OG-WRL-011
Secure Project Management OPM Code: 802

Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related risks to the enterprise and conduct cybersecurity work.

Responsible for overseeing and directly managing technology projects. Ensures cybersecurity is built into projects to protect the organization's critical infrastructure and assets, reduce risk, and meet organizational goals. Tracks and communicates project status and demonstrates project value to the organization.

Code Description Work Roles
T0220 Resolve conflicts in laws, regulations, policies, standards, or procedures 5
T0412 Conduct import/export reviews for acquiring systems and software 4
T1011 Apply standards to identify safety risk and protect cyber-physical functions 3
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1022 Review enterprise information technology (IT) goals and objectives 9
T1023 Identify critical technology procurement requirements 11
T1026 Determine procurement requirements 9
T1031 Implement intelligence collection requirements 4
T1067 Recommend development of new applications or modification of existing applications 4
T1068 Create development plans for new applications or modification of existing applications 4
T1154 Develop risk, compliance, and assurance monitoring strategies 4
T1155 Develop risk, compliance, and assurance measurement strategies 4
T1227 Manage cybersecurity budget, staffing, and contracting 8
T1259 Identify opportunities for new and improved business process solutions 4
T1291 Advise stakeholders on the development of continuity of operations plans 4
T1306 Conduct technology program and project audits 7
T1344 Determine if procurement activities sufficiently address supply chain risks 5
T1345 Recommend improvements to procurement activities to address cybersecurity requirements 6
T1366 Identify supply chain risks for critical system elements 4
T1367 Document supply chain risks for critical system elements 4
T1369 Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements 6
T1394 Develop independent cybersecurity audit processes for application software, networks, and systems 7
T1395 Implement independent cybersecurity audit processes for application software, networks, and systems 7
T1396 Oversee independent cybersecurity audits 7
T1397 Determine if research and design processes and procedures are in compliance with cybersecurity requirements 7
T1398 Determine if research and design processes and procedures are accurately followed by cybersecurity staff when performing their day-to-day activities 7
T1399 Develop supply chain, system, network, and operational security contract language 5
T1435 Determine if technology services are delivered successfully 3
T1448 Manage customer services 3
T1465 Define service-level agreements (SLAs) 2
T1472 Gather customer satisfaction and service performance feedback 4
T1474 Define operating level agreements (OLAs) 2
T1480 Examine service performance reports for issues and variances 3
T1481 Initiate corrective actions to service performance issues and variances 3
T1497 Determine supply chain cybersecurity requirements 3
T1498 Determine if cybersecurity requirements included in contracts are delivered 4
T1552 Identify cyber workforce planning and management issues 3
T1553 Address cyber workforce planning and management issues 3
T1601 Advise stakeholders on enterprise cybersecurity risk management 4
T1602 Advise stakeholders on supply chain risk management 4
T1621 Prepare supply chain security reports 4
T1622 Prepare risk management reports 4
Code Description Work Roles
K0498 Knowledge of operational planning processes 6
K0650 Knowledge of supplier assessment criteria 3
K0651 Knowledge of trustworthiness principles 3
K0653 Knowledge of cybersecurity practices in the acquisition process 6
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0690 Knowledge of requirements analysis principles and practices 6
K0721 Knowledge of risk management principles and practices 19
K0727 Knowledge of analysis standards and best practices 7
K0728 Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices 20
K0729 Knowledge of non-repudiation principles and practices 20
K0730 Knowledge of cyber safety principles and practices 20
K0733 Knowledge of information technology (IT) architecture models and frameworks 4
K0734 Knowledge of Risk Management Framework (RMF) requirements 14
K0735 Knowledge of risk management models and frameworks 13
K0736 Knowledge of information technology (IT) security principles and practices 18
K0743 Knowledge of new and emerging technologies 15
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0754 Knowledge of resource management principles and practices 7
K0771 Knowledge of system life cycle management principles and practices 9
K0803 Knowledge of supply chain risk management principles and practices 17
K0819 Knowledge of import and export control laws and regulations 8
K0820 Knowledge of supply chain risks 18
K0821 Knowledge of federal agency roles and responsibilities 9
K0828 Knowledge of supply chain risk management standards and best practices 16
K0834 Knowledge of technology procurement principles and practices 11
K0835 Knowledge of risk assessment principles and practices 8
K0836 Knowledge of threat assessment principles and practices 7
K0838 Knowledge of supply chain risk management policies and procedures 13
K0863 Knowledge of cloud computing principles and practices 6
K0864 Knowledge of knowledge management principles and practices 6
K0868 Knowledge of process improvement principles and practices 6
K0869 Knowledge of process maturity models and frameworks 6
K0872 Knowledge of service management principles and practices 11
K0873 Knowledge of service management standards and best practices 11
K0920 Knowledge of risk management policies and procedures 7
K0922 Knowledge of the acquisition life cycle models and frameworks 7
K0983 Knowledge of computer networking principles and practices 39
K1014 Knowledge of network security principles and practices 40
K1137 Knowledge of cybersecurity requirements 11
K1180 Knowledge of organizational cybersecurity goals and objectives 11
K1206 Knowledge of research and design processes and procedures 7
Code Description Work Roles
S0423 Skill in analyzing processes to ensure conformance with procedural requirements 6
S0462 Skill in integrating information security requirements in the acquisitions process 7
S0463 Skill in implementing software quality control processes 7
S0479 Skill in evaluating supplier trustworthiness 6
S0555 Skill in performing capabilities analysis 5
S0556 Skill in performing requirements analysis 5
S0579 Skill in preparing reports 11
S0580 Skill in monitoring system performance 5
S0581 Skill in configuring systems for performance enhancement 5
S0673 Skill in translating operational requirements into security controls 8
S0687 Skill in performing administrative planning activities 9
S0759 Skill in identifying requirements 4
S0811 Skill in managing intelligence collection requirements 5
S0821 Skill in collaborating with internal and external stakeholders 9
S0870 Skill in performing needs analysis 4