Key skills
Cyber SecurityCLeadershipProject ManagementRisk ManagementCommunicationZero Trust
About this role
Role Overview
- Identify vulnerabilities, foreign influence, and compliance gaps
- Monitors program adherence to all applicable supply-chain policies, federal regulations, Executive Orders, and Office of Management and Budget (OMB) memorandums
- Ensures continuous compliance with National Institute of Standards and Technology (NIST) guidelines and statutory requirements such as the National Defense Authorization Act (NDAA) Section 889 Parts A and B
- Provides risk findings and mitigation recommendations to leadership to safeguard the integrity, security, and reliability of the supply chain
- Provide subject matter expertise in DoD Supply Chain Risk Management (SCRM) to implement, expand, and mature an end-to-end SCRM program
- Support the development and continued refinement/updates of Mission Assurance policy
- Produce and present briefings of their findings, as well as meeting minutes, after action reports, trip reports, as necessary
- Support SCRM Commercial Assessments of Networks, Network availability, and germane hardware to protect DoD's mission critical functions
- Capture specific information from the PMO and submitting that information as a Request for Information (RFI) to the appropriate entity to support SCRM CounterIntelligence (CI) risk management analysis
- Gather requirements and develop SCRM RFIs
- Project manage SCRM Threat Analysis Center (TAC) RFI queue (informal inquiries, quick turn reports, formal SCRM TAC RFIs)
- Support the implementation of SCRM processes and policies
- Support periodic collection of SCRM internal process metrics in accordance with SCRM SOPs/CONOPS
- Support the implementation of the SCRM program strategy SCRM training, SCRM procedures, and other support related to supply chain risk management
- Conduct evaluations and prepare reports detailing any potential foreign influence or threats to DoD supply chains
- Risk assessment products shall be prepared in accordance with guidance from the Government Program lead, in accordance with SCRM Standard Operating Procedures (SOPs) and Concept of Operations (CONOPS)
- Maintain active lines of communication with MA/SCRM Liaison at the Government
- Integrate with ConMon dashboard to ensure visibility of FOCI, SBOM and attestations
Requirements
- Top Secret with SCI eligibility security clearance
- Bachelor's Degree and 12+ years of experience; additional relevant experience may be substituted in lieu of degree
- Knowledge of DoD SCRM standards, including DoDI 5200.44, NIST 800-161, NIST 800-53A
- Demonstrated ability to communicate with senior government customers and the ability to influence within multiple levels of the organization
- Developing SBOM and HBOM analysis, analyze end-to-end cyber supply chain risks
- Proficient using GRC tools such as eMASS
- Cybersecurity experience
- Project Management fundamentals
- In-depth analysis of C-SCRM, Zero Trust Capabilities, Infrastructures and Architecture
- 8+ years of team and/or operational leadership experience
- 10+ years of experience in USG cyber risk management, assessments and authorization (A&A), and using NIST Special Publications (SP) (e.g.: SP800-30, SP800-37, SP800-53, etc.)
- 10+ years of experience in designing and engineering enterprise IT solutions within the USG using NIST SP (e.g.: SP800-60, SP800-64, SP800-80, SP800-122, SP800-137, SP800-146, SP800-160, SP800-204, SP800-207, SP800-213, etc.)
- Certifications in Cybersecurity like Security plus, CISM
Tech Stack
- Cyber Security
Benefits
- Health and Wellness programs
- Income Protection
- Paid Leave
- Retirement