Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cybersecurity and privacy principles.
Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses.
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
Knowledge of the organization's core business/mission processes.
Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).
Knowledge of strategic theory and practice.
Knowledge of emerging technologies that have potential for exploitation.
Knowledge of industry indicators useful for identifying technology trends.
Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
Knowledge of current and emerging cyber technologies.
Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
Skill in preparing plans and related correspondence.
Ability to determine the validity of technology trend data.
Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
Develop policy, programs, and guidelines for implementation.
Establish and maintain communication channels with stakeholders.
Review existing and proposed policies with stakeholders.
Serve on agency and interagency policy boards.
Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
Analyze organizational cyber policy.
Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
Define and integrate current and future mission environments.
Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan.
Draft, staff, and publish cyber policy.
Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
Seek consensus on proposed policy changes from stakeholders.
Provide policy guidance to cyber management, staff, and users.
Review, conduct, or participate in audits of cyber programs and projects.
Support the CIO in the formulation of cyber-related policies.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.