OREGON EMPLOYMENT DEPARTMENT - Portland, OR

posted about 2 months ago

Full-time - Mid Level
Portland, OR
1,001-5,000 employees

About the position

As a Cybersecurity Supply Chain Risk Management (C-SCRM) Analyst at Vigor, you will play a crucial role within the Information Security team, directly reporting to the Information Security Director. Your primary responsibility will be to coordinate and conduct evaluations of Supply Chain vendor cyber risk management. This will involve reviewing vendor cybersecurity questionnaire responses and engaging with Supply Chain vendors to assess their cybersecurity posture. You will operate at the enterprise level, ensuring that Supply Chain contractual and regulatory requirements are effectively communicated and adhered to across our multiple companies. In this position, you will be tasked with building a comprehensive program to assist vendors in achieving compliance with NIST 800-171/CMMC standards. This includes providing guidance on industry best practices and monitoring their compliance status under a centralized Supply Chain Risk Management Plan that you will develop, implement, and manage. Your work will be pivotal in safeguarding Controlled Unclassified Information (CUI) and ensuring that our supply chain partners meet the necessary cybersecurity requirements. The role requires a deep understanding of the NIST SP 800-171 / CMMC requirements, and you will be expected to articulate these requirements clearly to vendors. You will also be responsible for documenting vendor responses in the ERP system and providing risk recommendations based on your evaluations. This position is essential for maintaining the integrity and security of our supply chain operations, and you will be a key player in fostering a culture of cybersecurity awareness and compliance within the organization.

Responsibilities

  • Coordinate the review of vendor cybersecurity questionnaire responses.
  • Conduct vendor interviews to identify posture and progress in relation to NIST SP 800-171 / CMMC compliance.
  • Document responses in the ERP system and provide risk recommendations related to the sharing of Controlled Unclassified Information (CUI).
  • Develop and implement the program to support supply chain vendors needing assistance with compliance.
  • Develop and manage the Supply Chain Risk Management Plan in accordance with NIST SP 800-171r3 regulatory requirements.

Requirements

  • At least 5 years of experience in cybersecurity or related field.
  • Bachelor's degree in a relevant discipline.
  • Strong understanding of NIST SP 800-171 / CMMC requirements.

Nice-to-haves

  • Experience with vendor risk management processes.
  • Familiarity with ERP systems and documentation practices.
  • Knowledge of industry best practices for cybersecurity compliance.

Benefits

  • Competitive salary ranging from $95,000 to $105,000 per year depending on experience.
  • Equal employment opportunities without discrimination.
  • Supportive work culture that values employees and community.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service