|Knowledge of information technology (IT) architectural concepts and frameworks.
|Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).
|Knowledge of Risk Management Framework (RMF) requirements.
|Knowledge of resource management principles and techniques.
|Knowledge of system life cycle management principles, including software security and usability.
|Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
|Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
|Ability to ensure security practices are followed throughout the acquisition process.
|Develop and maintain strategic plans.
|Develop methods to monitor and measure risk, compliance, and assurance efforts.
|Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
|Lead and oversee budget, staffing, and contracting.
|Perform needs analysis to determine opportunities for new and improved business process solutions.
|Resolve conflicts in laws, regulations, policies, standards, or procedures.
|Review or conduct audits of programs and projects.
|Knowledge of the organization’s core business/mission processes.
|Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
|Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
|Draft and publish supply chain security and risk management documents.
|Knowledge of supply chain risk management standards, processes, and practices.
|Develop and document supply chain risks for critical system elements, as appropriate.
|Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
|Participate in the acquisition process as necessary.
|Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
|Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
|Knowledge of the acquisition/procurement life cycle process.
|Ability to apply supply chain risk management standards.
|Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
|Knowledge of Import/Export Regulations related to cryptography and other security technologies.
|Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
|Conduct import/export reviews for acquiring systems and software.
|Develop supply chain, system, network, performance, and cyber security requirements.
|Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered.
|Develop contract language to ensure supply chain, system, network, and operational security are met.
|Coordinate and manage the overall service provided to a customer end-to-end.
|Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
|Ability to oversee the development and update of the lifecycle cost estimate.