Mantech

MANTECH seeks a motivated, career and customer-oriented Senior Cybersecurity Supply Chain Risk Analyst to join our team in Stafford, VA.

Responsibilities include but are not limited to:

• Plays a crucial role in identifying, assessing, and mitigating cybersecurity risks associated with the IT supply chain, possessing a deep understanding of cybersecurity principles, supply chain management processes, and risk assessment methodologies.

• Responsible for developing and implementing risk management strategies, conducting thorough assessments of vendors and suppliers, and collaborating with stakeholders to ensure the security and resilience of the IT supply chain.

• Develops and maintains a comprehensive Cybersecurity Supply Chain Risk Management Program and conducts risk assessments of new and existing vendors/suppliers, evaluating their security posture, controls, and compliance.

• Identifies and analyzes potential cybersecurity threats and vulnerabilities within the IT supply chain, developing and implementing risk mitigation strategies including security controls, contractual obligations, and Incident Response Plans.

• Collaborates with procurement and vendor management teams to integrate security requirements into vendor selection and onboarding processes, establishes/maintains security standards for vendors, and monitors their performance and compliance.

• Stays abreast of emerging cybersecurity threats and vulnerabilities affecting the IT supply chain, monitors threat intelligence, develops threat monitoring/detection mechanisms, collaborates with Incident Response Teams to investigate/respond to incidents, develops Incident Response Plans for supply chain disruptions, collaborates with various internal stakeholders, communicates with vendors/suppliers on security requirements, and provides direction and mentorship to subordinate staff.

Minimum Qualifications:

• BA/BS in field necessary to assume Cybersecurity Supply Chain Risk Analyst duties or 4 additional years of experience in lieu of a degree

• 9+ years of experience with 5+ years of relevant Cybersecurity Supply Chain Risk Analyst experience.

• Strong understanding of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001). Knowledge of supply chain management processes and best practices.

• Experience with risk assessment methodologies and tools.

• Must have CompTIA Security+.

Preferred Qualifications:

• Master’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.

• Deep familiarity with Government security regulations and compliance requirements, including a thorough understanding of NIST, FedRAMP, and DoD STIGs.

• Knowledge of supply chain security guidelines and standards specific to Government environments, and familiarity with Government-specific SCRM methodologies, tools, and best practices.

• Strong understanding of the various threats and vulnerabilities that can impact the cybersecurity supply chain, including those related to software, hardware, services, and third-party providers, and familiarity with frameworks like NIST C-SCRM and international standards like ISO 28000.

• Relevant certifications such as CISSP, CISM, CRISC, GIAC (e.g., GSLC, GCED, GSTRT), and Certified Supply Chain Professional (CSCP).

• Experience at a DoD Combatant Command (e.g., SOUTHCOM, NORTHCOM, CENTCOM, CYBERCOM, INDOPACOM, EUCOM, AFRICOM, STRATCOM, TRANSCOM, SOCOM, SPACECOM) or a component is desired.

Clearance Requirements:

• Must have an active Secret Clearance

Physical Requirements:

• Must be able to remain in stationary position for up to 50% of the time.

• Must be able to deliver clear and effective communication verbally and via email, phone, and virtual communication platforms to interface with co-workers and customers.

• Must be able to occasionally move about inside an office environment to access file cabinets, office machinery, and communicate with co-workers.