Information Systems Security Manager

Work Role ID: 722  |  Workforce Element: Cybersecurity

What does this work role do? Responsible for the cybersecurity of a program, organization, system, or enclave.

KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
29 Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools. Knowledge
37 Knowledge of disaster recovery continuity of operations plans. Knowledge
49 Knowledge of host/network access control mechanisms (e.g., access control list). Knowledge
55 Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data. Knowledge
58 Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Knowledge
61 Knowledge of incident response and handling methodologies. Knowledge
66 Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies. Knowledge
77 Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
112 Knowledge of server administration and systems engineering theories, concepts, and methods. Knowledge
126 Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design. Knowledge
129 Knowledge of system life cycle management principles, including software security and usability. Knowledge
143 Knowledge of the organization’s enterprise information technology (IT) goals and objectives. Knowledge
150 Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. Knowledge
173 Skill in creating policies that reflect system security objectives. Skill
183 Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Skill
299 Knowledge of information security program management and project management principles and techniques. Knowledge
391 Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. Task
395 Advise senior management (e.g., CIO) on risk levels and security posture. Task
397 Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture. Task
440 Collect and maintain data needed to meet system cybersecurity reporting. Task
445 Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. Task
578 Ensure security improvement actions are evaluated, validated, and implemented as required. Task
584 Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. Task
585 Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s). Task
628 Identify alternative information security strategies to address organizational security objective. Task
640 Identify information technology (IT) security program implications of new technologies or technology upgrades. Task
677 Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program. Task
705 Manage the monitoring of information security data sources to maintain organizational situational awareness. Task
730 Oversee the information security training and awareness program. Task
733 Participate in the development or modification of the computer environment cybersecurity program plans and requirements. Task
790 Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations. Task
816 Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents. Task
824 Recognize a possible security violation and take appropriate action to report the incident, as required. Task
828 Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements. Task
852 Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. Task
862 Track audit findings and recommendations to ensure appropriate mitigation actions are taken. Task
919 Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals. Task
947 Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Task
962 Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle. Task
963 Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Task
964 Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals. Task
965 Knowledge of organization’s risk tolerance and/or risk management approach. Knowledge
966 Knowledge of enterprise incident response program, roles, and responsibilities. Knowledge
967 Knowledge of current and emerging threats/threat vectors. Knowledge
1016 Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs). Task
1032 Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Task
1034A Knowledge of Personally Identifiable Information (PII) data security standards. Knowledge
1036 Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. Knowledge
1037 Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. Knowledge
1072 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge
1141A Knowledge of an organization’s information classification program and procedures for information compromise. Knowledge
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
6935 * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Knowledge
6938 * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. Knowledge
KSAT ID Description KSAT
9 Knowledge of applicable business processes and operations of customer organizations. Knowledge
25 Knowledge of encryption algorithms Knowledge
62 Knowledge of industry-standard and organizationally accepted analysis principles and methods. Knowledge
69A Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). Knowledge
76 Knowledge of measures or indicators of system performance and availability. Knowledge
81A Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge
87 Knowledge of network traffic analysis methods. Knowledge
88A Knowledge of current and emerging cyber technologies. Knowledge
92 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet ProtocoL, Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version). Knowledge
95A Knowledge of penetration testing principles, tools, and techniques. Knowledge
105 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge
107 Knowledge of resource management principles and techniques. Knowledge
113 Knowledge of server and client operating systems. Knowledge
132 Knowledge of technology integration processes. Knowledge
325 Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative duties, secure procurement, supply chain risk management). Knowledge
392 Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. Task
396 Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. Task
475 Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Task
572 Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment. Task
590 Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. Task
596 Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy. Task
598A Evaluate and approve development efforts to ensure that baseline security safeguards controls/measures are appropriately installed.​ Task
600 Evaluate cost benefit, economic, and risk analysis in decision making process. Task
674 Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. Task
676 Interpret and/or approve security requirements relative to the capabilities of new information technologies. Task
679 Lead and align information technology (IT) security priorities with the security strategy. Task
680 Lead and oversee information security budget, staffing, and contracting. Task
706 Manage the publishing of Computer Network Defense guidance for the enterprise constituency. Task
707 Manage threat or target analysis of cyber defense information and production of threat information within the enterprise. Task
711 Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection. Task
731A Participate in risk assessment and authorization per Risk Management Framework processes. Task
801 Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. Task
810 Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. Task
818 Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters. Task
848 Recommend policy and coordinate review and approval. Task
869 Use federal and organization-specific published documents to manage operations of their computing environment system(s). Task
948 Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk. Task
949 Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Task
1004 Knowledge of critical information technology (IT) procurement requirements. Knowledge
1017 Participate in the acquisition process as necessary, following appropriate supply chain risk management practices. Task
1018 Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. Task
1033 Knowledge of basic system administration, network, and operating system hardening techniques. Knowledge
1034C Knowledge of Personal Health Information (PHI) data security standards. Knowledge
1034B Knowledge of Payment Card Industry (PCI) data security standards. Knowledge
1035 Forecast ongoing service demands and ensure security assumptions are reviewed as necessary. Task
1038B Knowledge of local specialized system requirements. Knowledge
1039 Skill in evaluating the trustworthiness of the supplier and/or product. Skill
1040A Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. Knowledge
1041 Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. Task
1073 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. Knowledge
1131 Knowledge of security architecture concepts and enterprise architecture reference models. Knowledge
6918 Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. Ability