Description

Security Accreditation Officer, ESA Security Office, Director General’s Services.

On 15 March 2023, the European Parliament and the Council of the European Union adopted Regulation (EU) 2023/588 establishing the Union Secure Connectivity Programme for the period 2023–2027.
The objective of the EU Secure Connectivity Programme is to deploy an EU satellite constellation, IRIS² (Infrastructure for Resilience, Interconnectivity and Security by Satellite). The Programme will provide an EU satellite-based, multiorbital communication infrastructure for governmental use while integrating and complementing existing and future national and European capacities in the framework of the GOVSATCOM component of the EU Space Programme.

The ESA Programme Related to EU Secure Connectivity is intended to support the effective development and validation of the EU Secure Connectivity (IRIS²) governmental infrastructure, which is to be developed, deployed and operated under a concession contract signed by the EU with a private consortium, and the services provided by it, as well as the validation and demonstration of services based on the commercial infrastructure developed by the contractors delivering the EU Secure Connectivity governmental infrastructure.

The European Commission and ESA will set up an Integrated Programme Team (IPT) to manage the EU IRIS² Programme and, in particular, the related concession contract, and to ensure close coordination between all activities relating to IRIS².

Reporting functionally to the Security Manager of the Integrated Programme Team and hierarchically to the Head of the ESA Security Office (ESA security authority), you will be responsible for supporting the preparation of the security accreditation dossier to be presented to the EU Security Accreditation Board (SAB).

You will liaise with ESA to that end and will rely on ESA for supervision of the related industrial activities in accordance with the agreements between ESA and the European Commission, interfacing with industry on matters relating to the security accreditation of the system and services developed under the IRIS² concession.

You will be assigned to Brussels until Q1 2028, with a possible extension within the limits of the 12-year Contribution Agreement between ESA and the Commission. At the end of the assignment, you will be reassigned to another post within the ESA Security Office at one of its locations.

Duties

Your tasks and responsibilities will include:

• the preparation of security accreditation deliverables in compliance with the applicable security accreditation strategy to be issued by the SAB;
• interfacing with the ESA Security Office for security activities aiming to confirm the suitability of the end-to-end security risk analysis, as designed and as built, including compliance with the security framework and preparatory activities in support of the system accreditation. To this end, you will establish and maintain the system security risk analysis for integration of the security analyses of the various IRIS² building blocks and their interfaces based on the relevant inputs from the concessionaire and related treatment plans:
• As-designed and as-built analyses, including industrial inputs, with the provision of system security impact and gap analysis;
• Identification of security measures at system level in order to ensure an acceptable system risk profile and accreditable architectural solutions;
• Review of the industry-driven security architecture, design, RFD, RFW, NCR and qualification status for the provision of system security impact analysis;
• Provision and maintenance of security vulnerability assessments, including specific penetration testing, and as-built compliance assessment in support of the security assessment of the security verification, qualification campaign and security accreditation process;
• Review and verification of adequacy and completeness between security operations procedures and the system security assurance in view of the potential threat landscape.
• establishing and maintaining the security management plan in liaison with ESA and EUSPA, addressing all security activities performed in line with the security framework and all operational measures aimed at creating, storing, processing and exchanging sensitive and classified information;
• interfacing with industry on matters relating to the security accreditation of the system and services developed under the IRIS² concession;
• participating in security accreditation panels and boards;
• interfacing with the ESA Security Office for activities relating to cyber internal audits.

Technical competencies

Behavioural competencies

Result Orientation 
Operational Efficiency 
Fostering Cooperation 
Relationship Management 
Continuous Improvement
Forward Thinking

Education

A master’s degree in a relevant engineering discipline is required for this post.

Additional requirements

• You should have substantial security experience.
• You are expected to have a very strong background in cyber security, policy and the associated standards and regulations.
• You should demonstrate excellent organisational skills and a high level of competency in stakeholder management.
• You must possess good judgment and communication skills, as well as integrity, and be willing to travel.