Cyber Supply Chain Risk Analyst

About The Position

Requirements

• Bachelor's and 8 years of experience
• Experience supporting cybersecurity risk management, third-party risk, or supply chain risk activities.
• Familiarity with continuous monitoring concepts and cyber risk indicators.
• Experience reviewing and analyzing cybersecurity dashboards, alerts, or reports.
• Strong documentation and communication skills.
• Must be able to obtain and maintain Public Trust Clearance
• Must be a US Citizen

Nice To Haves

• Knowledge of NIST SP 800-161 (Cyber Supply Chain Risk Management).
• Experience working with vendor remediation and stakeholder coordination.
• Experience supporting federal IT or cybersecurity programs.

Responsibilities

• Continuous Monitoring Operations: Configure and operate third-party cyber supply chain risk monitoring tools to assess Tier 1 vendors and upstream suppliers. Review and analyze alerts, risk scores, and reports related to: Data breaches Ransomware exposure Known vulnerabilities Compliance issues Ensure monitoring frequency aligns with defined risk categories (daily, weekly, monthly).
• Risk Analysis & Reporting: Identify high-risk vendors based on monitoring data and established thresholds. Develop and maintain dashboards highlighting Tier 1 high-risk vendors. Contribute to bi-weekly status reports with clear summaries of risks, trends, and remediation progress.
• Vendor Risk Remediation: Notify vendors when cyber risk scores fall below acceptable thresholds. Track vendor remediation actions, including: Patch timelines Vulnerability resolution Compliance remediation Incident response actions Coordinate with internal teams (CSCRM, Strategic Sourcing, CORs, program managers) to support remediation efforts. Escalate unresponsive or non-compliant vendors per defined escalation paths.
• Tool Integration & Data Management: Use the Agency’s Third-Party Risk Management (TPRM) tool integrations to manage and track continuous monitoring data. Ensure risk data is accurate, current, and accessible for review and decision-making.

Benefits

• We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.
• We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development.
• Reimbursement amounts may fluctuate due to IRS limitations.
• We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking.
• We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.
• We work hard; we play hard.
• Kentro is committed to incorporating fun into every day.
• We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
• In alignment with our commitment to our communities, we also host and attend charity galas/events.
• We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.