OREGON EMPLOYMENT DEPARTMENT - Portland, OR
posted about 2 months ago
As a Cybersecurity Supply Chain Risk Management (C-SCRM) Analyst at Vigor, you will play a crucial role within the Information Security team, directly reporting to the Information Security Director. Your primary responsibility will be to coordinate and conduct evaluations of Supply Chain vendor cyber risk management. This will involve reviewing vendor cybersecurity questionnaire responses and engaging with Supply Chain vendors to assess their cybersecurity posture. You will operate at the enterprise level, ensuring that Supply Chain contractual and regulatory requirements are effectively communicated and adhered to across our multiple companies. In this position, you will be tasked with building a comprehensive program to assist vendors in achieving compliance with NIST 800-171/CMMC standards. This includes providing guidance on industry best practices and monitoring their compliance status under a centralized Supply Chain Risk Management Plan that you will develop, implement, and manage. Your work will be pivotal in safeguarding Controlled Unclassified Information (CUI) and ensuring that our supply chain partners meet the necessary cybersecurity requirements. The role requires a deep understanding of the NIST SP 800-171 / CMMC requirements, and you will be expected to articulate these requirements clearly to vendors. You will also be responsible for documenting vendor responses in the ERP system and providing risk recommendations based on your evaluations. This position is essential for maintaining the integrity and security of our supply chain operations, and you will be a key player in fostering a culture of cybersecurity awareness and compliance within the organization.