB. The RGB maintains the scheduling for deployment, cutover and testing of the CRs to ensure the correct implementation of the changes and verify that implementation has not caused any regression of other services, and report them to the D-CAB. Should RGB would not be required or applicable for the week TRB may replace the activity.

Domain Change Advisory Board

The personnel will:

Provide meeting minutes of analysis of change request monitoring and analysis of events across the Client's networks Internal Change Advisory Board that is chaired by Infrastructure Branch Head to make an informed decision on the Change Manager outputs (assessment, compliance, risk, recommendation).

Ad-hoc SME support sessions

The personnel will:

Attend the meeting with various stakeholders and senior decisions-making staff
Create reports that ...

About the Company

Spektrum are an international sales and management consulting firm who don’t just say we’re different, we are different. We solve today's defence, humanitarian and government market problems, evolving to meet its clients' challenges. Know more

Related Jobs

Company Name: Huxley
Job Title: Cyber Security analyst
Job Description: Seeking a Cyber Security Analyst for a role based in Brussels, requiring expertise in risk assessments, security requirements, and application security. The client operates in the financial infrastructure sector, focusing on security within their services and management systems. During this mission you will: Define and advise on the design, implementation, and test processes necessary to protect information system assets. Perform risk assessments and translate security architecture and high-level policies and controls into security requirements for business and IT projects. Contribute to the architectural design and validate it against the security requirements. Define security testing requirements and penetration test scope, actively support the testing teams to perform these tests, and approve the test reports. Define, implement, and ensure the proper functioning of security services in line with IT security policies. Recommend and advise on new or improved security services to division management. Produce documented security services, technical standards, or principles. Act as a security subject matter expert within a specific domain (e.g., Mainframe security, PKI, Cryptography, Network security, platform security, IAM, application security, or secure coding), being the point of contact for both business and project teams. About you: IT-security professional with 3-10+ years of experience in either infrastructure security or IT application security. Familiarity with industry best practices in key security domains such as identity and access management, PKI, network security, data protection, and application security. Knowledge of and experience with security technologies including IDAAS, Secure access management, PKI, web application firewalls, endpoint security, virtualization, cloud services, network infrastructure, and security compliance automation. Preferred professional certifications include CISSP, GIAC, SABSA, ISO 27001 LA/LI.

Company Name: Harvey Nash
Job Title: Security Engineer
Job Description: Between 2 and 3 years' experience: You monitor the security of our critical servers and systems. You monitor the alarms generated by our security systems and take action on them: you set priorities and escalate an issue when necessary. Based on your knowledge of attack techniques, you will help to find the root cause of security alarms. For this you dive into the log files of servers and systems. You will test and fine tune security alarms and incident response procedures. You will discuss within the teams what to do in case of incidents and how to prevent them in the future. you attend regular team meetings and scrums You document the context of the incident. You help colleagues who are resolving the incident with additional analyses, if necessary. You help ensure that we are working according to the right priorities. Depending on the action taken on the incident, you close it, put it on hold, have it looked at again or escalate it. Your guide here is our runbook. You also provide suggestions on what action to take. You participate in sessions on continuous improvement and help think through these questions: o What lessons can we learn from how certain incidents were handled? Can things be done differently or better next time? o What are the weaknesses in our security controls? o Can our processes be more efficient? Do we pass on information to each other in the best way? Responsibilities - You have a broad view on the IT Operating systems & middleware (Windows, Unix, Linux, databases) and networks; You have general to good knowledge of malware (types) and cyber-attack techniques (the kill chain); Other pluses - Knowledge of and experience with: security tools for detection and analysis security events ticketing systems network security, firewall, IDS, ... You monitor the security of our critical servers and systems. You monitor the alarms generated by our security systems and take action on them: you set priorities and escalate an issue when necessary. Based on your knowledge of attack techniques, you will help to find the root cause of security alarms. For this you dive into the log files of servers and systems. You will test and fine tune security alarms and incident response procedures. You will discuss within the teams what to do in case of incidents and how to prevent them in the future. you attend regular team meetings and scrums You document the context of the incident. You help colleagues who are resolving the incident with additional analyses, if necessary. You help ensure that we are working according to the right priorities. Depending on the action taken on the incident, you close it, put it on hold, have it looked at again or escalate it. Your guide here is our runbook. You also provide suggestions on what action to take. You participate in sessions on continuous improvement and help think through these questions: o What lessons can we learn from how certain incidents were handled? Can things be done differently or better next time? o What are the weaknesses in our security controls? o Can our processes be more efficient? Do we pass on information to each other in the best way? Preferred Skills You have a broad view on the IT Operating systems & middleware (Windows, Unix, Linux, databases) and networks; You have general to good knowledge of malware (types) and cyber-attack techniques (the kill chain); Other pluses - Knowledge of and experience with: security tools for detection and analysis security events ticketing systems network security, firewall, IDS, ...

Company Name: Sopra Steria
Job Title: Information Security Consultant
Job Description: Senior-Medior GRC Professional Flanders, Brussels, Belgium Full-time Company Description Sopra Steria offers tailored, end-to-end corporate technology and software solutions to help clients make bold choices and deliver results. Successfully so! With more than 56.000 colleagues in 30 countries, we rank as Europe’s leading digital solutions provider. Some of the most successful companies in Europe rely on our technology due to our commitment to innovation, collaboration, and value in business development. The world is how we shape it. Let’s shape it together. Job Description Cybersecurity is an always-on field, so you’ll stay advised of all the latest trends and compliance regulations and always be ready to conduct threat analysis, risk management, and incident response quickly and effectively. To stay on the front foot, our cybersecurity experts will be familiar with the latest security tools, implementing firewalls, and conducting vulnerability assessments. Our cybersecurity colleagues will excel in ethical hacking and penetration testing, with strong communication skills to collaborate effectively with other departments. This ensures that their assets meet security standards, maintain confidentiality, and contribute to safeguarding the systems. After all, there’s no cyber without cybersecurity. We are seeking a proactive, communicative, and experienced Cybersecurity Professional to join our dynamic and innovative team. With a strong background in Information Security Management Systems (ISMS), IT risk management, and compliance audits, you will play a crucial role in protecting our clients from evolving digital threats and supporting them with the information security risks they are facing. Our projects are diverse and challenging, across all industries and markets (private/public). Responsibilities: Design and develop secure solutions to complex application problems Collaborate with the architects on system security design Deploy and use security tools to identify and resolve issues across a wide range of systems and applications Implement hardening controls using CIS benchmark across different system components and applications to reduce the attack surface Identifying, assessing, and mitigating vulnerabilities in infrastructure components and applications Implement/Support DevSecOps processes and security engineering review of code and IT configuration Troubleshooting problems related to PKI Qualifications We’re seeking passionate colleagues who are eager to push the boundaries in digital transformation and technology consulting. At Sopra Steria, you’ll have the opportunity to grow your skills in a constructive, collaborative team environment, working on impactful projects that drive change for our clients. If you thrive on challenge and meet (most of) the qualifications below, we look forward to your application! You have knowledge and experience of the following: Extensive experience with information security management systems (ISMS) Proficiency in conducting compliance audits Strong understanding of IT risk management principles Familiarity with IT processes based on e.g. ITIL Knowledge of standards and legislations such as ISO2700x, NIS2, and Cyber Fundamentals Following certifications are a bonus: CISSP, CISA, CISM, CRIS, C or ISO27001 Lead Implementor or Lead Auditor Education: Bachelor’s or Master’s degree in Engineering, Cybersecurity, or Computer science Languages: Fluency in Dutch or French, and English Moreover, the following skills are expected: Proactive/Entrepreneurial. Someone who can take initiative and drive projects forward. Communication. Strong verbal and written communication skills. Organizational. Having excellent organizational skills to manage multiple tasks and/or projects. Stakeholder Management. The ability to effectively manage and engage with stakeholders at all levels. Reporting/Presenting. Being skilled in preparing and delivering reports and presentations. Social/Team Player. A collaborative team player with strong interpersonal skills. What we can offer you As a member of one of Europe’s largest digital solutions providers, you’ll benefit from extensive career development opportunities, both local and international. At the Sopra Steria Academy, you’ll be part of a dynamic network of 56,000 professionals at all stages of their careers. With a wide array of offices to explore, you can find your ideal location and take the next step in your career. You’ll become a part of a major Tech player in Europe recognised for its consulting, digital services, and software development. Additional Information People are the cornerstone of our success. That’s why we aspire to be bolder together. Our goal is to build high-functioning teams and healthy team environments that inspire and help each other to deliver excellence for each of our customers. Excited about this job opportunity? Ready to shape the world with us? Great! We are looking forward to your application! ______ Sopra Steria is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, ancestry, nationality, color, family or medical leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, gender (including pregnancy), sexual orientation or any other characteristic protected by applicable local laws, regulations and ordinances. We foster a work environment that is inclusive and respectful of all differences. I'm interested

Company Name: NATO Communications and Information Agency (NCI Agency)
Job Title: Senior Cyber Security Engineer
Job Description: Primary Location Belgium-Mons NATO Body NATO Communications and Information Agency (NCIA) Schedule Full-time Application Deadline 06-May-2025, 2:59:00 PM Salary (Pay Basis) 7,970.25 Grade NATO Grade G17 Who we are: For more than 70 years, NATO’s mission has been to preserve peace and security in the Alliance for nearly one billion citizens. The NATO Communications and Information Agency (NCI Agency) and its predecessors have worked tirelessly in providing the means that enable the connectedness and togetherness that keep our Alliance strong. We are the NCI Agency, a team of 3000 civilian and military staff in 29 locations throughout Europe, North America and Asia. Our technology and cyber experts allow NATO to conduct critical operations, protect NATO’s airspace, make data-driven decisions, defend against cyber-attacks, secure NATO networks and maintain superiority in space. This is all possible because of our greatest force, our people. In order to keep this edge we aim to hire, train and retain the very best staff. Our staff members represent both the diversity and unity of our Alliance. When you join the NCI Agency, you will be part of an organization where you can contribute authentically to the mission and purpose of NATO and help us keep our technological edge. About the job: Based in Mons, Belgium you will join the Agency as we embark on a journey to transform our IT services to support NATO’s Digital Endeavour. You will join NATO Cyber Security Centre (NCSC), which is responsible for planning and executing all lifecycle management activities for cyber security. In executing this responsibility, NCSC provides specialist cyber security-related services covering the spectrum of scientific, technical, acquisition, operations, maintenance, and sustainment support, throughout the lifecycle of NATO Communications and Information Systems (CIS). We are looking for a driven and enthusiastic Senior Cyber Security Engineer who will take on the following roles and responsibilities: Support the vision and mission of the NCSC and ensuring NCSC technical adherence to broader NCIA initiatives under the direction and guidance of the NCSC Solutions Roadmap Section Head (Cyber); Work in consultation with NCSC Service Owners on evolution of NCSC services and developing Cybersecurity Service Roadmaps; Support development of architectural directives and architecture products; working hand in hand with the NCSC lead for design and implementation; Provide support to staff working on projects where Cyber Security is being evolved, uplifted or transformed; Represent the NCIA/ NCSC in working groups and forums. For a full list of duties, please review the job description on the NCI Agency career site . About you: The valuable knowledge and experience that you bring to this role are: Bachelor’s degree at a nationally recognised/certified University in a related discipline and 3 years post-related experience. Or exceptionally, the lack of a university degree may be compensated by the demonstration of a candidate’s particular abilities or experience that is/are of interest to NCIA, that is, at least 10 years extensive and progressive expertise in duties related to the function of the post; At least 3 years practical experience developing or delivering services in Cybersecurity; Extensive practical experience identifying vulnerabilities and potential security threats; Development of technical requirements, system diagrams and other engineering products to aid Cybersecurity acquisition and procurement; Proven ability to deliver cyber security capabilities for industry, government, or military; Up to date knowledge and experience in the following areas: ü Design and implementation of cyber security capabilities and supporting infrastructure elements in an operational environment; ü Cryptographic technologies including key management; ü Identity and access management; ü Risk management. Knowledge in the following areas: ü Network monitoring and detection technologies; ü The design of cyber security capabilities on cloud infrastructure. Ability to apply architecture methodologies to express complex, systems of systems in architectural terms and models of varying detail; Recognised track record in dealing with stakeholders, understanding their needs, problems, and requests and proposing constructive ways ahead; Proactive attitude in seeking and maintaining trust from stakeholders; Proven ability to communicate effectively orally and in writing with good briefing skills; Very good communication and analytical skills; Experience leading small teams; Fluency in English, both written and spoken. What we offer: Genuinely meaningful work as part of the most successful alliance in history; 3 year contract with competitive tax-free salary and household and children’s allowances; Privileges for expatriate staff including expatriation and education allowances (where appropriate) and additional home leave; Excellent private health insurance scheme; Generous annual leave of 30 days plus official holidays; NATO Pension Scheme; Development programs such as professional training, wellbeing, and more. To learn more about NCI Agency and our work, please visit our website . The NCI Agency prides itself on being an equal opportunity employer. We are committed to fostering an inclusive environment of mutual respect and value uniqueness and differences in gender, gender identity, race, ethnic or cultural origin, age, religion, sexual orientation and physical or neurocognitive ability. Additional details on the conditions of application can be found via the NCI Agency career site.