Evidence Librarian

Job Family: JF-GOVCOMP — Governance & Compliance Job Level Range: L1-L4 (CERG Grade S1-S4/M3) CERG Canonical Role: Evidence Librarian (CERG-GOV-OM-001 §6.1)

1. Role Summary

The Evidence Librarian owns the cross-framework evidence library. They collect, curate, and retain control evidence so that when an auditor, assessor, or regulator asks for proof that a control is operating effectively, the evidence exists, is current, and is retrievable. They turn audit preparation from a project into a steady state.

2. NICE Workforce Framework Mapping

NICE Work Role Definition: See JF-002 for the official NICE Work Role definition and complete CERG-to-NICE mapping. The NICE TKS database is available at https://www.nist.gov/nice/framework/.

3. Job Family & Level Placement

4. Key Responsibilities

4.1 Core Responsibilities (All Grades)

• Own the evidence library: organize control evidence by framework, control, and collection period - Collect evidence from Engineering and Risk operations: vulnerability scan results, access review records, configuration baselines, pen test reports, threat intelligence products, and change management records - Curate evidence: ensure evidence meets the quality bar (dated, attributable, complete, and relevant to the control) - Retain evidence per the defined retention schedule and ensure it is retrievable on demand - Support audit and assessment evidence requests: produce the requested evidence within the auditor’s timeline - Maintain the evidence collection calendar: ensure evidence is collected before it is needed, not after - Identify evidence gaps and coordinate with control owners to close them - Contribute to the Audit and Evidence Management Procedure - Partner with compliance managers (NERC-CIP, CMMC, SOX ITGC) to ensure their framework-specific evidence requirements are met

4.2 Grade-Level Responsibility Differentiation

Grade-level responsibility differentiation for this role is defined in JA-001 §7 (Role-to-Grade Mapping). The grade definitions (S1-S4 SME Track, M1-M4 Management Track) and leveling dimensions are in CERG-GOV-JA-001 §4-5. Behavioral anchors at each grade are in CMP-001.

5. Required Knowledge, Skills, and Abilities (KSAs)

5.1 Domain Expertise

• Evidence management and organization: ability to maintain a multi-framework library where any item can be found in under a minute - Understanding of control frameworks and what constitutes valid evidence for each - Attention to detail: evidence that is misdated, unattributable, or incomplete is not evidence - Data management and information organization - GRC platform or document management system proficiency - Understanding of the CERG control baseline and evidence requirements

5.2 Technical Skills

Technical skills for this role are documented in the original JD-001 content extracted into this file (see §5.1 Domain Expertise). Additional technical skill definitions aligned to NICE Skill Statements are maintained in JF-002.

5.3 CERG-Specific Knowledge

CERG-specific knowledge requirements for this role are defined in OM-001 §6 (Canonical Role Roster) and RAC-001 §7 (Role Descriptions). See §12 (Related CERG Documents) for the complete list of standards and procedures relevant to this role.

6. NICE TKS Statement References

The following Task, Knowledge, and Skill statements are extracted from the NIST NICE Framework v2.2.0 Work Role [OG-WRL-012 — Evidence Librarian primary mapping] and filtered by relevance to this CERG role. The full TKS database is maintained at https://www.nist.gov/nice/framework/.

Full TKS Reference: The complete TKS statement set for the primary NICE Work Role (OV-SCA-001 → OG-WRL-012) is in the NICE Framework Components v2.2.0 dataset (download). JF-002 contains the complete CERG-to-NICE crosswalk with secondary role mappings.

7. Typical Qualifications

7.1 Education

• 1-8+ years in cybersecurity governance, compliance, audit support, or records management - Bachelor’s degree or equivalent experience - Relevant certifications: CISA or equivalent valued but not required at entry level

7.2 Certifications

Certifications for this role are defined in TRN-001 §3 (Certification Matrix). The matrix specifies Required, Recommended, and Aspirational certifications per role and grade.

7.3 Experience

Typical experience ranges by grade are defined in JA-001 §4-5. See §7.1 (Education) above for education requirements.

8. Key Performance Indicators (KPIs)

KPIs for this role are defined in MTR-001 (Metrics, Dashboard, and CISO/Board Reporting). KPI allocation by job family and grade-level thresholds are documented in PERF-001. Each role’s evaluation criteria are embedded in the per-role JD document structure defined by JF-001.

9. Competency Expectations by Grade

Competency expectations for this role follow the Governance pillar behavioral anchors from CERG-GOV-CMP-001. Each cell describes observable behavior demonstrating the competency at that grade. Anchors are cumulative: an L3 expectation includes the L1 and L2 anchors.

Full Reference: See CERG-GOV-CMP-001 for the complete competency model, including the Management Track addendum (§7) and guidance on using the model for hiring, development, and promotion (§8).

10. Success Profile

An Evidence Librarian is successful when evidence is treated as a managed asset rather than a scramble before every audit. Key indicators: every control has a current, valid evidence artifact with a known location and retention date; evidence collection is automated or scheduled, not manually triggered; retrieval time for any evidence artifact is measured in minutes, not days; evidence gaps are identified and remediated before the audit calendar triggers them. The librarian’s work means the organization passes audits on process, not on heroics.

11. Career Path

11.1 Within-Family Progression

Within JF-GOVCOMP, Evidence Librarian progression normally follows L1 Associate/S1, L2 Specialist/S2, and L3 Senior Specialist/S3 per JF-001 §9.3. The role-specific terminal grade is S3 in JA-001 §7.4. Continued growth beyond S3 generally requires broadening into a Governance Advisor, Policy and Standards, Compliance Manager, or audit-facing role with wider regulatory judgment. Promotion evidence should show evidence quality improvement, reduction in audit rework, reliable evidence retrieval, and disciplined operation of the evidence lifecycle.

11.2 Cross-Family Movement

Cross-family movement options are defined in the Family-to-Family Career Lattice (JF-001 §4). The Left-Right Knowledge Model (FRM-001 §9.2) and cross-training expectations (OM-001 §10.4) operationalize cross-family career movement.

11.3 Management Track Option

At L3+ (SME track), a Management track option may be available per CERG-GOV-JA-001 §8.1 (SME to Management Transition). Readiness indicators include: consistently sought out for guidance by junior team members, leading cross-functional initiatives without formal authority, and communicating clearly with non-technical stakeholders. The transition is a track change, not a grade promotion — an S3 Advisor moving to M1 Manager carries their technical credibility into the management role. Management competencies are defined in CERG-GOV-CMP-001 §7. See CERG-GOV-JA-001 §5 for Management grade definitions (M1-M4) and §9 (Span of Control and Team Design) for when to create a management role.

12. Related CERG Documents

13. Document Control

Revision History

Review Triggers

• Change to this role’s definition in CERG-GOV-OM-001 §6.1
• Change to this role’s NICE Work Role mapping in JF-002
• Change to this role’s grade range in CERG-GOV-JA-001 §7
• Direction from the CISO

Governance owns this document. The Governance Pillar Leader (Policy & Standards) is responsible for initiating reviews, managing the revision cycle, and obtaining approval for all changes.

Related Documents

Source: roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-006_Evidence_Librarian.md · Download .md · View on GitHub