| | |
|---|---|
| **Document ID** | CERG-GOV-JD-GOVCOMP-000 |
| **Version** | 1.0 |
| **Status** | Approved |
| **Classification** | Public |
| **Owner** | Governance Pillar Leader |
| **Parent Policy** | [`CERG-POL-001`](../../governance/CERG-POL-001_Cybersecurity_Policy.md) - Cybersecurity Policy |
| **Review Cycle** | Annual |
| **Frameworks** | NIST SP 800-181r1 (NICE) |
| **Regulations** | Cross-cutting |
| **Environments** | All CERG-managed workforce |

---

## Table of Contents

1. [Family Overview](#1-family-overview)
2. [Roles in This Family](#2-roles-in-this-family)
3. [Family-Level Career Path](#3-family-level-career-path)
4. [Shared Certifications](#4-shared-certifications)
5. [Cross-References](#5-cross-references)
6. [Document Control](#6-document-control)

---

## 1. Family Overview

Governance & Compliance (JF-GOVCOMP) — Own policy, compliance posture, risk register, and evidence; translate regulation into action.

| Attribute | Value |
|-----------|-------|
| **NICE Categories** | OV (Oversee and Govern) |
| **Entry Grade** | S1 |
| **Terminal Grade** | S4/M3 |
| **Career Track** | SME / Dual-track |
| **Number of Roles** | 6 |

This family groups roles that share a core competency profile and career progression path. Members of this family progress through four levels (L1-L4), mapped to CERG's S1-S4/M1-M4 grade framework. See [JF-001](../CERG-GOV-JF-001_Job_Families_Overview.md) for the complete level definitions and progression gates.

---

## 2. Roles in This Family

| Role | Document | Description |
|------|----------|-------------|
| **NERC-CIP Compliance Manager** | [`CERG-GOV-JD-GOVCOMP-001`](CERG-GOV-JD-GOVCOMP-001_NERC-CIP_Compliance_Manager.md) | Owns NERC-CIP compliance: CIP standards adherence, evidence collection, regulatory filings, and audit readiness. |
| **CMMC / Federal Compliance Manager** | [`CERG-GOV-JD-GOVCOMP-002`](CERG-GOV-JD-GOVCOMP-002_CMMC_Federal_Compliance_Manager.md) | Owns CMMC and federal compliance: CUI handling, SSP maintenance, POA&M management, and assessor engagement. |
| **SOX ITGC Lead** | [`CERG-GOV-JD-GOVCOMP-003`](CERG-GOV-JD-GOVCOMP-003_SOX_ITGC_Lead.md) | Owns SOX ITGC compliance: control design, operating effectiveness testing, control evidence, and auditor liaison. |
| **Policy & Standards Manager** | [`CERG-GOV-JD-GOVCOMP-004`](CERG-GOV-JD-GOVCOMP-004_Policy_and_Standards_Manager.md) | Owns the policy and standards library: authoring, maintenance, version control, and cross-reference integrity. |
| **Risk Register Owner** | [`CERG-GOV-JD-GOVCOMP-005`](CERG-GOV-JD-GOVCOMP-005_Risk_Register_Owner.md) | Owns the enterprise risk register: risk identification, scoring, treatment tracking, acceptance, and reporting. |
| **Evidence Librarian** | [`CERG-GOV-JD-GOVCOMP-006`](CERG-GOV-JD-GOVCOMP-006_Evidence_Librarian.md) | Owns the evidence library: collection, validation, freshness monitoring, chain of custody, and audit package assembly. |

---

## 3. Family-Level Career Path

Progression within the Governance & Compliance family follows the standard four-tier structure:

- **L1 (Associate)** → **L2 (Practitioner)** → **L3 (Senior)** → **L4 (Principal)**

See [JF-001 §8](../CERG-GOV-JF-001_Job_Families_Overview.md) for the standard progression gates (L1→L2, L2→L3, L3→L4). See [JF-001 §9](../CERG-GOV-JF-001_Job_Families_Overview.md) for family-specific level definitions.

Cross-family movement is encouraged per the [Family-to-Family Career Lattice](../CERG-GOV-JF-001_Job_Families_Overview.md#4-family-to-family-career-lattice). The Left-Right Knowledge Model ([FRM-001 §9.2](../../governance/CERG-GOV-FRM-001_CERG_Framework.md)) and cross-training expectations ([OM-001 §10.4](../../governance/CERG-GOV-OM-001_CERG_Operating_Model.md)) operationalize this movement.

---

## 4. Shared Certifications

Certifications relevant to the Governance & Compliance family are detailed in [TRN-001](../../governance/CERG-GOV-TRN-001_Training_Development_and_Certification_Framework.md). Each role's certification matrix specifies Required, Recommended, and Aspirational certifications at each grade level. Consult the individual role description for role-specific certification requirements.

---

## 5. Cross-References

| Document | ID | Relevance |
|----------|-----|-----------|
| Job Families Overview | [`CERG-GOV-JF-001`](../CERG-GOV-JF-001_Job_Families_Overview.md) | Family structure, levels, progression gates |
| NICE Crosswalk | [`CERG-GOV-JF-002`](../CERG-GOV-JF-002_NICE_Workforce_Framework_Crosswalk.md) | NICE Work Role mapping for each role |
| Operating Model | [`CERG-GOV-OM-001`](../../governance/CERG-GOV-OM-001_CERG_Operating_Model.md) | Canonical role roster |
| Job Architecture | [`CERG-GOV-JA-001`](../../governance/CERG-GOV-JA-001_Job_Architecture_and_Grade_Framework.md) | Grade definitions |
| Competency Model | [`CERG-GOV-CMP-001`](../../governance/CERG-GOV-CMP-001_Competency_Model_and_Behavioral_Anchors.md) | Behavioral anchors |
| Training Framework | [`CERG-GOV-TRN-001`](../../governance/CERG-GOV-TRN-001_Training_Development_and_Certification_Framework.md) | Certification matrix |

---

## 6. Document Control

| Field | Value |
|---|---|
| **Document ID** | CERG-GOV-JD-GOVCOMP-000 |
| **Version** | 1.0 |
| **Status** | Approved |
| **Effective Date** | 2026-06-11 |
| **Classification** | Public |
| **Owner** | Governance Pillar Leader |
| **Approved By** | CISO |
| **Parent Policy** | [`CERG-POL-001`](../../governance/CERG-POL-001_Cybersecurity_Policy.md) - Cybersecurity Policy |
| **Review Cycle** | Annual |
| **Next Scheduled Review** | 2027-06-11 |
| **Frameworks** | NIST SP 800-181r1 (NICE) |
| **Regulations** | Cross-cutting |
| **Environments** | All CERG-managed workforce |

### Revision History

| **Version** | **Date** | **Author** | **Change Summary** |
|---|---|---|---|
| 1.0 | 2026-06-11 | Governance Pillar Leader | Initial release. Family-level index for Governance & Compliance (JF-GOVCOMP). |

### Review Triggers

- Addition or retirement of a role in this family
- Change to the NICE Work Role mappings for roles in this family
- Revision to the family-level definitions in JF-001
- Direction from the CISO

Governance owns this document. The Governance Pillar Leader (Policy & Standards) is responsible for initiating reviews, managing the revision cycle, and obtaining approval for all changes.

### Related Documents

| **Document** | **ID** | **Relationship** |
|---|---|---|
| Cybersecurity Policy | [`CERG-POL-001`](../../governance/CERG-POL-001_Cybersecurity_Policy.md) | Parent policy |
| Job Families Overview | [`CERG-GOV-JF-001`](../CERG-GOV-JF-001_Job_Families_Overview.md) | Family structure and level definitions |
| NICE Crosswalk | [`CERG-GOV-JF-002`](../CERG-GOV-JF-002_NICE_Workforce_Framework_Crosswalk.md) | NICE Work Role mapping |