Sr. Supply Chain Risk Management Analyst
WiSC Enteprises, Springfield, VA, United States
Supply Chain Risk Management Analyst
We are seeking a technically proficient Supply Chain Risk Management (SCRM) professional to support U.S. Government stakeholders in identifying, assessing, and mitigating cyber and emerging technology risks across the supply chain.
The C-SCRM Analyst is responsible for identifying, assessing, and mitigating risks associated with the distributed and interconnected nature of Information and Communications Technology and Operational Technology (ICT/OT) product and service supply chains throughout their entire lifecycle. This includes protecting against malicious functionality, counterfeit components, foreign influence, and vulnerabilities derived from poor manufacturing.
This role functions as a technical action officer, supporting government-led discussions with vendors and internal stakeholders. The ideal candidate can interpret complex technical conversations (cybersecurity, AI/ML), validate vendor claims, and translate risks into clear, actionable insights.
Responsibilities
Risk Assessments:
Evaluate vendor and supplier security postures (third-party/fourth-party) using frameworks such as NIST SP 800-161.
Threat Analysis:
Monitor, analyze, and report on supply chain threats (counterfeit, malicious insertion, tampering).
Policy Governance & Compliance:
Lead the development, formal documentation, and maintenance of organizational C-SCRM policies, Standard Operating Procedures (SOPs), and implementation plans; concurrently monitor and enforce policy compliance across the enterprise by conducting systematic audits and risk assessments to ensure alignment with federal mandates such as NIST SP 800-161, DFARS, FAR, and Executive Order requirements.
Acquisition Support:
Integrate C-SCRM controls into procurement documents, RFPs, and contracts, working alongside acquisition teams.
Technical Evaluation:
Perform Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) analysis to identify components and vulnerabilities.
Operationalization:
Develop and maintain C-SCRM policies, procedures, and Standard Operating Procedures (SOPs).
Incident Response:
Support incident response teams when compromised products are identified.
Reporting:
Create and present risk briefing materials, dashboards, and metrics to senior leadership.
Staff Officer:
Track, assign, edit, and close out incoming and outgoing taskers, congressional letters, policy documents, and decision memos.
Required Qualifications
Education & Experience:
Bachelor's degree in Computer Science, Information Systems, Cyber Security, or Supply Chain Management, plus 2-8+ years of experience in cyber risk or supply chain management.
Frameworks:
In-depth knowledge of NIST SP 800-161r1-upd1, NIST Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, and Risk Management Framework (RMF).
Technical Skills:
Experience implementing NIST and/or DoD C-SCRM policies. Familiarity with C-SCRM/Third-Party Risk Management tools such as Exiger and eMAS.
Security clearance:
TS/SCI with Poly
Desired Qualifications
Certifications:
CISSP, CISM, CRISC, or C-SCRM certification.
Task Management:
Experience with DoD/IC/NGA task management system (e.g. CATMS, NCERTS)
Domain Expertise:
DoW Cybersecurity Supply Chain Risk Management.
Communications:
Strong written and verbal communication skills
Professional Standard:
Ability to execute complex workflows under general direction. Comfortable in an independent work environment. Self-directed.
We are seeking a technically proficient Supply Chain Risk Management (SCRM) professional to support U.S. Government stakeholders in identifying, assessing, and mitigating cyber and emerging technology risks across the supply chain.
The C-SCRM Analyst is responsible for identifying, assessing, and mitigating risks associated with the distributed and interconnected nature of Information and Communications Technology and Operational Technology (ICT/OT) product and service supply chains throughout their entire lifecycle. This includes protecting against malicious functionality, counterfeit components, foreign influence, and vulnerabilities derived from poor manufacturing.
This role functions as a technical action officer, supporting government-led discussions with vendors and internal stakeholders. The ideal candidate can interpret complex technical conversations (cybersecurity, AI/ML), validate vendor claims, and translate risks into clear, actionable insights.
Responsibilities
Risk Assessments:
Evaluate vendor and supplier security postures (third-party/fourth-party) using frameworks such as NIST SP 800-161.
Threat Analysis:
Monitor, analyze, and report on supply chain threats (counterfeit, malicious insertion, tampering).
Policy Governance & Compliance:
Lead the development, formal documentation, and maintenance of organizational C-SCRM policies, Standard Operating Procedures (SOPs), and implementation plans; concurrently monitor and enforce policy compliance across the enterprise by conducting systematic audits and risk assessments to ensure alignment with federal mandates such as NIST SP 800-161, DFARS, FAR, and Executive Order requirements.
Acquisition Support:
Integrate C-SCRM controls into procurement documents, RFPs, and contracts, working alongside acquisition teams.
Technical Evaluation:
Perform Software Bill of Materials (SBOM) and Hardware Bill of Materials (HBOM) analysis to identify components and vulnerabilities.
Operationalization:
Develop and maintain C-SCRM policies, procedures, and Standard Operating Procedures (SOPs).
Incident Response:
Support incident response teams when compromised products are identified.
Reporting:
Create and present risk briefing materials, dashboards, and metrics to senior leadership.
Staff Officer:
Track, assign, edit, and close out incoming and outgoing taskers, congressional letters, policy documents, and decision memos.
Required Qualifications
Education & Experience:
Bachelor's degree in Computer Science, Information Systems, Cyber Security, or Supply Chain Management, plus 2-8+ years of experience in cyber risk or supply chain management.
Frameworks:
In-depth knowledge of NIST SP 800-161r1-upd1, NIST Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, and Risk Management Framework (RMF).
Technical Skills:
Experience implementing NIST and/or DoD C-SCRM policies. Familiarity with C-SCRM/Third-Party Risk Management tools such as Exiger and eMAS.
Security clearance:
TS/SCI with Poly
Desired Qualifications
Certifications:
CISSP, CISM, CRISC, or C-SCRM certification.
Task Management:
Experience with DoD/IC/NGA task management system (e.g. CATMS, NCERTS)
Domain Expertise:
DoW Cybersecurity Supply Chain Risk Management.
Communications:
Strong written and verbal communication skills
Professional Standard:
Ability to execute complex workflows under general direction. Comfortable in an independent work environment. Self-directed.