Jr. SCRM Assessor

About The Position

Requirements

• US Citizenship
• Familiarity in corporate structure and understanding of risk management, compliance, procurement, or related areas
• Demonstrated willingness to learn and adaptability in a collaborative environment
• Knowledge of federal security frameworks and standards including NIST 800-53, NIST 800-161, NIST 800-171, FedRAMP, and the NIST Cybersecurity Framework
• Ability to understand, interpret, and explain technical security information and processes.
• Proficiency with Microsoft Office suite
• Experience in SCRM

Nice To Haves

• Experience with ProcessUnity or similar risk management platforms
• Knowledge of supplier management or procurement processes
• Knowledge of Cybersecurity Maturity Model Certification (CMMC)
• Certified Information Systems Security Professional (CISSP) or equivalent certification
• Familiarity with ISO/IEC 27002: Code of practice for information security controls; ISO/IEC 27036-1, Information Security for Supplier Relationships; ISO/IEC 20243 / O-TTPS, Open Trusted Technology Provider Standard

Responsibilities

• Review and validate vendor responses to detailed assessment questionnaires within our risk management tool, identifying failed controls, adding comments, and ensuring accuracy and completeness
• Monitor risk assessment workflows and follow up on outstanding assessments
• Analyze risk assessment results to identify potential areas of concern
• Review documentation attached as evidence by the vendor
• Prepare regular reports on risk assessment status and findings for leadership review
• Collaborate with corporate functions stakeholders on risk domain assessments to gather all necessary information to make final risk determination
• Help identify improvement opportunities in the risk management process
• Participate in training sessions for internal teams on risk assessment procedures