SME SCRM Policy & Compliance Analyst

Leidos•Gaithersburg, VA

About The Position

This Department of War enterprise data and analytics program delivers mission-critical capabilities that enable leaders across the Department to make faster, better-informed decisions using trusted data at scale. Leidos Digital Modernization sector is seeking an experienced SME SCRM Policy & Compliance Analyst to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations. In this role, you will work alongside government partners, engineers, and other industry teammates to translate operational and strategic requirements into scalable, production-ready solutions. You will contribute directly to product planning, execution, and continuous improvement— helping ensure capabilities are delivered efficiently, aligned to mission priorities, and positioned for sustained success. This position offers the opportunity to work on a high- visibility, enterprise program at the intersection of data, analytics, and emerging AI technologies. Ideal candidates are motivated by mission impact, comfortable operating in complex stakeholder environments, and interested in building deep domain expertise while delivering capabilities with real-world national security outcomes.

Requirements

Top Secret with SCI eligibility security clearance
Bachelor's degree in a related field such as Information Technology, Cybersecurity, Supply Chain Management, or a related discipline.
Minimum of 3 years of experience in cyber supply chain risk management, cybersecurity compliance, or a related field.
Knowledge of federal and DoD requirements including DFARS 252.204-7012, DoDI 5200.44 , EO 14028, and NIST SP 800-1 6 1.
Experience with developing and maintaining SCRM policies, SOPs, and compliance documentation.
Strong understanding of audit processes and experience in supporting audits and assessments.
Excellent communication and coordination skills to work with contracting, cybersecurity, and acquisition teams.
Certifications in Cybersecurity like Security plus, CISM

Nice To Haves

Active TS/SCI
Master's degree in Information Technology , Cybersecurity, Supply Chain Management, or a related discipline.
Certifications such as CISSP, CISM, or CISA.
Experience with SOC1 audits and preparing SOC1 Reports.
Familiarity with Section 508 compliance requirements for Information and Communication Technology (ICT) products ⁽ ³ ⁾ .
Experience in managing travel and purchasing processes in a multi-tenant stakeholder environment ⁽ ⁴ ⁾ .
Previous experience working with federal or DoD contracts and understanding of the procurement lifecycle.

Responsibilities

Develop, maintain , and govern Supply Chain Risk Management (SCRM) policies, Standard Operating Procedures (SOPs), templates, and documentation to ensure consistent enterprise-wide implementation.
Ensure program compliance with federal and DoD requirements including DFARS 252.204-7012, EO 14028, and NIST SP 800-171.
Maintain and update risk registers, traceability matrices, and compliance documentation to support audits, assessments, and contract reviews.
Coordinate with contracting, cybersecurity, and acquisition teams to ensure supply-chain requirements are integrated into procurement actions and adhered to throughout the vendor lifecycle.
Support the Government in performing all auditing and audit reporting to external independent public auditors in support of an annual SOC1 audit, including preparation of the SOC1 Report.
Prepare and update various compliance and security documents such as Access Control, Audit and Accountability Plan, Backup and Recovery, Change and Configuration Management Plan, and others as needed.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume