Supply Chain Risk Management; SCRM Lead

Summary

Supply Chain Risk Management (SCRM) Lead – Falls Church, Virginia. Full-time.

Important Notice: This position is contingent upon contract award.

• Develop comprehensive supply chain risk management program.
• Manage 30-80 third-party vendor relationships requiring security assessment.
• Conduct 20-40 vendor security assessments annually.
• Review 50-150 commercial software products for supply chain risk.
• Analyze software composition and third-party dependencies.
• Interface with contracting and acquisition teams on security requirements.
• Develop 5-15 SCRM policies and procedures.
• Monitor vendor security posture for changes and incidents.

• Vendors Managed: 30-80 requiring assessment per network.
• Annual Assessments: 20-40 vendor security evaluations.
• Software Reviews: 50-150 commercial products assessed.
• SCRM Policies: 5-15 procedures developed and maintained.
• Quarterly Reports: SCRM metrics and risk reporting.

• Clearance:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS) based on network assignment.
• Education:
  
  Bachelor s Degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Experience:
  
  10+ years cybersecurity; 3+ years supply chain risk management or third-party risk.
• Certifications:
  
  CISSP required; CISM, CRISC, or procurement certifications desired.
• Technical Knowledge:
  Understanding of supply chain security threats, vendor risk assessment methodologies, Software Composition Analysis, NIST 800-161.

Advana is the Department of Defense Chief Digital and Artificial Intelligence Office s (CDAO) enterprise-wide data, analytics, and AI platform. Advana provides DoD military and civilian decision makers with unprecedented access to enterprise data, tools, and capabilities in a secure environment. The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.

This position supports comprehensive cybersecurity operations for the Advana platform across three classified networks (NIPR, SIPR, JWICS).

Position Status:

• This position is contingent upon contract award.
• Start date will be determined upon contract award.
• We will maintain contact with selected candidates throughout the award process.

• U.S. Citizen required.
• Clearance varies by network:
  Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS).
• On-premises work required at Suffolk Building, Falls Church, VA.
• No remote work options available.
• Standard business hours with operational flexibility.

• 4 Weeks Paid Time Off.
• All Federal Holiday’s Paid Vacation.
• Four Percent Matching 401K.
• Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC.

We thank all applicants for their interest. Only candidates selected for interviews will be contacted.