Cyber Supply Chain Risk Management Analyst
About The Position
As a cyber strategic planning and policy development specialist on our team, you’ll lead the assessment of our client's current SCRM and related policies, the coverage of gaps in those policies, compliance with DoDI 5200.44, and areas of risks. You’ll assess how those policies and related procedures stack up to regulations, best practices, and industry standards. You will work to assess existing and emerging Information and Communications Technology (ICT) SCRM risk by conducting regular supply chain assessments for existing IT assets on the platform and supporting Government procurement efforts by performing SCRM evaluations to support Analysis of Alternatives or other reviews as required. For these assessments, you will research and analyze the origins, backgrounds, and supply chain histories of hardware and software components, and document and deliver SCRM findings to customers or stakeholders, including risk assessments, mitigation strategies, and compliance reports. Work with us as we secure our nation’s critical data and analytic capabilities through strategic cyber policy development.
Requirements
- 5+ years of experience implementing risk management methodologies contained in best practice documentation, such as NIST SP 800-30, SP 800-53, SP 800-128, SP 800-160, SP 800-171, or CIS benchmarks, in support of system security configurations, practices, and oversight.
- 2+ years of experience supporting supply chain risk management functions, including SCRM assessments, policy gap analysis and development, and risk mitigation working in conjunction within a team of cybersecurity professionals.
- Experience with control implementations associated with RMF, DoDI 5200.44, FedRAMP, ICD 503, and DoD Information Levels, including applying them to the design and implementation of IT solutions to achieve system authorizations.
- Experience implementing and maintaining security controls within AWS cloud, containerized, CI/CD pipeline, and agile development environments.
- Experience developing and reviewing ATO authorization packages in Xacta or eMASS.
- Experience with MS Office applications, such as Excel, Word, PowerPoint, or Teams.
- Secret clearance.
- HS diploma or GED.
- Security+ certification.
Nice To Haves
- Experience with DOW acquisition and procurement policies and procedures.
- Experience with enterprise cross-domain solutions.
- Knowledge of IT supply chain.
- Ability to write clearly and analytically.
- Ability to work independently or in teams.
- Top Secret clearance.
- Associate's degree preferred; Bachelor's degree a plus.
Responsibilities
- Lead the assessment of current SCRM and related policies.
- Identify and address policy gaps.
- Ensure compliance with DoDI 5200.44.
- Assess areas of risk within SCRM policies and procedures.
- Evaluate policies and procedures against regulations, best practices, and industry standards.
- Assess existing and emerging Information and Communications Technology (ICT) SCRM risk.
- Conduct regular supply chain assessments for existing IT assets.
- Support Government procurement efforts by performing SCRM evaluations.
- Research and analyze the origins, backgrounds, and supply chain histories of hardware and software components.
- Document and deliver SCRM findings, including risk assessments, mitigation strategies, and compliance reports.
Benefits
- health, life, disability, financial, and retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
- recognition awards program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
High school or GED
