OV-PMA-004 IT Investment/Portfolio Manager
Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
Applies knowledge of data, information, processes, organizational interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities to manage acquisition programs. Executes duties governing hardware, software, and information system acquisition programs and other program management policies. Provides direct support for acquisitions that use information technology (IT)(including National Security Systems), applying IT-related laws and policies, and provides IT-related guidance throughout the total acquisition life cycle.
Manages a portfolio of IT investments that align with the overall needs of mission and enterprise priorities.
Knowledges 17
| Code | Description | Work Roles |
|---|---|---|
| K0001 | Knowledge of computer networking concepts and protocols, and network security methodologies. | 52 |
| K0002 | Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). | 52 |
| K0003 | Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. | 52 |
| K0004 | Knowledge of cybersecurity and privacy principles. | 52 |
| K0005 | Knowledge of cyber threats and vulnerabilities. | 52 |
| K0006 | Knowledge of specific operational impacts of cybersecurity lapses. | 52 |
| K0048 | Knowledge of Risk Management Framework (RMF) requirements. | 8 |
| K0072 | Knowledge of resource management principles and techniques. | 7 |
| K0120 | Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. | 6 |
| K0126 | Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161) | 14 |
| K0146 | Knowledge of the organization's core business/mission processes. | 10 |
| K0154 | Knowledge of supply chain risk management standards, processes, and practices. | 7 |
| K0165 | Knowledge of risk/threat assessment. | 5 |
| K0169 | Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. | 14 |
| K0235 | Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems. | 5 |
| K0257 | Knowledge of information technology (IT) acquisition/procurement requirements. | 5 |
| K0270 | Knowledge of the acquisition/procurement life cycle process. | 5 |
Skills 1
| Code | Description | Work Roles |
|---|---|---|
| S0372 | Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise. | 5 |
Abilities 1
| Code | Description | Work Roles |
|---|---|---|
| A0039 | Ability to oversee the development and update of the life cycle cost estimate. | 4 |
Tasks 8
| Code | Description | Work Roles |
|---|---|---|
| T0277 | Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. | 6 |
| T0302 | Develop contract language to ensure supply chain, system, network, and operational security are met. | 3 |
| T0377 | Gather feedback on customer satisfaction and internal service performance to foster continual improvement. | 4 |
| T0415 | Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered. | 4 |
| T0493 | Lead and oversee budget, staffing, and contracting. | 4 |
| T0551 | Draft and publish supply chain security and risk management documents. | 4 |
| T0220 | Resolve conflicts in laws, regulations, policies, standards, or procedures. | 6 |
| T0223 | Review or conduct audits of information technology (IT) programs and projects. | 5 |