Communications Security (COMSEC) Manager

Individual who manages the Communications Security (COMSEC) resources of an organization (CNSSI 4009) or key custodian for a Crypto Key Management System (CKMS).
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of encryption algorithms
  • Knowledge of business continuity and disaster recovery continuity of operations plans.
  • Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Knowledge of incident response and handling methodologies.
  • Knowledge of system life cycle management principles, including software security and usability.
  • Knowledge of the organization's enterprise information technology (IT) goals and objectives.
  • Knowledge of information security program management and project management principles and techniques.
  • Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • Knowledge of critical information technology (IT) procurement requirements.
  • Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
  • Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.
  • Knowledge of an organization's information classification program and procedures for information compromise.
  • Knowledge of controls related to the use, processing, storage, and transmission of data.
  • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • Skill in using Virtual Private Network (VPN) devices and encryption.
  • Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
  • Ability to interpret Communications Security (COMSEC) terminology, guidelines and procedures.
  • Ability to identify the roles and responsibilities for appointed Communications Security (COMSEC) personnel.
  • Ability to manage Communications Security (COMSEC) material accounting, control and use procedure.
  • Ability to identify types of Communications Security (COMSEC) Incidents and how they're reported.
  • Ability to recognize the importance of auditing Communications Security (COMSEC) material and accounts.
  • Ability to Identify the requirements of In-Process accounting for Communications Security (COMSEC).
  • Ability to recognize the unique aspects of the Communications Security (COMSEC) environment and hierarchy.
  • Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
  • Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
  • Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
  • Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
  • Ensure that security improvement actions are evaluated, validated, and implemented as required.
  • Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
  • Evaluate cost/benefit, economic, and risk analysis in decision-making process.
  • Recognize a possible security violation and take appropriate action to report the incident, as required.
  • Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.