Arctic Slope Regional Corporation - Alexandria, VA
posted 2 months ago
Full-time
Remote - Alexandria, VA
Support Activities for Mining
About the position
The Cybersecurity Supply Chain Risk Management role at ASRC Federal involves overseeing the development and maintenance of a Software Bill of Materials (SBoM) to ensure compliance with cybersecurity standards within the software supply chain. The position requires leading the implementation of the Sonatype SBoM tool, conducting software security scans, and collaborating with various stakeholders to mitigate risks associated with software dependencies and vulnerabilities. The ideal candidate will possess strong expertise in supply chain cybersecurity, vendor management, and risk mitigation strategies.
Responsibilities
- Develop and maintain a comprehensive Software Bill of Materials (SBoM) for the organization.
- Implement and manage the Sonatype SBoM tool, ensuring accurate tracking of software components.
- Perform regular analysis of SBoM scans, ensuring secure integration of software libraries and dependencies.
- Collaborate with legal and compliance teams to ensure open-source software adheres to licensing requirements.
- Lead supply chain risk management efforts, ensuring unauthorized or risky software components are not integrated into systems.
- Work with program owners to guide decisions on software integration and migration, such as transitioning frameworks (e.g., Angular to Spring).
- Develop and maintain a risk register for supply chain risks, identifying critical suppliers and high-risk areas.
- Establish and enforce security controls, policies, and procedures to mitigate supply chain risks.
- Lead efforts to implement risk mitigation strategies, including vendor audits and continuous monitoring.
- Conduct due diligence of suppliers, ensuring adherence to cybersecurity standards and best practices.
- Manage relationships with vendors, focusing on improving supply chain resilience and resolving cybersecurity issues.
- Support audits and maintain documentation related to supply chain cybersecurity compliance.
- Stay informed on the latest regulations and best practices in supply chain cybersecurity and integrate them into organizational processes.
Requirements
- Active secret clearance is required.
- Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field. Equivalent work experience may be considered.
- Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification.
- 8+ years of experience in information technology/cybersecurity operations.
- Experience with supply chain risk management in the context of software development and cybersecurity.
- Familiarity with Sonatype tools and SBoM concepts.
- Strong understanding of open-source software licensing models and compliance.
- Familiarity with supply chain technologies and their potential cybersecurity risks.
- Knowledge of cybersecurity practices, especially in a DoD context.
