Cyber Supply Chain Risk Management Subject Matter Expert

Koniag Data Solutions LLC a Koniag Government Services company is seeking a Cyber Supply Chain Risk Management Subject Matter Expert to support KDS and our government customer in Washington DC. This position requires the candidate to be able to obtain a Public offer competitive compensation and an extraordinary benefits package including health dental and vision insurance 401K with company matching flexible spending accounts paid holidays three weeks paid time off and Data Solutions a Koniag Government Services company is seeking an experienced Cybersecurity Supply Chain Risk Management (C-SCRM) Subject Matter Expert to support critical risk management operations. Working under the direction of the Departments Risk Management Branch the ideal candidate will provide expert guidance and execute comprehensive C-SCRM processes for multiple agencies and offices. This position requires a security-minded professional with deep knowledge of supply chain vulnerabilities federal compliance frameworks and risk assessment methodologies. The successful candidate will play a pivotal role in protecting the Departments information systems and supply chains from evolving cyber Functions Responsibilities & Duties may include but are not limited to:The Cybersecurity Supply Chain Risk Management Subject Matter Expert will lead and execute C-SCRM activities across the Departments agencies and offices. Principal responsibilities will include but are not limited to:Develop implement and maintain comprehensive C-SCRM programs and processes in alignment with NIST FISMA and other federal cybersecurity frameworksConduct supply chain risk assessments for information and communications technology (ICT) products systems and servicesIdentify analyze and document supply chain vulnerabilities threats and risk exposure across the technology lifecycleEvaluate vendor and supplier security postures including third-party and fourth-party risk assessmentsUtilize supply chain risk management platforms such as Exiger to conduct vendor assessments and continuous monitoringReview and assess security requirements in procurement documentation and contractsCollaborate with acquisition teams to integrate C-SCRM controls into the procurement processDevelop risk mitigation strategies and recommendations for identified supply chain vulnerabilitiesCreate and maintain C-SCRM policies procedures standards and guidelinesMonitor emerging supply chain threats and vulnerabilities providing threat intelligence briefings to stakeholdersCoordinate with agency and office leadership to communicate risk findings and recommendationsTrack and report on C-SCRM metrics and key performance indicatorsProvide training and guidance to agency personnel on C-SCRM best practicesSupport incident response activities related to supply chain compromisesMaintain documentation of all C-SCRM activities assessments and decisionsInterface with external partners including CISA FBI and industry groups on supply chain security mattersEducation and Experience:Required:Bachelors degree in Cybersecurity Information Technology Computer Science Risk Management or related field from an accredited college or university8 years of experience in cybersecurity with at least 4 years focused on supply chain risk managementExperience working in federal government environments or supporting federal agenciesDemonstrated experience conducting supply chain risk assessmentsHands-on experience with supply chain risk management tools such as ExigerKnowledge of federal acquisition processes and procurement regulationsSecurity Requirement:Ability to obtain a public trust. Desired:Masters degree in related fieldActive Top Secret clearanceExperience supporting Department-level risk management programsRequired Skills and Competencies:Expert knowledge of C-SCRM frameworks including NIST SP 800-161 NIST Cybersecurity Framework and ISO 28000 seriesStrong understanding of FISMA FedRAMP CMMC and other federal compliance requirementsProficiency in conducting risk assessments using NIST SP 800-30 and similar methodologiesDemonstrated ability to use supply chain risk management platforms such as Exiger for vendor risk assessment due diligence and continuous monitoringKnowledge of software and hardware supply chain vulnerabilities including counterfeit components malicious insertions and tamperingUnderstanding of secure software development lifecycle (SSDLC) and DevSecOps principlesFamiliarity with threat intelligence sources and supply chain threat landscapesExperience with vulnerability management tools and security assessment platformsStrong analytical and critical thinking skills with attention to detailExcellent written and verbal communication skills including ability to present complex technical concepts to non-technical audiencesAbility to work independently and manage multiple concurrent projectsProficiency with Microsoft Office Suite and collaboration toolsStrong interpersonal skills and ability to build relationships across organizational boundariesKnowledge of contract language and security requirements documentationUnderstanding of open-source software risks and software bill of materials (SBOM) conceptsDesired Skills and Competencies:Professional certifications such as CISSP CISM CRISC or C-SCRM certificationExperience with Government Risk and Compliance (GRC) platformsExperience with additional third-party risk management tools (e.g. Black Kite BitSight SecurityScorecard RiskRecon)Knowledge of zero-trust architecture principlesFamiliarity with artificial intelligence and machine learning supply chain risksExperience with cloud service provider security assessmentsUnderstanding of hardware root of trust and secure boot technologiesKnowledge of critical infrastructure protection requirementsExperience developing security architecture documentationFamiliarity with Insider Threat programsBackground in intelligence analysis or counterintelligenceExperience supporting security authorization processes (ATO/ATOs)Knowledge of Section 508 compliance requirementsPrevious experience as a technical advisorOur Equal Employment Opportunity PolicyThe company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race color religion creed ethnicity sex sexual orientation gender or gender identity (except where gender is a bona fide occupational qualification) national origin or ancestry age disability citizenship military/veteran status marital status genetic information or any other characteristic protected by applicable federal state or local law. We are committed to equal employment opportunity in all decisions related to employment promotion wages benefits and all other privileges terms and conditions of company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website please get in touch with Heaven Wood via e-mail by calling to request Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical professional and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers employees and native communities. For more information please Opportunity Employer/Veterans/ Preference in accordance with Public Law 88-352