Cyber Supply Chain Risk Program Lead

About The Position

Requirements

• Bachelor’s and 10 years of experience
• Experience leading cybersecurity, third-party risk, or supply chain risk programs.
• Strong background in cybersecurity governance, process development, and stakeholder engagement.
• Proven ability to develop program plans, workflows, and performance metrics.
• Must be able to obtain and maintain Public Trust Clearance
• Must be a US Citizen

Nice To Haves

• Deep familiarity with NIST SP 800-161 and federal CSCRM practices.
• Experience supporting federal agencies or large enterprise cybersecurity programs.
• Experience briefing leadership and government stakeholders.

Responsibilities

• Develop and maintain the Continuous Monitoring Program Plan, including:
• Defined roles and responsibilities
• End-to-end workflows
• Escalation paths
• Success metrics
• Identify Tier 1 vendors for monitoring using Agency-defined criticality criteria.
• Define cyber risk categories in alignment with NIST SP 800-161, including:
• Data breaches
• Ransomware
• Vulnerabilities
• Compliance risks
• Define and justify monitoring frequency for each risk category based on vendor criticality and risk severity.
• Establish remediation requirements and expectations for vendors based on risk type and severity.
• Oversee analyst execution of monitoring, reporting, and remediation tracking.
• Coordinate with:
• Strategic Sourcing
• CSCRM teams
• CORs
• Program managers
• Vendor points of contact
• Lead escalation efforts when vendors fail to remediate identified risks.
• Ensure alignment between cybersecurity, acquisition, and program stakeholders.
• Develop and maintain the Continuous Improvement Plan.
• Review lessons learned and emerging threats to enhance:
• Monitoring criteria
• Tool configurations
• Reporting methods
• Recommend improvements to processes, tools, and dashboards.

Benefits

• We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.
• We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development.
• Reimbursement amounts may fluctuate due to IRS limitations.
• We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking.
• We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.
• We work hard; we play hard.
• Kentro is committed to incorporating fun into every day.
• We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
• In alignment with our commitment to our communities, we also host and attend charity galas/events.
• We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.