Skip to content

EUCI/COMSEC Management Support

On-site
  • Prague, Praha, Hlavní město, Czechia
  • Saint-Germain-en-Laye, Île-de-France, France
+1 more
EUSPA

Job description

We are looking for multiple people in support of EUCI/COMSEC Management on behalf of and in support to our client for multiple locations in Europe: Prague, Saint-Germain-en-Laye (France), Madrid (Spain), Noordwijk (the Netherlands), Oberpfaffenhoffen (Germany), Fucino (Italy) and Toulouse (France). The selected candidate should show integrity and professionalism. Please note that the start date would be the beginning of April 2024 and that the engagement will be in two consecutive phases (within and after October 2024).


The activities below will include frequent access to classified security areas and systems. They may entail meetings in the other client's premises in Europe, EC premises in Brussels, ESA premises in Noordwijk – ESTEC (The Netherlands) or other European centres, Galileo Control Centres in Fucino (Italy) and Oberpfaffenhoffen (Germany) or other space programme sites across the world (for a few tasks).


Please note, the successful candidate will be employed by ATG Europe (or one of its subsidiaries). Furthermore, upon selection, they will be subject to a general security screening performed by an external provider (further information will be provided at interview stage).


The successful candidate will be tasked with, but not limited to:

  • Support to LSO;
    • Coordinating and contributing to the update of accreditation files for the GSMC sites and ensuring publication in the appropriate documentation repositories when validated;
    • Maintaining RFV IN/OUT Data bases and process site access request;
    • Maintaining and updating monitoring tables for:
      • Electronic key boxes;
      • Access badges;
      • Keys (offices, cupboards, racks…);
      • All kind of safes;
    • Reviewing each morning the guarding services provider electronic handrail and monitor quality and accuracy of information;
    • Preparing synthesis of activities;
    • Liaising with French authorities screening of new comers;
    • Reviewing and updating presentations for:
      • Induction,
      • Health and safety;
    • Preparing MoM of dedicated meetings like;
      • Monthly meetings with guarding services provider;
      • Quarterly meetings with guarding services provider;
      • Other regular meetings held involving GSMC Security team;
  • Support to LISO;
    • Systems access managemenT;
      • Help optimize the user access registration workflows and associated procedures;
      • Help maintain the user access registry and assist in the control of system compliance against this registry;
    • Awareness and Trainings;
      • Maintain content of Infosec briefings support;
      • Provide Infosec Briefing to operators (LISO backup) and any other staff when required;
    • Cooperate with the ICT Department in disseminating good IT security practices and propose specific awareness-raising and training programmes;
    • Security Standards and Procedures (in close liaison with ENG);
      • Build the control plan link to requirements displayed in SecOPs;
      • Coordinate and contribute to the update of SecOPs;
      • Ensure publication in the appropriate documentation repositories when validated;
    • Accreditation, audits and operational control activities related to Information security;
      • Contribute to the accreditation process of the EUSPA CIS handling EUCI, including the organisation of the reviews required for the accreditation process, in support of the EUSPA Security Accreditation Authority;
      • Maintain an updated operational control plan, schedule and coordinate extractions and reviews, ensure corrections plans are followed;
    • Maintain an external audit activity schedule from gathered information, communicate with impacted GSMC services to prepare audits, coordinate answers and ensure that proper feedback is given to auditors;
    • Incident handling;
      • Prepare and maintain an incident registry, with associated forms and contacts involved in the process;
      • Ensure proper handling on incidents in support to the LISO when required;
      • Coordinate corrective actions on both GSMCs sites;
    • Change and configuration management;
      • Review the anomaly and change request tickets in ARTS, attend the ARBs and the CCBs organized at the GSMC sites (Reviewing change proposals and assess the security impact of change proposals);
      • Supporting the ARB & CCB: support assessment of criticality of anomalies and assess impact of change requests proposed by industry on the GSMC security perimeter;
      • Support the follow-up of deviation compared to the defined baselines and the maintenance of corresponding documentation / risk assessments delivered by upstream activities;
      • Reviewing changes in the assets (usage of refurbished assets, conditions etc);
  • Support to the COMSEC Authority;
    • Implementation of the COMSEC Policies, Processes and Procedures under the oversight and instruction of the COMSEC Authority manager, including;
      • Preparation and review of COMSEC documentation for the management of COMSEC staff and accounts;
        • Preparation (for CDA account) or review (for other accounts) of formal documents related to the appointment of Crypto Custodians, Specimens of signature;
      • Preparation and review of COMSEC documentation for the accounting and distribution of COMSEC assets (not including COMSEC incident management);
        • Preparation (for CDA account) or review (for other accounts) of Transportation Plans;
        • Preparation of deliveries and deliveries paperwork (DN, CIR and KMR);
      • Preparation, creation and implementation of COMSEC asset material distribution to external programme stakeholders;
        • Preparation of deliveries (CD ROMs, printed KEK, DN, CIR, KMR, letters);
        • Secure packaging;
        • DHL tracking (registering deliveries, monitoring status);
      • Preparation of deliveries (CD ROM and KEK Collection of performance metrics and suggestions for refinement of the COMSEC Authority procedures as part of ISO9001 continual quality improvement;
        • Preparation of report(s) on request;
      • Liaison with EC security directorate, national crypto distribution authorities of the member states and crypto distribution authorities of independent legal entities (e.g. ESA) on COMSEC matters under the instruction of the Agency Distribution Authority;
      • Monitoring the functional team mailbox and processing requests (ticketing tool in place) – Provision of weekly statistics – domain: key material distribution, Attendance and contribution to programme COMSEC meetings and formations on behalf of the COMSEC Authority;
        • Supports for meeting (DMS: Presentation for Formal Release);
        • Minutes of Meeting – when CA chairs (DMS: Minutes of Meeting);
        • Flash report – when CA attends only (CA internal format);
      • Organisation, presentation of COMSEC trainings;
        • COMSEC training material (DMS: Presentation for Formal Release) ;
    • Preparation and delivery of CA outputs to stakeholders (governance, programme, accreditation and user communities), including Workshops for the improvement of programme COMSEC at crypto distribution authority level;
      • Issuance (with KAGS) of Community Information Files, Personal Information Files and Asset Attribution Documents;
      • Provision by email to SPIDER Service consumers;
    • Crypto support: Support the Agency in further defining the setup of the Agency Crypto Distribution Authority (CDA) and advise on potential cryptographic key distribution mechanisms that may be appropriate for the efficient (and effective) distribution of keys from the Galileo system to the end-user receivers;
      • Preparation or review of Key Management Plans, Crypto Plans and SecOpsSuch support may cover organisational aspects and technical options reviews/specifications aspects;
      • This includes activities such as implementation of agency COMSEC Policy and Processes and the derivation of future procedures resulting from these processes.
    • Vulnerability Assessment of the internal Communication and Information systems (CIS);
      • Review of the existing CIS documentation, with the focus on the security architecture of the CIS, distribution of roles (administrators, users, auditors etc.) and compliance of the environment to the documentation;
      • Testing of systems security and integrity by approved technical means;
      • Identification of system security risks;
      • Reporting on identified findings;
      • Drafting of correction/mitigation plans;
      • Drafting of CIS related security documentation;
      • Production of presentations and minutes of meeting (e.g. APIS, ISSB);
    • Security documentation support;
      • Support to the creation of security related documents like security policies, security processes, security operating procedures (SecOPs), also in support of ISO certification documentation, e.g. for ISO 27001;
      • Ensure the implementation of configuration and document management (CADM) processes and activities, including use of specific IT tools (for documents classified up to RESTREINT UE/EU RESTRICTED) in cooperation with the CADM in charge of the handling of unclassified documents;
      • Act as point of contact for the encryption and decryption of information classified up to RESTREINT UE/EU RESTRICTED using specific certified tools of the Agency;
      • Design, development, implementation, support to review, execution and maintenance of exploitation risk management methods, processes, procedures, registries and activities, including the use of dedicated IT tools and suggestions of measures to reduce or mitigating existing threats/risks;
      • Support to coordination of security meetings;
        • Ensuring the secretariat;
        • Administrating the input and output documentation.

Job requirements

  • Master degree in Engineering or relevant field; Possibly Bachelor with solid experience as a fall back option;
  • Between 2 and 10 years of relevant working experience in security engineering for classified environments / defence;
  • Exposed to ISO27001 / 27002 certified environments and COMSEC information;
  • One or more of the fields of expertise are required:
    • Security Governance and risk management;
    • Security Audit and implementation;
    • Service and facility management;
    • Handling of classified documentation (EU, NATO);
    • Security accreditation;
    • Business development.
  • ISO27001 audit experience is an asset;
  • Fluency in English, both written and spoken;
  • Eligibility to work and live in the EU;
  • Eligibility for EU Personal Security Clearance is mandatory.

Please submit your application in English via the apply button below. Applications submitted in other languages will not be considered.

Details

  • Prague, Czechia
  • Saint-Germain-en-Laye, France
+1 more
EUSPA

or

What do we offer?

In ATG Europe (or our subsidiaries) you will have the chance to work on the most interesting and technologically advanced projects in the space, big-science, and high-tech domains. You will enjoy the focused yet relaxed spirit and culture of our teams and the excellent working conditions our company provides. We firmly believe that development and growth perspectives are crucial to everyone’s career, and we therefore provide you with a personal development plan, regular assessment checkpoints and a dedicated training and education budget to support you, not only in your current work, but also paving the road to your next professional steps.

For those relocating in order to embrace a new career with us, we offer international relocation assistance in settling in your new home or finding the right school for your children and a relocation budget that is applicable to all ATG staff.

About ATG Europe

Today, ATG Europe is recognized as a leading provider of specialized engineering, scientific and technical services to the European Space, Big-Science, and high-tech industry. Our headquarters are located in Noordwijk, the Netherlands and we have subsidiaries in Germany, Ireland, Spain, Italy, and the UK. Besides these countries, ATG also operates in France, Czech Republic, Sweden, Norway, and Belgium.