Key skills
Cyber SecurityBIRisk ManagementCommunication
About this role
Role Overview
- Configure and operate third-party cyber supply chain risk monitoring tools to assess Tier 1 vendors and upstream suppliers
- Review and analyze alerts, risk scores, and reports related to: Data breaches, Ransomware exposure, Known vulnerabilities, Compliance issues
- Ensure monitoring frequency aligns with defined risk categories (daily, weekly, monthly)
- Identify high-risk vendors based on monitoring data and established thresholds
- Develop and maintain dashboards highlighting Tier 1 high-risk vendors
- Contribute to bi-weekly status reports with clear summaries of risks, trends, and remediation progress
- Notify vendors when cyber risk scores fall below acceptable thresholds
- Track vendor remediation actions, including: Patch timelines, Vulnerability resolution, Compliance remediation, Incident response actions
- Coordinate with internal teams (CSCRM, Strategic Sourcing, CORs, program managers) to support remediation efforts
- Escalate unresponsive or non-compliant vendors per defined escalation paths
- Use the Agency’s Third-Party Risk Management (TPRM) tool integrations to manage and track continuous monitoring data
- Ensure risk data is accurate, current, and accessible for review and decision-making
Requirements
- Bachelor's and 8 years of experience
- Experience supporting cybersecurity risk management, third-party risk, or supply chain risk activities
- Familiarity with continuous monitoring concepts and cyber risk indicators
- Experience reviewing and analyzing cybersecurity dashboards, alerts, or reports
- Strong documentation and communication skills
- Knowledge of NIST SP 800-161 (Cyber Supply Chain Risk Management) (Preferred)
- Experience working with vendor remediation and stakeholder coordination (Preferred)
- Experience supporting federal IT or cybersecurity programs (Preferred)
- Must be able to obtain and maintain Public Trust Clearance
- Must be a US Citizen
Tech Stack
- Cyber Security
Benefits
- Paid time off
- Healthcare benefits
- 401k including an employer match
- Education reimbursement for certifications, degrees, or professional development
- Corporate events and charity galas