Program/Project Management (PMA) and Acquisition NICE Specialty Area
NICE Work Role Name:
Program Manager
NICE Work Role ID:
OV-PMA-001
NICE Category:
Oversee & Govern (OV)
NICE Work Role Description:
Leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with agency or enterprise priorities.
-
Cybersecurity for Managers (OV314)
-
Cybersecurity for Managers – SP (OV214-SP)
-
Cybersecurity Operations and Planning (AN165)
-
Cybersecurity Operations and Planning – SP (AN165-SP)
-
FISMA Overview (SP106)
-
FISMA Overview – SP (SP106-SP)
-
Information Systems Owners (SP063-WBT)
-
Program Manager (OV205-RBT)
-
Risk Management Framework (RMF) for Program Managers – Overview (SP203)
-
Risk Management Framework (RMF) for Program Managers – Overview – SP (SP203-SP)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0047 – Knowledge of information technology (IT) architectural concepts and frameworks.
- K0048 – Knowledge of Risk Management Framework (RMF) requirements.
- K0072 – Knowledge of resource management principles and techniques.
- K0090 – Knowledge of system life cycle management principles, including software security and usability.
- K0101 – Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
- K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
- K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- K0146 – Knowledge of the organization’s core business/mission processes..
- K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
- K0154 – Knowledge of supply chain risk management standards, processes, and practices.
- K0164 – Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
- K0165 – Knowledge of risk/threat assessment.
- K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- K0194 – Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
- K0196 – Knowledge of Import/Export Regulations related to cryptography and other security technologies.
- K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
- K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
- K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
- K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
- K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
- S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
- A0009 – Ability to apply supply chain risk management standards.
- A0039 – Ability to oversee the development and update of the life cycle cost estimate.
- A0045 – Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
- A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
- T0066 – Develop and maintain strategic plans.
- T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
- T0174 – Perform needs analysis to determine opportunities for new and improved business process solutions.
- T0199 – Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
- T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
- T0223 – Review or conduct audits of information technology (IT) programs and projects.
- T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
- T0273 – Develop and document supply chain risks for critical system elements, as appropriate.
- T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- T0302 – Develop contract language to ensure supply chain, system, network, and operational security are met.
- T0340 – Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
- T0354 – Coordinate and manage the overall service provided to a customer end-to-end.
- T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
- T0379 – Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
- T0407 – Participate in the acquisition process as necessary.
- T0412 – Conduct import/export reviews for acquiring systems and software.
- T0414 – Develop supply chain, system, network, performance, and cybersecurity requirements.
- T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
- T0481 – Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
- T0493 – Lead and oversee budget, staffing, and contracting.
- T0551 – Draft and publish supply chain security and risk management documents.
NICE Work Role Name:
IT Project Manager
NICE Work Role ID:
OV-PMA-002
NICE Category:
Oversee & Govern (OV)
NICE Work Role Description:
Directly manages information technology projects.
-
Cybersecurity Operations and Planning (AN165)
-
Cybersecurity Operations and Planning – SP (AN165-SP)
-
Information Systems Owners (SP063-WBT)
-
IT Project Manager (OV206-RBT)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0012 – Draft and publish supply chain security and risk management documents.
- K0043 – Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- K0047 – Knowledge of information technology (IT) architectural concepts and frameworks.
- K0048 – Knowledge of Risk Management Framework (RMF) requirements.
- K0059 – Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- K0072 – Knowledge of resource management principles and techniques.
- K0090 – Knowledge of system life cycle management principles, including software security and usability.
- K0101 – Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
- K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
- K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- K0146 – Knowledge of the organization’s core business/mission processes.
- K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
- K0154 – Knowledge of supply chain risk management standards, processes, and practices.
- K0164 – Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes)
- K0165 – Knowledge of risk/threat assessment.
- K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- K0194 – Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
- K0196 – Knowledge of Import/Export Regulations related to cryptography and other security technologies.
- K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
- K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
- K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
- K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
- K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
- S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
- A0009 – Ability to apply supply chain risk management standards.
- A0039 – Ability to oversee the development and update of the life cycle cost estimate.
- A0045 – Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
- A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
- T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
- T0174 – Perform needs analysis to determine opportunities for new and improved business process solutions.
- T0196 – Provide advice on project costs, design concepts, or design changes.
- T0199 – Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
- T0207 – Provide ongoing optimization and problem-solving support.
- T0208 – Provide recommendations for possible improvements and upgrades.
- T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
- T0223 – Review or conduct audits of information technology (IT) programs and projects.
- T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
- T0273 – Develop and document supply chain risks for critical system elements, as appropriate.
- T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- T0340 – Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
- T0354 – Coordinate and manage the overall service provided to a customer end-to-end.
- T0370 – Ensure that appropriate Service-Level Agreements (SLAs) and underpinning contracts have been defined that clearly set out for the customer a description of the service and the measures for monitoring the service.
- T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
- T0379 – Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
- T0389 – Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
- T0394 – Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.
- T0407– Participate in the acquisition process as necessary.
- T0412 – Conduct import/export reviews for acquiring systems and software.
- T0414 – Develop supply chain, system, network, performance, and cybersecurity requirements.
- T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
- T0481 – Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
- T0493 – Lead and oversee budget, staffing, and contracting.
- T0551 – Draft and publish supply chain security and risk management documents.
NICE Work Role Name:
Product Support Manager
NICE Work Role ID:
OV-PMA-003
NICE Category:
Oversee & Govern (OV)
NICE Work Role Description:
Manages the package of support functions required to field and maintain the readiness and operational capability of systems and components.
-
Product Support Manager (OV207-RBT)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0043 – Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- K0048 – Knowledge of Risk Management Framework (RMF) requirements.
- K0059 – Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- K0072 – Knowledge of resource management principles and techniques.
- K0090 – Knowledge of system life cycle management principles, including software security and usability.
- K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
- K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
- K0150 – Knowledge of enterprise incident response program, roles, and responsibilities.
- K0154 – Knowledge of supply chain risk management standards, processes, and practices.
- K0164 – Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
- K0165 – Knowledge of risk/threat assessment.
- K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- K0194 – Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
- K0196 – Knowledge of Import/Export Regulations related to cryptography and other security technologies.
- K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
- K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
- K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
- K0249 – Knowledge of sustainment technologies, processes and strategies.
- K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
- K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
- S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
- A0009 – Ability to apply supply chain risk management standards.
- A0039 – Ability to oversee the development and update of the life cycle cost estimate.
- A0045 – Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
- A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
- T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
- T0174 – Perform needs analysis to determine opportunities for new and improved business process solutions.
- T0196 – Provide advice on project costs, design concepts, or design changes.
- T0204 – Provide input to implementation plans and standard operating procedures.
- T0207 – Provide ongoing optimization and problem-solving support.
- T0208 – Provide recommendations for possible improvements and upgrades.
- T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
- T0223 – Review or conduct audits of information technology (IT) programs and projects.
- T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
- T0273 – Develop and document supply chain risks for critical system elements, as appropriate.
- T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- T0302 – Develop contract language to ensure supply chain, system, network, and operational security are met.
- T0340 – Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
- T0354 – Coordinate and manage the overall service provided to a customer end-to-end.
- T0370 – Ensure that appropriate Service-Level Agreements (SLAs) and underpinning contracts have been defined that clearly set out for the customer a description of the service and the measures for monitoring the service.
- T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
- T0389 – Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
- T0394 – Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.
- T0412 – Conduct import/export reviews for acquiring systems and software.
- T0414 – Develop supply chain, system, network, performance, and cybersecurity requirements.
- T0493 – Lead and oversee budget, staffing, and contracting.
- T0525 – Provide enterprise cybersecurity and supply chain risk management guidance.
- T0551 – Draft and publish supply chain security and risk management documents.
- T0553 – Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.
NICE Work Role Name:
IT Investment/Portfolio Manager
NICE Work Role ID:
OV-PMA-004
NICE Category:
Oversee & Govern (OV)
NICE Work Role Description:
Manages a portfolio of IT investments that align with the overall needs of mission and enterprise priorities.
-
IT Investment/Portfolio Manager (OV305-RBT)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0048 – Knowledge of Risk Management Framework (RMF) requirements.
- K0072 – Knowledge of resource management principles and techniques.
- K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
- K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- K0146 – Knowledge of the organization’s core business/mission processes.
- K0154 – Knowledge of supply chain risk management standards, processes, and practices.
- K0165 – Knowledge of risk/threat assessment.
- K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
- K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
- K0270 – Knowledge of the acquisition/procurement life cycle process.
Abilities
- A0039 – Ability to oversee the development and update of the life cycle cost estimate.
Tasks
- T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
- T0223 – Review or conduct audits of information technology (IT) programs and projects.
- T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- T0302 – Develop contract language to ensure supply chain, system, network, and operational security are met.
- T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
- T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
- T0493 – Lead and oversee budget, staffing, and contracting.
- T0551 – Draft and publish supply chain security and risk management documents.
NICE Work Role Name:
IT Program Auditor
NICE Work Role ID:
OV-PMA-005
NICE Category:
Oversee & Govern (OV)
NICE Work Role Description:
Conducts evaluations of an IT program or its individual components to determine compliance with published standards.
-
Information Security and Information Technology Auditing (OV131)
-
IT Program Auditor (OV208-RBT)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0043 – Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- K0047 – Knowledge of information technology (IT) architectural concepts and frameworks.
- K0048 – Knowledge of Risk Management Framework (RMF) requirements.
- K0072 – Knowledge of resource management principles and techniques.
- K0090 – Knowledge of system life cycle management principles, including software security and usability.
- K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
- K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
- K0154 – Knowledge of supply chain risk management standards, processes, and practices.
- K0165 – Knowledge of risk/threat assessment.
- K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
- K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
- K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
- K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
- K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
- S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- S0085 – Skill in conducting audits or reviews of technical systems.
- S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
- A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
- T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
- T0207 – Provide ongoing optimization and problem-solving support.
- T0208 – Provide recommendations for possible improvements and upgrades.
- T0223 – Review or conduct audits of information technology (IT) programs and projects.
- T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
- T0389 – Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
- T0412 – Conduct import/export reviews for acquiring systems and software.
- T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.