drjobs Cyber Supply Chain Risk Management CSCRM Governance Lead
  1. Home
  2. Jobs In USA
  3. Cyber Supply Chain Risk Management CSCRM Governance Lead

Cyber Supply Chain Risk Management CSCRM Governance Lead

MM International
Posted on : 25-10-2024

Employer Active

drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
drjobs
Register to Apply Apply Now
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Alexander City - USA

Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Posted on : 25-10-2024

Job Description

Position: Cyber Supply Chain Risk Management (CSCRM) Governance Lead

Location: Woodlawn MD United States

Duration: Contract Long Term

Duties and Responsibilities:

The role sits inside of a national security focused team within the bigger cybersecurity group.

The team has been in a pretty immature state for some time now as theyve struggled to get an initial policy and movement.

This person really needs to be able to think big about third party risk management across the organization and help design systems that will eventually be a program

This team is also in a somewhat internally competitive position with another team that operates in the compliance side of the group doing FedRAMP and SaaS security.

On a daytoday basis this person will be meeting with stakeholders across HHS and CMS. They will be working on policy. They will be directing and contributing to supplier risk reviews. They will be making tool decisions and working in TPRM tools as they try to weave all of this together into a program.

Location: Woodlawn MD MANDATORY

Required Travel: 0 10%

Security Clearance: TS/SCI ( optional)

Level of Experience: Senior

We are seeking a Hybrid Cyber Supply Chain Risk Management (CSCRM) Governance Lead. This position will focus on developing policies and procedures to structure a SCRM program intended to mitigate risks associated with the agencys supply chain and thirdparty vendors. This role involves creating and maintaining a comprehensive cyber risk management framework ensuring compliance with security standards and regulatory requirements and overseeing governance processes to protect the organizations assets and data. They will also work to develop and incorporate contract and acquisition policies with associated terms and conditions to ensure all agreements align with the agencys security standards and risk management objectives.

What You Will Do

Policy Creation and Governance:

  • Develop Comprehensive Cyber Supply Chain Policies:
  • Establish policies that define the security requirements and expectations for all supply chain partners and thirdparty vendors.
  • Ensure policies cover key areas such as data protection incident response access controls and secure software development.
  • Align policies with industry standards (e.g. NIST SP 800161) and regulatory requirements (e.g. GDPR CCPA).
  • Policy Implementation and Enforcement:
  • Develop procedures to enforce compliance with established policies.
  • Implement monitoring mechanisms to ensure adherence to policies and procedures.
  • Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes.
  • Continuous Improvement and Policy Updates:
  • Regularly review and update policies to address new threats and vulnerabilities.
  • Gather feedback from stakeholders to improve policy effectiveness.
  • Stay informed about industry best practices and regulatory changes to ensure policies remain current.

Risk Management Framework:

  • Design and Maintain Risk Management Framework:
  • Create a framework for identifying assessing and mitigating risks associated with the supply chain and thirdparty vendors.
  • Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers.
  • Develop risk mitigation strategies and action plans to address identified vulnerabilities.
  • Integrate Risk Management with Governance:
  • Ensure the risk management framework is integrated with governance processes to provide oversight and accountability.
  • Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities.

Governance and Oversight:

Establish Governance Committees:

  • Form and lead governance committees or working groups focused on thirdparty risk management.
  • Develop governance structures to ensure clear roles responsibilities and accountability.
  • Develop and Maintain Risk Registers: Create and maintain thirdparty risk registers to document and track identified risks.
  • Monitor and Report on Governance Activities:
  • Generate regular reports on the status of governance activities including policy compliance and risk management efforts.
  • Present findings and recommendations to senior leadership and relevant stakeholders.
  • Due Diligence and Onboarding:
  • Conduct thorough due diligence on potential vendors and thirdparty partners.
  • Ensure security requirements are integrated into vendor selection and onboarding. Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
  • Contract and Acquisition Policy Integration:
  • Develop and incorporate security and risk management requirements into contract and acquisition policies.
  • Ensure all vendor agreements and contracts include terms and conditions that align with the companys security standards and risk management objectives.
  • Review and update contract terms and conditions regularly to address evolving risks and regulatory requirements.

What We Are Looking For

  • 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
  • Bachelors degree in Cybersecurity Information Technology Business Administration or a related field.
  • Minimum of 10 years of experience in policy creation governance and risk management in supply chain or thirdparty risk management.
  • Strong knowledge of cybersecurity principles risk management frameworks and regulatory requirements (e.g. NIST ISO 27001 GDPR).
  • Experience developing and implementing risk management policies and governance frameworks.
  • Proven experience in integrating security requirements into contract/acquisition policies and managing terms/conditions in vendor agreements.
  • Excellent analytical problemsolving and communication skills.
  • Ability to work independently and as part of a team in a fastpaced environment.
  • Possess and maintain a current TSSCI clearance.

Preferred: Bonus Points For...

  • Familiarity with supply chain management and federal acquisition procurement processes.
  • Experience with governance risk and compliance (GRC) tools and software.
  • Knowledge of emerging threats and trends in cybersecurity and supply chain risk management.
  • Relevant certifications (CISSP CISM CRISC or CTPRP etc.)

Employment Type

Full Time

Company Industry

Key Skills

Register to Apply
Apply Now

About Company

MM International
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
Register for Free

Free AI Resume Review

Get Hired 3x Faster with free, confidential review from Ai resume review service.
Order Now

Resume, LinkedIn, Cover Letter

Elevate your professional profile with expertly crafted documents including your resume, LinkedIn profile, cover letter.
Start Now

Dr.Job AutoApply

3X your job search with AutoApply's AI for faster dream job results.
Learn More

Reverse Recruiting

Never apply for a job again. We apply and track jobs for you to find your perfect match.

Similar Jobs

Inpatient Pharmacist Night Lead

Inetercare Recruitment Llc - Burlington , VT

Protestant Lead Worship Musician - US Air Force Academy - Colorado Springs

Music Ministry International - Cade , LA

Data Management Specialist

Mendez England & Associates - Washington , IL

Identity and Access Management Engineer Expert

Omm It Solutions - Washington , IL

Identity and Access Management Engineer Senior Level

Omm It Solutions - Washington , IL

Team Lead Warehouse CLS 2nd Shift - Pleasant Prairie WI

Apl Logistics - Pleasant Prairie , WI

Repair Technician Lead

Stand-by Personnel - Tulsa , OK

Lead II - Enterprise Solutions

Tekwissen Llc - Saint Louis , MI
  1. Home
  2. Jobs In USA
  3. Cyber Supply Chain Risk Management CSCRM Governance Lead
About Drjobpro.com

Dr. Job is an online platform that connects employers with skilled job seekers, facilitating the search for job opportunities and top talent. Established in 2015. Dr. Job Pro has emerged as the world premier job portal, attracting thousands of job seekers every day from all over the world.

Follow Dr.Job

LinkedIn Drjobpro Facebook Drjobpro Twitter Drjobpro Instagram Drjobpro Youtube Drjobpro Tiktok Drjobpro SnapChat Drjobpro

Dr Job FZ LLC. 2024 © All Rights Reserved

Terms of Use Privacy Policy Cookie Policy

Company

About

How it Works

SiteMap

Contact Us

Blog

Popular Searches

Popular jobs in worldwide

Employer

Post Job Free

CV Search

ATS Partners

Job seeker

Job Seeker Login

Job Seeker Register

Search Jobs

AI Job interview

AutoApply

Free Resume Review

Resume Writing

Reverse Recruiting

Companies by Location

Jobs by Countries

Jobs In Saudi Arabia

Jobs In Kuwait

Jobs In Qatar

Jobs In Bahrain

Jobs In Egypt

Jobs In Jordan

Jobs in USA

Jobs in UK

Jobs in India

Change Country