Job Requirements
Springfield, VA
Top Secret/SCI Polygraph
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Overview
We are seeking a technically proficient Cyber Supply Chain Risk Management (C-SCRM) professional to support U.S. Government stakeholders. The C-SCRM Analyst is responsible for identifying, assessing, and mitigating risks associated with the distributed and interconnected nature of Information and Communications Technology and Operational Technology (ICT/OT) product and service supply chains throughout their entire lifecycle. This includes protecting against malicious functionality, counterfeit components, foreign influence, and vulnerabilities derived from poor manufacturing.
Responsibilities
Required Qualifications
Desired Qualifications
We are seeking a technically proficient Cyber Supply Chain Risk Management (C-SCRM) professional to support U.S. Government stakeholders. The C-SCRM Analyst is responsible for identifying, assessing, and mitigating risks associated with the distributed and interconnected nature of Information and Communications Technology and Operational Technology (ICT/OT) product and service supply chains throughout their entire lifecycle. This includes protecting against malicious functionality, counterfeit components, foreign influence, and vulnerabilities derived from poor manufacturing.
Responsibilities
- Risk Assessments: Evaluate vendor and supplier security postures (third-party/fourth-party) using frameworks such as NIST SP 800-161.
- Threat Analysis: Monitor, analyze, and report on supply chain threats (counterfeit, malicious insertion, Tampering).
- Policy Governance & Compliance: Lead the development, formal documentation, and maintenance of organizational C-SCRM policies, Standard Operating Procedures (SOPs), and implementation plans; concurrently monitor and enforce policy compliance across the enterprise by conducting systematic audits and risk assessments to ensure alignment with federal mandates such as NIST SP 800-161, DFARS , FAR, and Executive Order requirements.
- Acquisition Support: Integrate C-SCRM controls into procurement documents, RFPs, and contracts, working alongside acquisition teams.
- Technical Evaluation: Perform Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) analysis to identify components and vulnerabilities.
- Operationalization: Develop and maintain C-SCRM policies, procedures, and Standard Operating Procedures (SOPs).
- Incident Response: Support incident response teams when compromised products are identified.
- Reporting: Create and present risk briefing materials, dashboards, and metrics to senior leadership.
Required Qualifications
- Education & Experience: Bachelor's degree in Computer Science, Information Systems, Cyber Security, or Supply Chain Management, plus 2-8+ years of experience in cyber risk or supply chain management.
- Frameworks: In-depth knowledge of NIST SP 800-161r1-upd1, NIST Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, and Risk Management Framework (RMF).
- Technical Skills: Experience implementing NIST and/or DoD C-SCRM policies. Familiarity with C-SCRM/Third-Party Risk Management tools such as Exiger and eMAS
- Security clearance: TS/SCI with Poly
Desired Qualifications
- Certifications: CISSP, CISM, CRISC, or C-SCRM certification.
- Task Management: Experience with DoD/IC/NGA task management system (e.g. CATMS, NCERTS)
- Domain Expertise: DoW Cybersecurity Supply Chain Risk Management.
- Communications: Strong written and verbal communication skills
- Professional Standard: Ability to execute complex workflows under general direction. Comfortable in an independent work environment. Self-directed.
group id: 10367582
