Cybersecurity and Supply Chain Risk Manager

Washington, District of Columbia, United States - Remote

Applications have closed

Avint is seeking a motivated, career, and customer-oriented Cybersecurity and Supply Chain Risk manager with a current DoD Secret Clearance to join our team in the Reston, VA area to provide unparalleled support to multiple Federal Agencies through DHS Cybersecurity and Infrastructure Security Agency's (CISA) Continuous Diagnostics and Mitigation (CDM) Program. The CDM Program mission is to safeguard and secure cyberspace in an environment where the threat of cyber-attack is continuously growing and evolving. The CDM Program defends the United States (U.S.) Federal Information Technology (IT) networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools, and associated services to strengthen the security posture of Government networks. We support the CDM Program by procuring, installing, and operating a variety of cyber security capabilities for eleven federal agencies in both classified and unclassified IT operational environments.

Responsibilities:

  • In this role you will serve as a Cybersecurity Supply Chain Risk Management SME supporting a Department of Homeland Security (DHS) Component’s C-SCRM objectives and goals.
  • Prepare, provide, and brief cybersecurity policy support and assist in the process of identifying, assessing, and mitigating the risks associated with IT products and service supply chains.
  • Address additional organizational structuring in Resource Proposals and a Supply Chain Cybersecurity Tactical Plan including considerations with product procurement/acquisitions.
  • Exercise Due Care and Diligence on Suppliers.
  • Perform damage containment and strengthen defenses
  • Applying principals, methods, and knowledge to meet task requirements
  • Providing advice an input relating to planning and consideration
  • Designing and preparing reports, studies, and related documentation, making charts and graphs to record results, preparing and delivering presentations, training, and briefings as required
  • Support and/or carry out C-SCRM objectives in accordance with applicable standards, including:
    • Establish supply chain risk teams
    • Identify and document roles and responsibilities
    • Integrate cybersecurity considerations into system and product life cycles (including procurement/acquisition.)
    • Use master requirements lists and SLAs to establish requirements with Suppliers.
    • Train key stakeholders in the organization and within the supplier’s organization.
    • Propagate security requirements to suppliers’ sub-suppliers.
    • Use Criticality Analysis Process Model or BIA to determine supplier Criticality.
    • Terminate supplier relationships with security in mind.
    • Establish visibility into suppliers’ production processes
    • Mentor and coach suppliers to improve their cybersecurity practices.
    • Include key suppliers in incident recovery, disaster recovery, and continuity plans and tests.
    • Maintain a watch list of suppliers.
    • Establish remediation acceptance criteria for the identified risks.
    • Establish cybersecurity requirements
    • Establish protocols for vulnerability disclosure and incident notification.
    • Establish protocols for communications with external stakeholders during incidents
    • Collaborate on lessons learned, and update joint plans based on lessons learned.
    • Use third-party assessments, site visits, and formal certification to assess critical suppliers.
    • Have plans in place for supplied product obsolescence.


Requirements

  • US Citizenship required
  • Active Secret clearance required
  • Bachelor’s Degree or equivalent and 7+ years of related work experience in information security and operational, procurement/acquisition processes
  • Serve as a subject matter expert, possessing in-depth knowledge of SCRM
  • Applicable SCRM certification(s) are highly desired and may be a follow-on requirement
  • Ability to understand, interpret, and explain technical security information
  • Experience leading the day-to-day execution of SCRM-related efforts, including developing and implementing SCRM plans, assessing supply chain risks, and developing risk mitigation plans and monitoring their effectiveness
  • Working knowledge of NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations and the NIST Cybersecurity Framework.
  • Familiar with ISO/IEC 27002: Code of practice for information security controls; ISO/IEC 27036-1, Information Security for Supplier Relationships; ISO/IEC 20243 / O-TTPS, Open Trusted Technology Provider Standard

Preferred:

  • Strong communication and organization skills
  • Highly motivated, independent thinker and team player
  • Ability to work in fast paced environment balancing competing demands and deadlines
  • Certified Information Systems Security Professional (CISSP) or equivalent certification

Benefits

Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, a unique 401K plan, and generous PTO and Federal Holidays.

Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development!

Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class.

Tags: C CISA CISSP Clearance Clearance Required DoD Monitoring NIST Risk management SLAs TTPs

Perks/benefits: 401(k) matching Career development Health care

Regions: Remote/Anywhere North America
Country: United States
Job stats:  16  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.