| | |
|---|---|
| **Document ID** | CERG-GOV-JD-001 |
| **Version** | 2.0 |
| **Status** | Approved |
| **Classification** | Public |
| **Owner** | Governance Pillar Leader (Policy & Standards) |
| **Parent Policy** | [`CERG-POL-001`](CERG-POL-001_Cybersecurity_Policy.md) - Cybersecurity Policy |
| **Review Cycle** | Annual; or upon any change to the canonical role roster |
| **Frameworks** | NIST SP 800-181r1 (NICE) |
| **Regulations** | Cross-cutting |
| **Environments** | All CERG-managed workforce |

---

## Table of Contents

1. [About This Document](#1-about-this-document)
2. [Job Family Structure](#2-job-family-structure)
3. [Per-Role Document Index](#3-per-role-document-index)
4. [Document Control](#4-document-control)

---

## 1. About This Document

**This document is now a family-level index.** As of v2.0 (2026-06-11), individual role descriptions have been extracted from this monolithic file into standalone per-role documents under `roles/`. Each per-role document includes:

- **NICE Workforce Framework mapping** — primary and secondary NICE Work Roles with codes
- **Job Family and Level placement** — family designation and grade range per [JF-001](../roles/CERG-GOV-JF-001_Job_Families_Overview.md)
- **Key Responsibilities** — extracted from the original JD-001 content, organized by core vs. grade-level differentiation
- **Required KSAs** — domain expertise, technical skills, and CERG-specific knowledge
- **NICE TKS Statement References** — populated sections for Task, Knowledge, and Skill statement IDs
- **KPIs** — mapped sections for MTR-001 canonical metrics with grade-level thresholds
- **Competency Expectations** — populated sections with CMP-001 behavioral anchors
- **Career Path** — within-family progression, cross-family movement, and management track options

> **The original JD-001 content is preserved in the per-role files.** This index file replaces the monolithic structure to enable modular use: a hiring manager can attach a single role description to a requisition; an auditor can pull the specific role evidence they need; a team member can see their career options.

---

## 2. Job Family Structure

The 27 canonical CERG roles are organized into five Job Families. See [JF-001](../roles/CERG-GOV-JF-001_Job_Families_Overview.md) for the full family structure, level definitions, career lattice, and progression gates.

| Family ID | Family Name | Family Index | Roles |
|-----------|-------------|--------------|-------|
| **JF-SECENG** | Security Engineering | [`SECENG-000`](../roles/jf-seceng/CERG-GOV-JD-SECENG-000_Security_Engineering_Family.md) | 6 engineering roles |
| **JF-RISKOPS** | Risk Operations | [`RISKOPS-000`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-000_Risk_Operations_Family.md) | 7 risk operations roles |
| **JF-GOVCOMP** | Governance & Compliance | [`GOVCOMP-000`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-000_Governance_Compliance_Family.md) | 6 compliance roles |
| **JF-EXEC** | Executive Leadership | [`EXEC-000`](../roles/jf-exec/CERG-GOV-JD-EXEC-000_Executive_Leadership_Family.md) | 2 executive roles |
| **JF-ADJUNCT** | Incident Response | [`ADJUNCT-000`](../roles/jf-adjunct/CERG-GOV-JD-ADJUNCT-000_Incident_Response_Family.md) | 2 adjacent IR roles |

**Pillar Leaders** — three management-track roles (Engineering Pillar Leader, Risk Pillar Leader, Governance Pillar Leader) have per-role documents within their respective families. They are M4/Director-level roles with distinct leadership expectations.

---

## 3. Per-Role Document Index

### JF-SECENG — Security Engineering

| # | Role | Document |
|---|------|----------|
| 1 | Engineering Pillar Leader | [`CERG-GOV-JD-SECENG-007`](../roles/jf-seceng/CERG-GOV-JD-SECENG-007_Engineering_Pillar_Leader.md) |
| 2 | Cloud Security Engineer | [`CERG-GOV-JD-SECENG-001`](../roles/jf-seceng/CERG-GOV-JD-SECENG-001_Cloud_Security_Engineer.md) |
| 3 | Identity Engineer | [`CERG-GOV-JD-SECENG-002`](../roles/jf-seceng/CERG-GOV-JD-SECENG-002_Identity_Engineer.md) |
| 4 | OT Security Engineer | [`CERG-GOV-JD-SECENG-003`](../roles/jf-seceng/CERG-GOV-JD-SECENG-003_OT_Security_Engineer.md) |
| 5 | Application Security Engineer | [`CERG-GOV-JD-SECENG-004`](../roles/jf-seceng/CERG-GOV-JD-SECENG-004_Application_Security_Engineer.md) |
| 6 | Endpoint Engineer | [`CERG-GOV-JD-SECENG-005`](../roles/jf-seceng/CERG-GOV-JD-SECENG-005_Endpoint_Engineer.md) |
| 7 | Cryptography Engineer | [`CERG-GOV-JD-SECENG-006`](../roles/jf-seceng/CERG-GOV-JD-SECENG-006_Cryptography_Engineer.md) |
| 8 | Pre-production Reviewer | [`CERG-GOV-JD-SECENG-008`](../roles/jf-seceng/CERG-GOV-JD-SECENG-008_Pre-production_Reviewer.md) |

### JF-RISKOPS — Risk Operations

| # | Role | Document |
|---|------|----------|
| 9 | Risk Pillar Leader | [`CERG-GOV-JD-RISKOPS-008`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-008_Risk_Pillar_Leader.md) |
| 10 | Exposure Management Lead | [`CERG-GOV-JD-RISKOPS-001`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-001_Exposure_Management_Lead.md) |
| 11 | Adversarial Testing Lead | [`CERG-GOV-JD-RISKOPS-002`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-002_Adversarial_Testing_Lead.md) |
| 12 | Threat Intelligence Analyst | [`CERG-GOV-JD-RISKOPS-003`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-003_Threat_Intelligence_Analyst.md) |
| 13 | Detection Engineer | [`CERG-GOV-JD-RISKOPS-004`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-004_Detection_Engineer.md) |
| 14 | OT Risk Analyst | [`CERG-GOV-JD-RISKOPS-005`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-005_OT_Risk_Analyst.md) |
| 15 | Identity Risk Analyst | [`CERG-GOV-JD-RISKOPS-006`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-006_Identity_Risk_Analyst.md) |
| 16 | Vendor Risk Analyst | [`CERG-GOV-JD-RISKOPS-007`](../roles/jf-riskops/CERG-GOV-JD-RISKOPS-007_Vendor_Risk_Analyst.md) |

### JF-GOVCOMP — Governance & Compliance

| # | Role | Document |
|---|------|----------|
| 17 | Governance Pillar Leader | [`CERG-GOV-JD-GOVCOMP-007`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-007_Governance_Pillar_Leader.md) |
| 18 | NERC-CIP Compliance Manager | [`CERG-GOV-JD-GOVCOMP-001`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-001_NERC-CIP_Compliance_Manager.md) |
| 19 | CMMC / Federal Compliance Manager | [`CERG-GOV-JD-GOVCOMP-002`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-002_CMMC_Federal_Compliance_Manager.md) |
| 20 | SOX ITGC Lead | [`CERG-GOV-JD-GOVCOMP-003`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-003_SOX_ITGC_Lead.md) |
| 21 | Policy & Standards Manager | [`CERG-GOV-JD-GOVCOMP-004`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-004_Policy_and_Standards_Manager.md) |
| 22 | Risk Register Owner | [`CERG-GOV-JD-GOVCOMP-005`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-005_Risk_Register_Owner.md) |
| 23 | Evidence Librarian | [`CERG-GOV-JD-GOVCOMP-006`](../roles/jf-govcomp/CERG-GOV-JD-GOVCOMP-006_Evidence_Librarian.md) |

### JF-EXEC — Executive Leadership

| # | Role | Document |
|---|------|----------|
| 24 | Chief Information Security Officer (CISO) | [`CERG-GOV-JD-EXEC-001`](../roles/jf-exec/CERG-GOV-JD-EXEC-001_Chief_Information_Security_Officer.md) |
| 25 | Executive Sponsor | [`CERG-GOV-JD-EXEC-002`](../roles/jf-exec/CERG-GOV-JD-EXEC-002_Executive_Sponsor.md) |

### JF-ADJUNCT — Incident Response

| # | Role | Document |
|---|------|----------|
| 26 | Incident Commander | [`CERG-GOV-JD-ADJUNCT-001`](../roles/jf-adjunct/CERG-GOV-JD-ADJUNCT-001_Incident_Commander.md) |
| 27 | Lead Investigator | [`CERG-GOV-JD-ADJUNCT-002`](../roles/jf-adjunct/CERG-GOV-JD-ADJUNCT-002_Lead_Investigator.md) |

---

## 4. Document Control

| Field | Value |
|---|---|
| **Document ID** | CERG-GOV-JD-001 |
| **Version** | 2.0 |
| **Status** | Approved |
| **Effective Date** | 2026-06-11 |
| **Classification** | Public |
| **Owner** | Governance Pillar Leader (Policy & Standards) |
| **Approved By** | CISO |
| **Parent Policy** | [`CERG-POL-001`](CERG-POL-001_Cybersecurity_Policy.md) - Cybersecurity Policy |
| **Review Cycle** | Annual; or upon any change to the canonical role roster |
| **Next Scheduled Review** | 2027-06-11 |
| **Frameworks** | NIST SP 800-181r1 (NICE) |
| **Regulations** | Cross-cutting |
| **Environments** | All CERG-managed workforce |

### Revision History

| **Version** | **Date** | **Author** | **Change Summary** |
|---|---|---|---|
| 1.0 | 2026-05-27 | Cyber Governance | Initial release. Monolithic file with full job descriptions for all 25 canonical CERG roles. |
| 2.0 | 2026-06-11 | Governance Pillar Leader | Restructured as family-level index. Extracted per-role content into standalone documents under `roles/`. Added NICE Work Role mapping, KPI sections, and competency anchor sections to each per-role file. Added NICE SP 800-181r1 framework reference. |

### Review Triggers

- Addition or retirement of a canonical role in OM-001 §6.1
- Change to the NICE Work Role mappings in JF-002
- Change to the Job Family structure in JF-001
- Direction from the CISO

Governance owns this document. The Governance Pillar Leader (Policy & Standards) is responsible for initiating reviews, managing the revision cycle, and obtaining approval for all changes.

### Related Documents

| **Document** | **ID** | **Relationship** |
|---|---|---|
| Cybersecurity Policy | [`CERG-POL-001`](CERG-POL-001_Cybersecurity_Policy.md) | Parent policy |
| Job Families Overview | [`CERG-GOV-JF-001`](../roles/CERG-GOV-JF-001_Job_Families_Overview.md) | Family structure and level definitions |
| NICE Crosswalk | [`CERG-GOV-JF-002`](../roles/CERG-GOV-JF-002_NICE_Workforce_Framework_Crosswalk.md) | NICE Work Role mapping |
| CERG Operating Model | [`CERG-GOV-OM-001`](CERG-GOV-OM-001_CERG_Operating_Model.md) | Canonical role roster |
| Job Architecture | [`CERG-GOV-JA-001`](CERG-GOV-JA-001_Job_Architecture_and_Grade_Framework.md) | Grade definitions |