Skip to content

Risk Assessments Support

On-site
  • Prague, Praha, Hlavní město, Czechia
EUSPA

Job description

We are looking for multiple people in support of Risk Assessments on behalf of and in support to our client for multiple locations in Europe: Prague, Saint-Germain-en-Laye (France), Madrid (Spain), Noordwijk (the Netherlands), Oberpfaffenhoffen (Germany), Fucino (Italy) and Toulouse (France). The selected candidate should show integrity and professionalism. Please note that the start date would be the beginning of April 2024 and that the engagement will be in two consecutive phases (within and after October 2024).


The activities below will include frequent access to classified security areas and systems. They may entail meetings in the other client's premises in Europe, EC premises in Brussels, ESA premises in Noordwijk – ESTEC (The Netherlands) or other European centres, Galileo Control Centres in Fucino (Italy) and Oberpfaffenhoffen (Germany) or other space programme sites across the world (for a few tasks).


Please note, the successful candidate will be employed by ATG Europe (or one of its subsidiaries). Furthermore, upon selection, they will be subject to a general security screening performed by an external provider (further information will be provided at interview stage).


The successful candidate will be tasked with, but not limited to:

  • Define and consolidate the security risk assessment methodology (to be agreed with EUSPA). Security risk assessment will be performed by applying the SACP defined processes and maintaining the SSP and associated annexes up-to-date;
  • Define and maintain the System Risk Primary and Supporting Assets (based on the MODAF modelling or other equivalent model after EUSPA agreement);
  • Define and maintain the System Risk Threat Scenario list;
  • Define and maintain the System Risk Threat Scenario coverage (based on the MODAF modelling or other equivalent model after EUSPA agreement);
  • Perform a preliminary risk analysis for the definition of new services or new functionalities (ad hoc request);
  • Perform the risk evaluation by analysing the inputs coming from the different stakeholders in accordance with the Security Accreditation and certification plan and the cyber status report (at accreditation milestones);
  • Analyse the security impact of any modification in the operational conditions, including both operations and infrastructure changes, and ensure that any vulnerabilities identified are properly traced in the risk analysis and risk register;
  • Support the review of the documentation and results related to the execution of security audit test campaigns (e.g. Penetration Test), by incorporating them in the System Security Plan and identifying if required the associated treatment plans;
  • Propose the risk mitigations for the security risks identified in the risk assessment process in the form of treatment plans. The mitigation shall explain the expected risk reduction;
  • Follow-up of the Risk Treatment Plan implementation and cyber vulnerability status in close liaison with the different treatment plan owner;
  • Maintain the integrity and overall consistency of the contents of the data bases and ensure regular (monthly) availability of the aggregated Security Risk data base (Risk Registers and treatment Plans);
  • Maintain the overall aggregated Security Risk data base (Risk Registers and Treatment Plans) based on the as-designed and as-built risk analysis, perform the risk projection per accreditation milestone considering the expected impact from the implementation of Treatment Plans;
  • Follow up and document the status of implementation of the approved risk treatment plans based on inputs from the affected stakeholder and update the Security Risk data base (Risk Registers and Treatment Plans).

Job requirements

  • Master degree in Engineering or relevant field; Possibly Bachelor with solid experience as a fall back option;
  • Between 2 and 10 years of relevant working experience in security engineering for classified environments / defence;
  • Exposed to ISO27001 / 27002 certified environments and COMSEC information;
  • One or more of the fields of expertise are required:
    • Security Governance and risk management;
    • Security Audit and implementation;
    • Service and facility management;
    • Handling of classified documentation (EU, NATO);
    • Security accreditation;
    • Business development.
  • ISO27001 audit experience is an asset;
  • Fluency in English, both written and spoken;
  • Eligibility to work and live in the EU;
  • Eligibility for EU Personal Security Clearance is mandatory.

Please submit your application in English via the apply button below. Applications submitted in other languages will not be considered.

Details

  • Prague, Czechia
EUSPA

or

What do we offer?

In ATG Europe (or our subsidiaries) you will have the chance to work on the most interesting and technologically advanced projects in the space, big-science, and high-tech domains. You will enjoy the focused yet relaxed spirit and culture of our teams and the excellent working conditions our company provides. We firmly believe that development and growth perspectives are crucial to everyone’s career, and we therefore provide you with a personal development plan, regular assessment checkpoints and a dedicated training and education budget to support you, not only in your current work, but also paving the road to your next professional steps.

For those relocating in order to embrace a new career with us, we offer international relocation assistance in settling in your new home or finding the right school for your children and a relocation budget that is applicable to all ATG staff.

About ATG Europe

Today, ATG Europe is recognized as a leading provider of specialized engineering, scientific and technical services to the European Space, Big-Science, and high-tech industry. Our headquarters are located in Noordwijk, the Netherlands and we have subsidiaries in Germany, Ireland, Spain, Italy, and the UK. Besides these countries, ATG also operates in France, Czech Republic, Sweden, Norway, and Belgium.