We're in alpha · Starting with US & Canada · Shipping weekly — your feedback shapes RiseMe
RiseMe
LoginSign Up
Koniag Government Services logo
Koniag Government Services Verified
Government Contracting, IT Services, Defense, Professional Services, Cybersecurity

Cyber Supply Chain Risk Management Subject Matter Expert

Washington, District of Columbia, United StatesOnsiteFull TimePosted todayVisa sponsorship available

Koniag Data Solutions, LLC a Koniag Government Services company
,
is seeking a Cyber Supply Chain Risk Management Subject Matter Expert to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced Cybersecurity Supply Chain Risk Management (C-SCRM) Subject Matter Expert to support critical risk management operations. Working under the direction of the Department's Risk Management Branch, the ideal candidate will provide expert guidance and execute comprehensive C-SCRM processes for multiple agencies and offices. This position requires a security-minded professional with deep knowledge of supply chain vulnerabilities, federal compliance frameworks, and risk assessment methodologies. The successful candidate will play a pivotal role in protecting the Department's information systems and supply chains from evolving cyber threats.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
Responsibilities
The Cybersecurity Supply Chain Risk Management Subject Matter Expert will lead and execute C-SCRM activities across the Department's agencies and offices. Principal responsibilities will include but are not limited to:

  • Develop, implement, and maintain comprehensive C-SCRM programs and processes in alignment with NIST, FISMA, and other federal cybersecurity frameworks
  • Conduct supply chain risk assessments for information and communications technology (ICT) products, systems, and services
  • Identify, analyze, and document supply chain vulnerabilities, threats, and risk exposure across the technology lifecycle
  • Evaluate vendor and supplier security postures, including third-party and fourth-party risk assessments
  • Utilize supply chain risk management platforms such as Exiger to conduct vendor assessments and continuous monitoring
  • Review and assess security requirements in procurement documentation and contracts
  • Collaborate with acquisition teams to integrate C-SCRM controls into the procurement process
  • Develop risk mitigation strategies and recommendations for identified supply chain vulnerabilities
  • Create and maintain C-SCRM policies, procedures, standards, and guidelines
  • Monitor emerging supply chain threats and vulnerabilities, providing threat intelligence briefings to stakeholders
  • Coordinate with agency and office leadership to communicate risk findings and recommendations
  • Track and report on C-SCRM metrics and key performance indicators
  • Provide training and guidance to agency personnel on C-SCRM best practices
  • Support incident response activities related to supply chain compromises
  • Maintain documentation of all C-SCRM activities, assessments, and decisions
  • Interface with external partners, including CISA, FBI, and industry groups on supply chain security matters

Required
Education and Experience:

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or related field from an accredited college or university
  • 8+ years of experience in cybersecurity, with at least 4 years focused on supply chain risk management
  • Experience working in federal government environments or supporting federal agencies
  • Demonstrated experience conducting supply chain risk assessments
  • Hands-on experience with supply chain risk management tools such as Exiger
  • Knowledge of federal acquisition processes and procurement regulations

Security Requirement

  • Ability to obtain a public trust.

Desired

  • Master's degree in related field
  • Active Top Secret clearance
  • Experience supporting Department-level risk management programs

Required Skills And Competencies

  • Expert knowledge of C-SCRM frameworks including NIST SP 800-161, NIST Cybersecurity Framework, and ISO 28000 series
  • Strong understanding of FISMA, FedRAMP, CMMC, and other federal compliance requirements
  • Proficiency in conducting risk assessments using NIST SP 800-30 and similar methodologies
  • Demonstrated ability to use supply chain risk management platforms such as Exiger for vendor risk assessment, due diligence, and continuous monitoring
  • Knowledge of software and hardware supply chain vulnerabilities, including counterfeit components, malicious insertions, and tampering
  • Understanding of secure software development lifecycle (SSDLC) and DevSecOps principles
  • Familiarity with threat intelligence sources and supply chain threat landscapes
  • Experience with vulnerability management tools and security assessment platforms
  • Strong analytical and critical thinking skills with attention to detail
  • Excellent written and verbal communication skills, including ability to present complex technical concepts to non-technical audiences
  • Ability to work independently and manage multiple concurrent projects
  • Proficiency with Microsoft Office Suite and collaboration tools
  • Strong interpersonal skills and ability to build relationships across organizational boundaries
  • Knowledge of contract language and security requirements documentation
  • Understanding of open-source software risks and software bill of materials (SBOM) concepts

Desired Skills And Competencies

  • Professional certifications such as CISSP, CISM, CRISC, or C-SCRM certification
  • Experience with Government Risk and Compliance (GRC) platforms
  • Experience with additional third-party risk management tools (e.g., Black Kite, BitSight, SecurityScorecard, RiskRecon)
  • Knowledge of zero-trust architecture principles
  • Familiarity with artificial intelligence and machine learning supply chain risks
  • Experience with cloud service provider security assessments
  • Understanding of hardware root of trust and secure boot technologies
  • Knowledge of critical infrastructure protection requirements
  • Experience developing security architecture documentation
  • Familiarity with Insider Threat programs
  • Background in intelligence analysis or counterintelligence
  • Experience supporting security authorization processes (ATO/ATOs)
  • Knowledge of Section 508 compliance requirements
  • Previous experience as a technical advisor

Our Equal Employment Opportunity Policy
The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.
*Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.*
*Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352*

Ready to apply?
You'll be redirected to Koniag Government Services's application page.