Senior Cybersecurity Supply Chain Risk Management (SCRM) Analyst Job at Network
Network Designs, Washington DC, Washington DC, US
About NDi: Network Designs, Inc. (NDi) is a leading Federal contractor that specializes in designing, developing, and delivering information technology and network solutions for government customers. Founded in 1985, NDi's firmly defined core values have driven all aspects of the business, which have been paramount to our company's success and the establishment of an enjoyable workplace atmosphere. At NDi, we believe that our people are the cornerstone of our success, and we value collaboration, career growth, and winning ideas. Military Veterans Encouraged to Apply. Job Description: The Senior Cybersecurity Supply Chain Risk Management (SCRM) Analyst supports the Agency's Office of the Chief Information Officer (OCIO) by managing cybersecurity risks associated with the Agency's complex, globally distributed, and interconnected supply chain ecosystem for information, communications, and operational technology (ICT/OT). This role ensures that ICT/OT products and services meet security, integrity, and resilience standards throughout their lifecycle. The position involves analyzing procurement documentation, assessing supplier risk, and supporting tiered determinations that inform procurement or redirection of assets. Requirements:
- U.S. Citizenship is required
- Must possess an active TS clearance at the time of application, be willing and able to obtain SCI access, and pass a CI polygraph.
- This position is onsite 5/days a week in Washington D.C.
- Bachelor's degree from an accredited institution in computer science, business management, or an IT-related discipline
- 8+ years of experience in cybersecurity, risk management, or supply chain analysis. Equivalent combinations of experience, certifications, or demonstrated prior work may substitute for formal experience
- Certifications: Network+ and Security+ or equivalent IT certifications (preferred)
- Provide analytical support to identify, assess, and mitigate cybersecurity risks of supply chain compromise-both intentional and unintentional.
- Evaluate and manage risks associated with the distributed and interconnected nature of ICT/OT product and service supply chains.
- Ensure the integrity, security, quality, and resilience of the supply chain and its products and services.
- Develop detailed technical vulnerability reports for ICT products and "as-a-service" procurements.
- Identify areas where existing security policies and procedures require updates or where new ones should be developed, particularly in support of business expansion.
- Provide subject matter expertise on information security to technology teams and enterprise projects.
- Contribute to the creation of security architecture standards for the adoption of new technologies.
- Identify, quantify, and recommend mitigation actions for security risks impacting enterprise projects.
- Produce management reporting, including metrics and analyses that inform senior leadership about the state of supply chain risk and information security posture.
- Maintain awareness of industry trends, cost drivers, and business factors influencing the Agency's information security and supply chain programs.