Develop, maintain , and govern Supply Chain Risk Management (SCRM) policies, Standard Operating Procedures (SOPs), templates, and documentation to ensure consistent enterprise-wide implementation
Ensure program compliance with federal and DoD requirements including DFARS 252.204-7012, EO 14028, and NIST SP 800-171
Maintain and update risk registers, traceability matrices, and compliance documentation to support audits, assessments, and contract reviews
Coordinate with contracting, cybersecurity, and acquisition teams to ensure supply-chain requirements are integrated into procurement actions and adhered to throughout the vendor lifecycle
Support the Government in performing all auditing and audit reporting to external independent public auditors in support of an annual SOC1 audit, including preparation of the SOC1 Report
Prepare and update various compliance and security documents such as Access Control, Audit and Accountability Plan, Backup and Recovery, Change and Configuration Management Plan, and others as needed

Top Secret with SCI eligibility security clearance
Bachelor's degree in a related field such as Information Technology, Cybersecurity, Supply Chain Management, or a related discipline
Minimum of 3 years of experience in cyber supply chain risk management, cybersecurity compliance, or a related field
Knowledge of federal and DoD requirements including DFARS 252.204-7012, DoDI 5200.44 , EO 14028, and NIST SP 800-171
Experience with developing and maintaining SCRM policies, SOPs, and compliance documentation
Strong understanding of audit processes and experience in supporting audits and assessments
Excellent communication and coordination skills to work with contracting, cybersecurity, and acquisition teams
Certifications in Cybersecurity like Security plus, CISM

SCRM Policy & Compliance Analyst

Key skills