More jobs:
Sr. Supply Chain Risk Management Analyst
Job in
Springfield, Fairfax County, Virginia, 22161, USA
Listed on 2026-06-04
Listing for:
WISC Enterprises, LLC
Full Time
position Listed on 2026-06-04
Job specializations:
-
IT/Tech
Cybersecurity, IT Consultant
Job Description & How to Apply Below
Overview
We are seeking a technically proficient Cyber Supply Chain Risk Management (C-SCRM) professional to support U.S. Government stakeholders. The C-SCRM Analyst is responsible for identifying, assessing, and mitigating risks associated with the distributed and interconnected nature of Information and Communications Technology and Operational Technology (ICT/OT) product and service supply chains throughout their entire lifecycle. This includes protecting against malicious functionality, counterfeit components, foreign influence, and vulnerabilities derived from poor manufacturing.
Responsibilities- Risk Assessments: Evaluate vendor and supplier security postures (third-party/fourth-party) using frameworks such as NIST SP 800-161.
- Threat Analysis: Monitor, analyze, and report on supply chain threats (counterfeit, malicious insertion, Tampering).
- Policy Governance & Compliance
:
Lead the development, formal documentation, and maintenance of organizationalC-SCRM policies
, Standard Operating Procedures (SOPs), and implementation plans; concurrently monitor and enforce
policy compliance across the enterprise by conducting systematic audits and risk assessments to ensure alignment with federal mandates such as NIST SP 800-161, DFARS, FAR, and Executive Order requirements. - Acquisition Support: Integrate C-SCRM controls into procurement documents, RFPs, and contracts, working alongside acquisition teams.
- Technical Evaluation: Perform Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) analysis to identify components and vulnerabilities.
- Operationalization: Develop and maintain C-SCRM policies, procedures, and Standard Operating Procedures (SOPs).
- Incident Response: Support incident response teams when compromised products are identified.
- Reporting: Create and present risk briefing materials, dashboards, and metrics to senior leadership.
- Education & Experience: Bachelor's degree in Computer Science, Information Systems, Cyber Security, or Supply Chain Management, plus 2-8+ years of experience in cyber risk or supply chain management.
- Frameworks: In-depth knowledge of NIST SP 800-161r1-upd1, NIST Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, and Risk Management Framework (RMF).
- Technical
Skills:
Experience implementing NIST and/or DoD C-SCRM policies. Familiarity with C-SCRM/Third-Party Risk Management tools such as Exiger and eMAS - Security clearance: TS/SCI with Poly
- Certifications: CISSP, CISM, CRISC, or C-SCRM certification.
- Task Management: Experience with DoD/IC/NGA task management system (e.g., CATMS, NCERTS)
- Domain Expertise: DoW Cybersecurity Supply Chain Risk Management.
- Communications: Strong written and verbal communication skills
- Professional Standard: Ability to execute complex workflows under general direction. Comfortable in an independent work environment. Self-directed.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×