C CERG Cyber Engineering, Risk & Governance
Markdown GitHub
Document ID CERG-GOV-JD-001
Version 2.0
Status Approved
Classification Public
Owner Governance Pillar Leader (Policy & Standards)
Parent Policy CERG-POL-001 - Cybersecurity Policy
Review Cycle Annual; or upon any change to the canonical role roster
Frameworks NIST SP 800-181r1 (NICE)
Regulations Cross-cutting
Environments All CERG-managed workforce

Table of Contents

  1. About This Document
  2. Job Family Structure
  3. Per-Role Document Index
  4. Document Control

1. About This Document

This document is now a family-level index. As of v2.0 (2026-06-11), individual role descriptions have been extracted from this monolithic file into standalone per-role documents under roles/. Each per-role document includes:

  • NICE Workforce Framework mapping — primary and secondary NICE Work Roles with codes
  • Job Family and Level placement — family designation and grade range per JF-001
  • Key Responsibilities — extracted from the original JD-001 content, organized by core vs. grade-level differentiation
  • Required KSAs — domain expertise, technical skills, and CERG-specific knowledge
  • NICE TKS Statement References — populated sections for Task, Knowledge, and Skill statement IDs
  • KPIs — mapped sections for MTR-001 canonical metrics with grade-level thresholds
  • Competency Expectations — populated sections with CMP-001 behavioral anchors
  • Career Path — within-family progression, cross-family movement, and management track options

The original JD-001 content is preserved in the per-role files. This index file replaces the monolithic structure to enable modular use: a hiring manager can attach a single role description to a requisition; an auditor can pull the specific role evidence they need; a team member can see their career options.

2. Job Family Structure

The 27 canonical CERG roles are organized into five Job Families. See JF-001 for the full family structure, level definitions, career lattice, and progression gates.

Family ID Family Name Family Index Roles
JF-SECENG Security Engineering SECENG-000 6 engineering roles
JF-RISKOPS Risk Operations RISKOPS-000 7 risk operations roles
JF-GOVCOMP Governance & Compliance GOVCOMP-000 6 compliance roles
JF-EXEC Executive Leadership EXEC-000 2 executive roles
JF-ADJUNCT Incident Response ADJUNCT-000 2 adjacent IR roles

Pillar Leaders — three management-track roles (Engineering Pillar Leader, Risk Pillar Leader, Governance Pillar Leader) have per-role documents within their respective families. They are M4/Director-level roles with distinct leadership expectations.

3. Per-Role Document Index

JF-SECENG — Security Engineering

# Role Document
1 Engineering Pillar Leader CERG-GOV-JD-SECENG-007
2 Cloud Security Engineer CERG-GOV-JD-SECENG-001
3 Identity Engineer CERG-GOV-JD-SECENG-002
4 OT Security Engineer CERG-GOV-JD-SECENG-003
5 Application Security Engineer CERG-GOV-JD-SECENG-004
6 Endpoint Engineer CERG-GOV-JD-SECENG-005
7 Cryptography Engineer CERG-GOV-JD-SECENG-006
8 Pre-production Reviewer CERG-GOV-JD-SECENG-008

JF-RISKOPS — Risk Operations

# Role Document
9 Risk Pillar Leader CERG-GOV-JD-RISKOPS-008
10 Exposure Management Lead CERG-GOV-JD-RISKOPS-001
11 Adversarial Testing Lead CERG-GOV-JD-RISKOPS-002
12 Threat Intelligence Analyst CERG-GOV-JD-RISKOPS-003
13 Detection Engineer CERG-GOV-JD-RISKOPS-004
14 OT Risk Analyst CERG-GOV-JD-RISKOPS-005
15 Identity Risk Analyst CERG-GOV-JD-RISKOPS-006
16 Vendor Risk Analyst CERG-GOV-JD-RISKOPS-007

JF-GOVCOMP — Governance & Compliance

# Role Document
17 Governance Pillar Leader CERG-GOV-JD-GOVCOMP-007
18 NERC-CIP Compliance Manager CERG-GOV-JD-GOVCOMP-001
19 CMMC / Federal Compliance Manager CERG-GOV-JD-GOVCOMP-002
20 SOX ITGC Lead CERG-GOV-JD-GOVCOMP-003
21 Policy & Standards Manager CERG-GOV-JD-GOVCOMP-004
22 Risk Register Owner CERG-GOV-JD-GOVCOMP-005
23 Evidence Librarian CERG-GOV-JD-GOVCOMP-006

JF-EXEC — Executive Leadership

# Role Document
24 Chief Information Security Officer (CISO) CERG-GOV-JD-EXEC-001
25 Executive Sponsor CERG-GOV-JD-EXEC-002

JF-ADJUNCT — Incident Response

# Role Document
26 Incident Commander CERG-GOV-JD-ADJUNCT-001
27 Lead Investigator CERG-GOV-JD-ADJUNCT-002

4. Document Control

Field Value
Document ID CERG-GOV-JD-001
Version 2.0
Status Approved
Effective Date 2026-06-11
Classification Public
Owner Governance Pillar Leader (Policy & Standards)
Approved By CISO
Parent Policy CERG-POL-001 - Cybersecurity Policy
Review Cycle Annual; or upon any change to the canonical role roster
Next Scheduled Review 2027-06-11
Frameworks NIST SP 800-181r1 (NICE)
Regulations Cross-cutting
Environments All CERG-managed workforce

Revision History

Version Date Author Change Summary
1.0 2026-05-27 Cyber Governance Initial release. Monolithic file with full job descriptions for all 25 canonical CERG roles.
2.0 2026-06-11 Governance Pillar Leader Restructured as family-level index. Extracted per-role content into standalone documents under roles/. Added NICE Work Role mapping, KPI sections, and competency anchor sections to each per-role file. Added NICE SP 800-181r1 framework reference.

Review Triggers

  • Addition or retirement of a canonical role in OM-001 §6.1
  • Change to the NICE Work Role mappings in JF-002
  • Change to the Job Family structure in JF-001
  • Direction from the CISO

Governance owns this document. The Governance Pillar Leader (Policy & Standards) is responsible for initiating reviews, managing the revision cycle, and obtaining approval for all changes.

Document ID Relationship
Cybersecurity Policy CERG-POL-001 Parent policy
Job Families Overview CERG-GOV-JF-001 Family structure and level definitions
NICE Crosswalk CERG-GOV-JF-002 NICE Work Role mapping
CERG Operating Model CERG-GOV-OM-001 Canonical role roster
Job Architecture CERG-GOV-JA-001 Grade definitions

Source: governance/CERG-GOV-JD-001_CERG_Job_Descriptions.md · Download .md · View on GitHub