CIS Security Accreditation:

• Produce the CIS Description (CISD) documentation, addressing all NATO CIS components; coordinate with Service Delivery Managers (SDMs), network and security architects and other relevant Subject Matter Experts (SMEs) to ensure the complete and accurate description of the CIS;
• Conduct Security Risk Assessment (SRA) for the NATO CIS in scope; this includes the identification and assessment of risks in close coordination with NATO accreditation stakeholders (including technical and security authorities);
• In close coordination with the security accreditation support and the technical stakeholders, produce the Security Requirements Statements (SRSs) (System Specific and for the System Interconnections), which include evaluating the implementation of the security requirements as per the NATO security policies and directives, advise on mitigation and remediation recommendations for those security requirements partially implemented (or not implemented), and document these in the relevant accreditation documents (Security Requirements Statements (SRSs), SecOPs);
• Produce the Security Operating Procedures (SecOPs) in line with the NATO security policies and directives;
• Develop Security Tests and Verification Plans (STVP);
• Conduct Security tests in accordance with defined test plans and provide associate reporting;
• Support the development of mitigation and remediation plans, following the identification and assessment of cybersecurity risks for NISC managed CIS, specifically assessing the residual risks after the application of cybersecurity risk mitigation measures;
• Assist with complex remediation activities for the NATO CIS in scope of this SoW; conduct remediation activities in collaboration with the NCIA Service Delivery Managers;
• Ensure adequate level of systems/data protection is implemented for NISC managed CIS in accordance with NATO Security policies and directives.

Operations:

• Perform all operation, support and maintenance activities described in Annex C;
• Log and track Service and Change requests using the enterprise ticketing system (ITSM);
• Ensure all tickets are updated with accurate and detailed information and resolved within the agreed service levels.

Escalation:

• Escalate complex issues to appropriate teams when necessary;
• Follow up on escalated issues to ensure timely resolution and user satisfaction.

Knowledge Base Management:

• Contribute to the creation and maintenance of a knowledge base, documenting common issues and solutions;
• Share knowledge and best practices with team members to improve overall service quality.

Performance Monitoring:

• Monitor support metrics and KPIs to ensure high-quality service delivery;
• Participate in regular reviews to identify areas for improvement and implement corrective actions.

Automation and Efficiency:

• Develop and implement automation scripts or advise on automated tools to streamline routine support tasks such as system and software checks and notifications, and the development/continuous update of the accreditation deliverables;
• Utilize automation to create workflows for repetitive tasks, improve service efficiency and proactively implement solutions.

Communication and Collaboration:

• Communicate effectively with internal user community to understand their issues and provide clear instructions;
• Collaborate with IT teams to resolve security issues and improve service delivery.