DescriptionCyber Security SME/SCRM Analyst
This position requires the ability to obtain a Public Trust
We are seeking a highly knowledgeable and experienced Cybersecurity Subject Matter Expert (SME) and Supply Chain Risk Management (SCRM) Analyst to provide expert-level systems analysis, design, integration, and implementation advice on complex cybersecurity challenges, with a specific focus on managing supply chain risks. The successful candidate will contribute to all phases of study development, assist with SCRM program management efforts, and conduct security risk assessments of third-party vendors. Additionally, the Analyst will play a critical role in enhancing cybersecurity awareness through training programs and ensuring adherence to federal regulations, including NIST SP 800-53 Rev. 5 and OMB M-22-18.
Compensation & Benefits:
Estimated Starting Salary Range for Cyber Security SME/SCRM Analyst: $165,000-$170,000
Pay commensurate with experience.
Full time benefits include Medical, Dental, Vision, 401K and other possible benefits as provided. Benefits are subject to change with or without notice.
Cyber Security SME/SCRM Analyst Responsibilities Include:
- Provide high-level analysis, design, and integration advice on complex cybersecurity challenges, particularly within the realm of supply chain risk management (SCRM).
- Assist the SCRM Task Lead with managing and governing the organization’s cybersecurity SCRM program, ensuring that procedures are up-to-date and aligned with federal regulations.
- Identify and categorize supply chain vendors into risk levels based on services and products provided and conduct thorough security risk assessments to identify gaps against security controls and requirements.
- Develop and maintain a framework for proactively managing cybersecurity supply chain risks, addressing issues such as counterfeit insertion, tampering, unauthorized production, theft, and insertion of malicious code throughout the Software Development Life Cycle (SDLC).
- Integrate SCRM concepts into the organization’s Information Security Continuous Monitoring (ISCM) program, as part of the transition to NIST SP 800-53 Rev. 5.
- Support the implementation of OMB M-22-18 and assist in integrating the Secure Software Development Framework (SSDF) into the SDLC and ISCM processes.
- Establish and contribute to a Cyber Workforce Training, Education, and Awareness Program, including the creation of certificate pathways for key cybersecurity roles, with a focus on setting training requirements and ensuring accountability.
- Assist the customer in developing and maintaining a well-trained cybersecurity workforce that can achieve and maintain necessary industry certifications and academic credentials.
- Support the Information System Security Officer (ISSO) function by assisting in the development of Authority to Operate (ATO) packages and strategizing ways to centralize the ISSO support function.
- Prepare and deliver senior management presentations, reports, and briefings on the progress of cybersecurity initiatives, SCRM efforts, and workforce development.
- Performs other job-related duties as assigned
Cyber Security SME/SCRM Analyst Experience, Education, Skills, Abilities requested:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
- Minimum 5 years of experience in cybersecurity, with a focus on supply chain risk management (SCRM) and cybersecurity program management.
- Possesses IAT Level II certification (e.g., CompTIA Security+, GIAC, or equivalent).
- Strong understanding of NIST SP 800-53 Rev. 5, federal cybersecurity regulations, and supply chain risk management frameworks.
- Experience conducting security risk assessments for third-party vendors and identifying compliance gaps.
- Familiarity with the Information Security Continuous Monitoring (ISCM) process and the integration of SCRM concepts into cybersecurity frameworks.
- Ability to manage complex projects and collaborate with cross-functional teams to achieve cybersecurity goals.
- Experience supporting the ISSO function and developing ATO packages.
- Strong written and verbal communication skills, with the ability to present complex technical information to both technical and non-technical audiences.
- Experience with Secure Software Development Framework (SSDF) and its integration into organizational processes preferred.
- Familiarity with the implementation of OMB M-22-18 and other federal cybersecurity regulations preferred.
- Proven track record of managing and maintaining cybersecurity workforce training programs, including certification tracking and development preferred.
- Past applicable job experience may include, but is not limited to: Cyber Security Specialist, Security Risk Management Analyst, or Information Security Consultant
- Must pass pre-employment qualifications of Cherokee Federal
Company Information:
Cherokee United Services (CUS) is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about CUS, visit cherokee-federal.com.
#CherokeeFederal #LI #LI-REMOTE
Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.
Similar searchable job titles
Cyber Security Specialist
Security Risk Management Analyst
Information Security Consultant
Cyber Risk Analyst
Security Compliance Analyst
Keywords
Risk Analysis
Compliance Assessment
Threat Intelligence
Vulnerability Assessment
Incident Management
Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.
Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.