Cyber Supply Chain Risk Management Subject Matter Expert

Koniag Government Services, LLC•Washington, DC

1d•Onsite

About The Position

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a Cyber Supply Chain Risk Management Subject Matter Expert to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust. Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Cybersecurity Supply Chain Risk Management (C-SCRM) Subject Matter Expert to support critical risk management operations. Working under the direction of the Department's Risk Management Branch, the ideal candidate will provide expert guidance and execute comprehensive C-SCRM processes for multiple agencies and offices. This position requires a security-minded professional with deep knowledge of supply chain vulnerabilities, federal compliance frameworks, and risk assessment methodologies. The successful candidate will play a pivotal role in protecting the Department's information systems and supply chains from evolving cyber threats.

Requirements

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or related field from an accredited college or university
8+ years of experience in cybersecurity, with at least 4 years focused on supply chain risk management
Experience working in federal government environments or supporting federal agencies
Demonstrated experience conducting supply chain risk assessments
Hands-on experience with supply chain risk management tools such as Exiger
Knowledge of federal acquisition processes and procurement regulations
Ability to obtain a public trust
Expert knowledge of C-SCRM frameworks including NIST SP 800-161, NIST Cybersecurity Framework, and ISO 28000 series
Strong understanding of FISMA, FedRAMP, CMMC, and other federal compliance requirements
Proficiency in conducting risk assessments using NIST SP 800-30 and similar methodologies
Demonstrated ability to use supply chain risk management platforms such as Exiger for vendor risk assessment, due diligence, and continuous monitoring
Knowledge of software and hardware supply chain vulnerabilities, including counterfeit components, malicious insertions, and tampering
Understanding of secure software development lifecycle (SSDLC) and DevSecOps principles
Familiarity with threat intelligence sources and supply chain threat landscapes
Experience with vulnerability management tools and security assessment platforms
Strong analytical and critical thinking skills with attention to detail
Excellent written and verbal communication skills, including ability to present complex technical concepts to non-technical audiences
Ability to work independently and manage multiple concurrent projects
Proficiency with Microsoft Office Suite and collaboration tools
Strong interpersonal skills and ability to build relationships across organizational boundaries
Knowledge of contract language and security requirements documentation
Understanding of open-source software risks and software bill of materials (SBOM) concepts

Nice To Haves

Master's degree in related field
Active Top Secret clearance
Experience supporting Department-level risk management programs
Professional certifications such as CISSP, CISM, CRISC, or C-SCRM certification
Experience with Government Risk and Compliance (GRC) platforms
Experience with additional third-party risk management tools (e.g., Black Kite, BitSight, SecurityScorecard, RiskRecon)
Knowledge of zero-trust architecture principles
Familiarity with artificial intelligence and machine learning supply chain risks
Experience with cloud service provider security assessments
Understanding of hardware root of trust and secure boot technologies
Knowledge of critical infrastructure protection requirements
Experience developing security architecture documentation
Familiarity with Insider Threat programs
Background in intelligence analysis or counterintelligence
Experience supporting security authorization processes (ATO/ATOs)
Knowledge of Section 508 compliance requirements
Previous experience as a technical advisor

Responsibilities

Develop, implement, and maintain comprehensive C-SCRM programs and processes in alignment with NIST, FISMA, and other federal cybersecurity frameworks
Conduct supply chain risk assessments for information and communications technology (ICT) products, systems, and services
Identify, analyze, and document supply chain vulnerabilities, threats, and risk exposure across the technology lifecycle
Evaluate vendor and supplier security postures, including third-party and fourth-party risk assessments
Utilize supply chain risk management platforms such as Exiger to conduct vendor assessments and continuous monitoring
Review and assess security requirements in procurement documentation and contracts
Collaborate with acquisition teams to integrate C-SCRM controls into the procurement process
Develop risk mitigation strategies and recommendations for identified supply chain vulnerabilities
Create and maintain C-SCRM policies, procedures, standards, and guidelines
Monitor emerging supply chain threats and vulnerabilities, providing threat intelligence briefings to stakeholders
Coordinate with agency and office leadership to communicate risk findings and recommendations
Track and report on C-SCRM metrics and key performance indicators
Provide training and guidance to agency personnel on C-SCRM best practices
Support incident response activities related to supply chain compromises
Maintain documentation of all C-SCRM activities, assessments, and decisions
Interface with external partners, including CISA, FBI, and industry groups on supply chain security matters