TITLE:   Cyber Supply Chain Risk Management (SCRM)

　　LOCATION: Herndon, VA (occasional travel in DC metro area)

　　WORK DETAILS: An agreed upon 8-hour workday during business hours (Monday-Friday between 7:00 am and 7:00 pm) 40-hour work week. Requires in the office 1 day a week (Tuesday) and remaining telework.

　　DUTIES AND RESPONSBILITES:

　　Administer third party supplier inventory information in our Governance Risk & Compliance (GRC) tool (Archer) and ensure it is always complete and up to date

　　Manage suppliers and other configuration information in our third-party risk intelligence tool (Black Kite)

　　Monitor and analyze provider risk information from the risk intelligence tool

　　Collect and review supplier documentation such as questionnaires, independent assessment reports, and other requested information.

　　Monitor suppliers for compliance with security controls and frameworks

　　Perform compliance reviews of suppliers against SI security requirements

　　Coordinate with suppliers and their SI stakeholders to remediate identified risks and maintain risk intelligence tool information

　　Participate in the Technical Review Board for assessment of new suppliers

　　Assist Security Operations Center (SOC) with responding to supplier incidents and breaches

　　Measure and report on supplier risks

　　Develop and maintain SI’s SCRM procedures and policies

　　Plan and perform activities to resolve IG findings related to SCRM.

　　Deliver presentations and collaborate on training content to SI personnel related to SCRM.

　　Provide reports to ITSS and OCIO management based on activities performed.

　　Collaborate and communicate effectively with ITSS team, SI stakeholders, and suppliers. Develop effective working relationships with colleagues and project stakeholders.

　　Respond to and resolve assigned service tickets related to Supply Chain Risk Management

　　REQUIRMENT SKILLS AND ABILITIES:

　　Knowledge and experience with supply chain / third party risk management

　　Broad understanding and experience with cybersecurity concepts, risk management frameworks, and IT system technologies. Understanding of NIST and PCI DSS frameworks preferred.

　　Experience performing risk assessments and compliance reviews.

　　Ability to work directly with suppliers and SI stakeholders to explain and collaborate on resolution of risks. Must be able to influence and build rapport with reluctant participants.

　　Must have a systematic and detail-oriented approach to effectively manage the complex landscape of supply chain security

　　Ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments.

　　Excellent writing, interpersonal and communication skills. Must be able to effectively communicate with a variety of audiences.

　　Ability to work both independently and collaboratively with teams. The contractor must be responsible and capable of working with minimal supervision to effectively achieve the goals stated above, but also work well with others.

　　 Qualifications:

　　Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related field.

　　Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).

　　ADDITIONAL INFORMATION

　　SALARY AND BENEFITS

　　The leadership of our Company believes in attracting and retaining exceptional talent committed to serving our clients. We offer a generous benefits package including health insurance, paid vacation, disability, and life insurance, and more. Please visit our Careers page for additional information. Salary and benefits information will be available to applicants, when and if an offer is made.

　　OUR COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION

　　The leadership of our Company is committed to a work culture of zealous advocacy, respect, diversity and inclusion, client-oriented defense, access to justice and excellent representation. We are dedicated to building a strong professional relationship with each of our clients, to understanding their diverse circumstances, and to meeting their needs. Our ability to achieve these goals depends on the efforts of all of us.

　　HOW TO APPLY

　　All applications must be completed online. We do not accept paper submissions. Please visit our Careers Page to review all current job postings, and instructions on the application process.

　　As an Equal Employment Opportunity (EEO) Employer, Cycurion, Inc. and our Subsidiaries prohibit discriminatory employment actions against and treatment of its employees and applicants for employment based on actual or perceived race or color, size (including bone structure, body size, height, shape, and weight), religion or creed, alienage or citizenship status, sex (including pregnancy), national origin, age, sexual orientation, gender identity (one’s internal deeply-held sense of one’s gender which may be the same or different from one’s sex assigned at birth; one’s gender identity may be male, female, neither or both, e.g., non-binary), gender expression (the representation of gender as expressed through, for example, one’s name, choice of pronouns, clothing, haircut, behavior, voice, or body characteristics; gender expression may not be distinctively male or female and may not conform to traditional gender-based stereotypes assigned to specific gender identities), disability, marital status, relationship and family structure (including domestic partnerships, polyamorous families and individuals, chosen family, platonic co-parents, and multigenerational families), genetic information or predisposing genetic characteristics, military status, domestic violence victim status, arrest or pre-employment conviction record, credit history, unemployment status, caregiver status, salary history, or any other characteristic protected by law.

　　Powered by JazzHR