Key skills
Cyber SecurityCLeadershipProject ManagementRisk ManagementZero Trust
About this role
Role Overview
- Identify vulnerabilities, foreign influence, and compliance gaps.
- Monitors program adherence to all applicable supply-chain policies, federal regulations, Executive Orders, and Office of Management and Budget (OMB) memorandums.
- Ensures continuous compliance with National Institute of Standards and Technology (NIST) guidelines and statutory requirements such as the National Defense Authorization Act (NDAA) Section 889 Parts A and B.
- Provides risk findings and mitigation recommendations to leadership to safeguard the integrity, security, and reliability of the supply chain.
- Provide subject matter expertise in DoD Supply Chain Risk Management (SCRM) to implement, expand, and mature an end-to-end SCRM program.
- Support the development and continued refinement/updates of Mission Assurance policy.
- Produce and present briefings of their findings, as well as meeting minutes, after action reports, trip reports, as necessary.
- Support SCRM Commercial Assessments of Networks, Network availability, and germane hardware to protect DoD's mission critical functions.
- Capture specific information from the PMO and submitting that information as a Request for Information (RFI) to the appropriate entity to support SCRM CounterIntelligence (CI) risk management analysis.
- Gather requirements and develop SCRM RFIs.
- Project manage SCRM Threat Analysis Center (TAC) RFI queue (informal inquiries, quick turn reports, formal SCRM TAC RFIs).
- Support the implementation of SCRM processes and policies.
- Support periodic collection of SCRM internal process metrics in accordance with SCRM SOPs/CONOPS.
- Conduct evaluations and prepare reports detailing any potential foreign influence or threats to DoD supply chains.
Requirements
- Top Secret with SCI eligibility security clearance
- Bachelor's Degree and 12+ years of experience; additional relevant experience may be substituted in lieu of degree.
- Knowledge of DoD SCRM standards, including DoDI 5200.44, NIST 800-161, NIST 800-53A
- Demonstrated ability to communicate with senior government customers
- Developing SBOM and HBOM analysis, analyze end-to-end cyber supply chain risks
- Proficient using GRC tools such as eMASS
- Cybersecurity experience
- Project Management fundamentals
- 12 years of related experience
- In-depth analysis of C-SCRM, Zero Trust Capabilities, Infrastructures and Architecture.
- 8+ years of team and/or operational leadership experience.
- 10+ years of experience in USG cyber risk management, assessments and authorization (A&A), and using NIST Special Publications (SP) (e.g.: SP800-30, SP800-37, SP800-53, etc.)
- 10+ years of experience in designing and engineering enterprise IT solutions within the USG using NIST SP (e.g.: SP800-60, SP800-64, SP800-80, SP800-122, SP800-137, SP800-146, SP800-160, SP800-204, SP800-207, SP800-213, etc.)
- Certifications in Cybersecurity like Security plus, CISM
Tech Stack
- Cyber Security
Benefits
- competitive compensation
- Health and Wellness programs
- Income Protection
- Paid Leave
- Retirement