Sr. Cyber Supply Chain Risk Management Consultant (C-SCRM) (Intelligence Analyst 4) - 19719

Huntington Ingalls Industries - Woodlawn, MD

posted 4 months ago

Full-time - Mid Level
Woodlawn, MD
5,001-10,000 employees
Transportation Equipment Manufacturing

About the position

HII - Mission Technologies is seeking a Senior Cyber Supply Chain Risk Management (C-SCRM) Consultant for a hybrid of telework and work at the client's site in Baltimore (Woodlawn) MD. This position requires experience in supply chain management and risk assessment/mitigation methods along with a strong background in cybersecurity. The candidate selected for this position will support the Director, Division of Strategic Information (DSI), Center for Medicare and Medicaid Services (CMS) and other government personnel. Day-to-day activities include working with other contractors on the C-SCRM line of effort as they pertain to cyber supply chain risk management, especially those related to Information and Communications Technology (ICT) assets. The role involves advising CMS DSI personnel on cybersecurity supply chain risk management policy and standard operating procedures. The consultant will identify all CMS vendors/suppliers who have ICT products/services that connect to or traverse CMS networks, which includes analyzing active contracts lists and reviewing completed Information Security Certification forms. The consultant will also review and evaluate products against known threats, known exploitable vulnerabilities (KEVs), and Common Vulnerabilities and Exposures (CVEs). Additionally, the consultant will develop and maintain processes related to C-SCRM and ICT risk assessments, analyze C-SCRM-related data, and convey the threat level to senior leadership along with recommendations on how to best mitigate risk. The position requires evaluating and monitoring software supplier adherence to Secure Software Development Framework (SSDF) attestations and other cybersecurity contractual requirements, especially for Executive Order defined critical software. The consultant will review and evaluate software supplier SBOMs for supply chain risks and provide cyber-focused risk mitigation recommendations within Supply Chain Risk Assessments. Continuous monitoring of prospective and existing supplier cyber hygiene will also be part of the responsibilities, illuminated through third-party due diligence tools or other government tools. The consultant will develop the supplier cyber evaluation portion of the supply chain risk assessment reports and collaborate with CMS' cybersecurity staff to gather and include relevant information into reports. Furthermore, the consultant will assist with the development and implementation of cyber-related supplier risk event/incident responses.

Responsibilities

  • Advise CMS DSI personnel on cybersecurity supply chain risk management policy and standard operating procedures.
  • Identify all CMS vendors/suppliers who have ICT products/services that connect to or traverse CMS networks.
  • Review/evaluate products against known threats, known exploitable vulnerabilities (KEVs), and Common Vulnerabilities and Exposures (CVEs).
  • Develop and maintain processes related to C-SCRM and ICT risk assessments.
  • Analyze C-SCRM-related data and convey the threat level to senior leadership along with a recommendation on how to best mitigate risk.
  • Evaluate and monitor software supplier adherence to Secure Software Development Framework (SSDF) attestations and other cybersecurity contractual requirements.
  • Review and evaluate software supplier SBOMs for supply chain risks, and provide cyber-focused risk mitigation recommendations within Supply Chain Risk Assessments.
  • Review and evaluate existing and prospective suppliers Service Organization Control (SOC) 2 reports.
  • Review, evaluate, and continuously monitor prospective and existing supplier cyber hygiene, illuminated through 3rd party due diligence tools or other government tools.
  • Develop the supplier cyber evaluation portion of the supply chain risk assessment reports.
  • Collaborate and liaison with CMS' cybersecurity staff to gather and include relevant information into reports.
  • Identify resources used to conduct or enhance the SCRA assessment and collaborate with the government to obtain access.
  • Contribute to development and evaluation of pre-acquisition vendor/supplier questionnaires.
  • Assist with development and implementation of cyber-related supplier risk event/incident responses.

Requirements

  • 9 years relevant experience with Bachelors in related field; 7 years relevant experience with Masters in related field; 4 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 13 years relevant experience.
  • Familiarity with cybersecurity practices to integrate cybersecurity and C-SCRM.
  • Knowledge of commercially available C-SCRM tools and proficiency in analyzing ICT products/services and understanding both supply chain risk and cybersecurity frameworks and standards.
  • Good quantitative and analytical skills.
  • Demonstrated ability to use MS Office Suite to include Word, PowerPoint, and Excel.
  • Superior oral and written communication skills.
  • Ability to effectively interact with senior executives from Government and Industry.
  • Ability to create and foster a cooperative work environment.
  • Self-directed, detail oriented in completing assigned tasks, able to adapt to changing work efforts and manage impact of shifting priorities.
  • Availability for occasional travel.
  • This position requires an active security clearance at the TS/SCI level.

Nice-to-haves

  • Bachelor's degree in business administration, supply chain management, logistics, cybersecurity, information technology, or related field.
  • 6+ years' experience in supply chain risk with specific focus on cyber supply chain management (C-SCRM).

Benefits

  • Best-in-class medical, dental and vision plan choices
  • Wellness resources
  • Employee assistance programs
  • Savings Plan Options (401(k))
  • Financial planning tools
  • Life insurance
  • Employee discounts
  • Paid holidays and paid time off
  • Tuition reimbursement
  • Early childhood and post-secondary education scholarships

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service