CACI International Supply Chain Risk Manager (SCRM) in Washington, District Of Columbia
Supply Chain Risk Manager (SCRM)
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: None
Employee Type: Regular
Percentage of Travel Required: None
Type of Travel: None
The CDM Program is managed within the DHS Cybersecurity and Infrastructure Security Agency (CISA), responsible for enhancing the security, resilience, and reliability of the Nation’s cyber and communications infrastructure. The DHS CDM Program mission is to safeguard and secure cyberspace in an environment where the threat of cyber-attack is continuously growing and evolving. The CDM Program defends the United States (U.S.) Federal Information Technology (IT) networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools, and associated services to strengthen the security posture of Government networks. CACI supports the CDM Program by procuring, installing, and operating a variety of cyber security capabilities for eleven federal agencies in both classified and unclassified IT operational environments.
What You’ll Get to Do:
In this role you will serve as a Supply Chain Risk Manager supporting a Department of Homeland Security (DHS) Component’s SCRM objectives and goals.
Prepare, provide, and brief cybersecurity policy support and assist in the process of identifying, assessing, and mitigating the risks associated with IT products and service supply chains.
Address additional organizational structuring in Resource Proposals and a Supply Chain Cybersecurity Tactical Plan.
Exercise Due Care and Diligence on Suppliers.
Perform damage containment and strengthen defenses.
Applying principals, methods, and knowledge to meet task requirements.
Providing advice an input relating to planning and consideration.
Designing and preparing reports, studies, and related documentation, making charts and graphs to record results, preparing and delivering presentations, training, and briefings as required.
More About the Role:
Support and carry out SCRM objectives in accordance with applicable standards, including:
Establish supply chain risk teams.
Identify and document roles and responsibilities.
Integrate cybersecurity considerations into system and product life cycles.
Use master requirements lists and SLAs to establish requirements with Suppliers.
Train key stakeholders in the organization and within the supplier’s organization.
Propagate security requirements to suppliers’ sub-suppliers.
Use Criticality Analysis Process Model or BIA to determine supplier Criticality.
Terminate supplier relationships with security in mind.
Establish visibility into suppliers’ production processes.
Mentor and coach suppliers to improve their cybersecurity practices.
Include key suppliers in incident recovery, disaster recovery, and continuity plans and tests.
Maintain a watch list of suppliers.
Establish remediation acceptance criteria for the identified risks.
Establish cybersecurity requirements.
Establish protocols for vulnerability disclosure and incident notification.
Establish protocols for communications with external stakeholders during incidents.
Collaborate on lessons learned, and update joint plans based on lessons learned.
Use third-party assessments, site visits, and formal certification to assess critical suppliers.
Have plans in place for supplied product obsolescence.
This job description summarizes the main duties of the job. It neither prescribes nor restricts the exact tasks that may be assigned to carry out these duties. This document should not be construed in any way to represent a contract of employment. Management reserves the right to review and revise this document at any time.
You’ll Bring These Qualifications:
US Citizenship required
Must meet eligibility requirements for access to classified information and successfully obtain a Top Secret (TS) clearance as a requirement for continued employment. Active clearance desired.
Bachelor’s Degree or equivalent and 7+ years of related work experience in information security and operational/procurement processes
Serve as a subject matter expert, possessing in-depth knowledge of SCRM
Applicable SCRM certification(s) are highly desired and may be a follow-on requirement
Ability to understand, interpret, and explain technical security information
Experience leading the day-to-day execution of SCRM-related efforts, including developing SCRM plans, assessing supply chain risks, and developing risk mitigation plans and monitoring their effectiveness
These Qualifications Would be Nice to Have:
Technical degree in Computer Science, Computer Engineering, or a related subject area.
Relevant Technical and/or Security Certifications (e.g. Security+, CISSP, Red Hat Security Engineer).
Experience integrating and troubleshooting systems in Windows and/or Linux environments.
Experience with at least three of these technologies and demonstrated ability to learn new technologies: Axonius, AWS, Azure, Forescout, Hyper-V, McAfee, PKI, SCCM, Tanium, Tenable, and other cybersecurity technologies.
What We Can Offer You:
We’ve been named a Best Place to Work by the Washington Post.
Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
We offer competitive benefits and learning and development opportunities.
We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.
Company Overview: At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is an Equal Opportunity Employer – Females/Minorities/Protected Veterans/Individuals with Disabilities.