×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security

Supply Chain Risk Management Lead Security Clearance

Job in Fairfax, Fairfax County, Virginia, 22031, USA
Listing for: ECS
Full Time position
Listed on 2026-06-09
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security
Job Description & How to Apply Below
Position: Supply Chain Risk Management Lead with Security Clearance
Job Description Everforth ECS is seeking a Supply Chain Risk Management Lead to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax .

Please Note:

This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational war fighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

• The Supply Chain Risk Management (SCRM) Lead SME serves as the senior enterprise authority for software and vendor supply chain risk governance across the WDP Core Integration program, directing the full lifecycle of third-party risk identification, assessment, mitigation, and reporting across NIPRNet, SIPRNet, and JWICS environments in compliance with DoW SCRM policy, Risk Management Framework requirements, and federal cybersecurity mandates.

In this role, the specialist integrates automated supply chain risk tooling, Software Bill of Materials governance, vendor security assessment programs, and threat intelligence monitoring to reduce WDP exposure to supply chain-based attacks and sustain authoritative, audit-ready risk transparency for Authorizing Officials, program leadership, and Government oversight personnel.

• Leads enterprise Supply Chain Risk Management activities supporting Department of War information systems across unclassified and classified environments.

• Designs and executes supply chain risk governance frameworks addressing third-party vendors, commercial software, open-source components, and external service providers throughout the system lifecycle.

• Directs vendor security assessments evaluating cybersecurity posture, access controls, data handling practices, and compliance with federal and DoW requirements.

• Oversees software supply chain reviews including component provenance analysis, dependency mapping, and Software Bill of Materials validation to identify exposure to compromised or high-risk suppliers.

• Coordinates closely with contracting officers, acquisition teams, legal advisors, and system owners to integrate security requirements into procurement actions, vendor onboarding, and contract modifications.

• Maintains risk registers documenting third-party threats, mitigation strategies, residual risk, and acceptance decisions supporting Risk Management Framework activities.

• Provides advisory support to Authorizing Officials, Senior Information Security Officers, and program leadership on supply chain risk posture and emerging threat vectors.

• Monitors threat intelligence, Government advisories, and industry reporting related to supply chain compromise to inform proactive mitigation actions.

• Produces supply chain risk assessments, vendor security reports, and executive briefings supporting authorization decisions and continuous monitoring.

• Drives consistent risk transparency, lifecycle accountability, and mission resilience by reducing exposure to supply chain-based attacks and strengthening trust in system dependencies.

• Performs other duties as assigned. Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).

• 15 or more years of progressive experience in cybersecurity, with demonstrated specialization in Supply Chain Risk Management, vendor risk governance, or software assurance programs supporting large-scale federal or defense information systems.

• Active DoW/DoD IAM Level I baseline certification, satisfied by one of the following:
CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.

• Demonstrated experience designing and operating enterprise SCRM governance frameworks that address third-party software components - including COTS, GOTS, and open-source AI technologies - through automated vulnerability detection and scanning, component…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search