Cyber Security (SME) C-SCRM at NOVA in Boston, Massachusetts

Job Description:

Cyber Security (SME) C-SCRM

US-DC-

Job ID: 2025-5535
Type: Full-time Exempt, Salaried
# of Openings: 1
Category: Information Technology
DOC Headquarters (DDC)

Overview

The Cybersecurity SME – C-SCR is responsible for supply chain risk management (C-SCRM) across the Department of Commerce (DOC) cybersecurity programs. This role involves evaluating supply chain threats, conducting risk assessments, developing security documentation, and ensuring compliance with federal cybersecurity requirements. The SME will work closely with technical, administrative, and executive personnel to identify supply chain vulnerabilities, assess risks, and map security controls to federal policies. Additionally, the role requires data analysis from multiple intelligence sources to inform decision-making and enhance supply chain security.

*This position is dependent upon contract award. Selected candidate must be onsite in Washington, DC.*

Responsibilities

• Supply Chain Risk Management (C-SCRM) & Compliance
• Ensure compliance with NIST SP 800-161, FISMA, Office of Management and Budget (OMB) directives, and other federal regulations related to supply chain risk management.
• Evaluate supply chain threats and develop mitigation strategies for DOC systems.
• Work with senior leadership and security teams to develop policies and best practices for managing supply chain risk.
• Provide expert analysis of third-party risk, vendor security controls, and acquisition cybersecurity requirements.
• Provide input for policies that pertain to C-SCRM. These efforts shall culminate into use of qualitative and quantitative performance metrics to measure, report on, and monitor the information security and supply chain risk performance of products, systems, and services provided by external service providers.
• Evaluate supplier risks through continuous monitoring practices for situational awareness of supply chain risks.
• Other duties as assigned.

Qualifications

• Must have an active TS/SCI clearance.
• Minimum 8 years of experience in Federal cybersecurity, including experience in supply chain risk management (C-SCRM), cybersecurity compliance, and risk assessments.
• Strong knowledge of NIST SP 800-161, FISMA, Risk Management Framework (RMF), and federal cybersecurity directives.
• Experience in assessing third-party/vendor security controls, supply chain vulnerabilities, and acquisition security requirements.
• Proficiency in supply chain risk assessment tools, security compliance frameworks, and threat intelligence analysis.
• Demonstrated ability to analyze complex security data and provide risk mitigation strategies.
• Experience in policy development, executive briefings, and cross-functional collaboration

• Education: Master’s degree in Cybersecurity, Enginering, Information Technology, or a related field.

  System Tools Familiarity: Risk assessment and compliance tools, supply chain monitoring platforms, and data analytics tools.

Desired:

• Experience working with DOC or similar federal agencies.
• Certifications such as CISSP, CISM, or CISA preferred.

Work Location:

• DOC Headquarters, Washington, DC

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.

Equal Opportunity Employer, including disability/protected veterans



Equal employment opportunity, including veterans and individuals with disabilities.

PI265906796

Apply Now