Senior Cyber-Supply Chain Risk Management Specialist

About The Position

Requirements

• 10+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery
• 5+ years of experience with cybersecurity and regulatory frameworks including NIST 800-53, NIST 800-171, CMMC, ISO, GDPR, ITAR or similar frameworks
• 5+ years of experience with developing and managing governance and/or leading process improvement
• 3+ years of experience supporting internal and external audits, customer RFIs, certifications, and assessment programs; proven ability to prepare evidence packages and present to auditors/customers
• 3+ years of experience with Governance, Risk and Compliance (GRC), Information Technology (IT) Audit, Information Security, Vulnerability Management, and Compliance

Nice To Haves

• Experience with managing multiple concurrent activities and drive cross-functional coordination to closure
• Experience with emerging standards relevant to aerospace/airworthiness and supply chain (e.g., EASA Part IS) and the ability to interpret applicability to C-SCRM programs
• Experience with written and verbal communication skills; ability to translate technical control evidence into clear audit narratives and stakeholder briefings
• Experience with vendor/supplier risk management processes and tools; familiarity with continuous monitoring and threat intelligence feeds as applied to supply chain risk
• Experience with aerospace, defense, or other highly regulated industries
• Experience with automated evidence collection tools, GRC platforms, or supply chain risk monitoring tools
• Experience with securing software supply chain practices
• Experience with supplier security contract language and operationalizing contractual obligations into workstreams
• Certifications such as CISSP, CISM, CISA, or equivalent

Responsibilities

• Maintain and evolve the enterprise C-SCRM control framework and requirements to ensure alignment with corporate risk strategy, regulatory requirements, and industry best practices (including emerging frameworks)
• Lead control implementation verification and evidence collection for internal and external audits, assessments, and certification efforts (Customer Request For Information (RFIs), supplier attestations, and third-party assessments)
• Develop and maintain critical program governance documentation to operationalize the C-SCRM lifecycle across internal and external requirements
• Coordinate with procurement, legal, engineering, compliance, security, and supply chain teams to operationalize C-SCRM controls across the supplier lifecycle
• Support mapping and traceability of policies/controls to the organization’s control frameworks and to external standards and assessment frameworks
• Prepare and present evidence packages and narratives for audit, certification, and customer-facing activities; own remediation tracking and closure
• Participate in supplier risk assessments, continuous monitoring activities, and incident/issue management across the supplier ecosystem
• Drive integration of C-SCRM controls into Governance, Risk and Compliance (GRC) processes and platforms—especially issue management and remediation workflows
• Provide subject-matter guidance on secure software supply chain practices (e.g., Software Bill of Materials (SBOMs), and build/release controls) and supplier software assurance expectations

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid time away from work
• unpaid time away from work