* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge of disaster recovery continuity of operations plans.

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge of incident response and handling methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Advise senior management (e.g., CIO) on risk levels and security posture.

Ensure security improvement actions are evaluated, validated, and implemented as required.

Recognize a possible security violation and take appropriate action to report the incident, as required.

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Knowledge of an organization’s information classification program and procedures for information compromise.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge of system life cycle management principles, including software security and usability.

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Knowledge of information security program management and project management principles and techniques.

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.

Evaluate cost benefit, economic, and risk analysis in decision making process.

Knowledge of critical information technology (IT) procurement requirements.

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.