Cyber-Supply Chain Risk Management (C-SCRM) SME Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Leidos · 4 hours ago

Cyber-Supply Chain Risk Management (C-SCRM) SME Analyst

positionGaithersburg, MD
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$131K/yr - $237K/yr
date12+ years exp

Leidos is a leading defense and technology company, seeking an experienced Cyber-Supply Chain Risk Management (C-SCRM) SME Analyst to enhance and adopt enterprise data and analytics products for the Department of Defense. The role involves conducting risk assessments, ensuring compliance with regulations, and providing expertise in supply chain risk management to safeguard mission-critical functions.

ComputerGovernmentInformation ServicesInformation TechnologyNational SecuritySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Conducts comprehensive Cyber Supply Chain Risk Assessments on systems, products, and suppliers to identify vulnerabilities, foreign influence, and compliance gaps
Monitors program adherence to all applicable supply-chain policies, federal regulations, Executive Orders, and Office of Management and Budget (OMB) memorandums
Ensures continuous compliance with National Institute of Standards and Technology (NIST) guidelines and statutory requirements such as the National Defense Authorization Act (NDAA) Section 889 Parts A and B
Provides risk findings and mitigation recommendations to leadership to safeguard the integrity, security, and reliability of the supply chain
Provide subject matter expertise in DoD Supply Chain Risk Management (SCRM) to implement, expand, and mature an end-to-end SCRM program
Support the development and continued refinement/updates of Mission Assurance policy
Produce and present briefings of their findings, as well as meeting minutes, after action reports, trip reports, as necessary
Support SCRM Commercial Assessments of Networks, Network availability, and germane hardware to protect DoD's mission critical functions
Capture specific information from the PMO and submitting that information as a Request for Information (RFI) to the appropriate entity to support SCRM CounterIntelligence (CI) risk management analysis
Gather requirements and develop SCRM RFIs
Project manage SCRM Threat Analysis Center (TAC) RFI queue (informal inquiries, quick turn reports, formal SCRM TAC RFIs)
Support the implementation of SCRM processes and policies
Support periodic collection of SCRM internal process metrics in accordance with SCRM SOPs/CONOPS
Support the implementation of the SCRM program strategy SCRM training, SCRM procedures, and other support related to supply chain risk management
Conduct evaluations and prepare reports detailing any potential foreign influence or threats to DoD supply chains
Risk assessment products shall be prepared in accordance with guidance from the Government Program lead, in accordance with SCRM Standard Operating Procedures (SOPs) and Concept of Operations (CONOPS)
Maintain active lines of communication with MA/SCRM Liaison at the Government
Integrate with ConMon dashboard to ensure visibility of FOCI, SBOM and attestations

Qualification

DoD SCRM standardsCybersecurity experienceGRC tools proficiencyRisk assessment analysisSBOMHBOM analysisNIST guidelines knowledgeProject Management fundamentalsOperational leadershipAnalytical skillsCommunication skillsTeam leadershipProblem-solving skills

Required

Top Secret with SCI eligibility security clearance
Bachelor's Degree and 12+ years of experience; additional relevant experience may be substituted in lieu of degree
Knowledge of DoD SCRM standards, including DoDI 5200.44, NIST 800-161, NIST 800-53A
Demonstrated ability to communicate with senior government customers and the ability to influence within multiple levels of the organization
Developing SBOM and HBOM analysis, analyze end-to-end cyber supply chain risks
Proficient using GRC tools such as eMASS
Cybersecurity experience
Project Management fundamentals
Demonstrated experience with 12 years of related experience
In-depth analysis of C-SCRM, Zero Trust Capabilities, Infrastructures and Architecture
8+ years of team and/or operational leadership experience
10+ years of experience in USG cyber risk management, assessments and authorization (A&A), and using NIST Special Publications (SP) (e.g.: SP800-30, SP800-37, SP800-53, etc.)
10+ years of experience in designing and engineering enterprise IT solutions within the USG using NIST SP (e.g.: SP800-60, SP800-64, SP800-80, SP800-122, SP800-137, SP800-146, SP800-160, SP800-204, SP800-207, SP800-213, etc.)
Certifications in Cybersecurity like Security plus, CISM

Preferred

Active TS/SCI
Master's degree in supply chain management, engineering, cybersecurity, or other technical discipline
Project Management Experience or PMP
Experience with core Systems Engineering Disciplines (Requirements, Schedule, Risk, Readiness, System Closure, etc.)
Certifications in Cybersecurity like CISSP, CISM, ERAI certification or CASP are strongly preferred

Company

Leidos

twittertwittertwitter
Glassdoor3.9
company-logo
Leidos is a Fortune 500® innovation company rapidly addressing the world’s most vexing challenges in national security and health.
dateFounded in 1969
location
Reston, Virginia, USA
people-size10001+ employees
web-link
https://www.leidos.com

Funding

Current Stage
Public Company
Total Funding
unknown
2025-02-20Post Ipo Debt
2013-09-17IPO

Leadership Team

leader-logo
James Carlini
Chief Technology Officer
linkedin
leader-logo
Theodore Tanner
Chief Technology Officer
linkedin

Recent News

Fortune
Fortune 500 Power Moves: Which executives gained and lost power this week
2025-12-20
MarketScreener
Leidos Names Theodore Tanner Chief Technology Officer
2025-12-16
Benzinga.com
Citigroup, Leidos Holdings And More On CNBC's 'Final Trades'
2025-12-16
Company data provided by crunchbase