Hybrid C-SCRM Policy and Governance Lead (Intelligence Analyst 5)

Woodlawn, MD, Maryland, United States

Apply now Apply later

Requisition Number: 21617 

Required Travel: 0 - 10% 

Employment Type: Full Time/Salaried/Exempt

Anticipated Salary Range: $118,635.00 - $175,000.00 

Security Clearance: Secret  

Level of Experience: Mid HI

 

This opportunity resides with Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR), a business group within HII’s Mission Technologies division. From towers to processors, we design, develop, integrate and manage the sensors, systems and other assets necessary to support integrated intelligence, surveillance and reconnaissance (ISR) operations, exploitation and analysis for the Intelligence Community, the military services, geographic and functional combatant commands and DoD agencies. 

 

Meet HII’s Mission Technologies Division
Our team of more than 7,000 professionals worldwide delivers all-domain expertise and advanced technologies in service of mission partners across the globe. Mission Technologies is leading the next evolution of national defense – the data evolution - by accelerating a breadth of national security solutions for government and commercial customers. Our capabilities range from C5ISR, AI and Big Data, cyber operations and synthetic training environments to fleet sustainment, environmental remediation and the largest family of unmanned underwater vehicles in every class. Find the role that’s right for you. Apply today. We look forward to meeting you.

 

To learn more about Mission Technologies, click here for a short video: https://vimeo.com/732533072 

 

Who We Are

HII - Mission Technologies seeks a full-time Cyber Supply Chain Risk Management (C-SCRM) Policy and Governance Lead to support the Centers for Medicare and Medicaid Services’ (CMS) in Woodlawn, Maryland.  This is a hybrid work position with the potential to work 3 days on-site and 2 days remotely. This CMS effort supports technology development, threat analysis, operations integration, training support, data analytics support, and technology transition assistance.

What You Will Do

Policy Creation and Governance: 
Develop Comprehensive Cyber Supply Chain Policies: 
•    Establish policies that define the security requirements and expectations for all supply chain partners and third-party vendors. 
•    Ensure policies cover key areas such as data protection, incident response, access controls, and secure software development. 
•    Align policies with industry standards (e.g., NIST SP 800-161) and regulatory requirements (e.g., GDPR, CCPA). 
Policy Implementation and Enforcement: 
•    Develop procedures to enforce compliance with established policies. 
•    Implement monitoring mechanisms to ensure adherence to policies and procedures. 
•    Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes. 
Continuous Improvement and Policy Updates: 
•    Regularly review and update policies to address new threats and vulnerabilities. 
•    Gather feedback from stakeholders to improve policy effectiveness. 
•    Stay informed about industry best practices and regulatory changes to ensure policies remain current. 
Risk Management Framework: 
Design and Maintain Risk Management Framework: 
•    Create a framework for identifying, assessing, and mitigating risks associated with the supply chain and third-party vendors. 
•    Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers. 
•    Develop risk mitigation strategies and action plans to address identified vulnerabilities. 
Integrate Risk Management with Governance: 
•    Ensure the risk management framework is integrated with governance processes to provide oversight and accountability. 
•    Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities. 
Governance and Oversight: 
Establish Governance Committees: 
•    Form and lead governance committees or working groups focused on third-party risk management. 
•    Develop governance structures to ensure clear roles, responsibilities, and accountability. 
•    Develop and Maintain Risk Registers: Create and maintain third-party risk registers to document and track identified risks. 
Monitor and Report on Governance Activities: 
•    Generate regular reports on the status of governance activities, including policy compliance and risk management efforts. 
•    Present findings and recommendations to senior leadership and relevant stakeholders. 
Due Diligence and Onboarding: 
•    Conduct thorough due diligence on potential vendors and third-party partners.
•    Ensure security requirements are integrated into vendor selection and onboarding. Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
Contract and Acquisition Policy Integration: 
•    Develop and incorporate security and risk management requirements into contract and acquisition policies. 
•    Ensure all vendor agreements and contracts include terms and conditions that align with the company’s security standards and risk management objectives. 
•    Review and update contract terms and conditions regularly to address evolving risks and regulatory requirements. 

What We Are Looking For

  • 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
  • Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field. 
  • Minimum of 10 years of experience in policy creation, governance, and risk management in supply chain or third-party risk management. 
  • Strong knowledge of cybersecurity principles, risk management frameworks, and regulatory requirements (e.g., NIST, ISO 27001, GDPR). 
  • Experience developing and implementing risk management policies and governance frameworks. 
  • Proven experience in integrating security requirements into contract/acquisition policies and managing terms/conditions in vendor agreements. 
  • Excellent analytical, problem-solving, and communication skills. 
  • Ability to work independently and as part of a team in a fast-paced environment.
  • Possess and maintain a current SECRET clearance.

Preferred: Bonus Points For...

  • Familiarity with supply chain management and federal acquisition procurement processes. 
  • Experience with governance, risk, and compliance (GRC) tools and software. 
  • Knowledge of emerging threats and trends in cybersecurity and supply chain risk management. 
  • Relevant certifications (CISSP, CISM, CRISC, or CTPRP, etc.)

#LI-DK1

HII is more than a job - it’s an opportunity to build a new future. We offer competitive benefits such as best-in-class medical, dental and vision plan choices; wellness resources; employee assistance programs; Savings Plan Options (401(k)); financial planning tools, life insurance; employee discounts; paid holidays and paid time off; tuition reimbursement; as well as early childhood and post-secondary education scholarships. Bonus/other non-recurrent compensation is occasionally offered for qualified positions, and if applicable to this role will be addressed by the recruiter at the screening phase of application.

 

Why HII
We build the world’s most powerful, survivable naval ships and defense technology solutions that safeguard our seas, sky, land, space and cyber. Our diverse workforce includes skilled tradespeople; artificial intelligence, machine learning (AI/ML) experts; engineers; technologists; scientists; logistics experts; and business administration professionals.

 

Recognized as one of America’s top large company employers, we are a values and ethics driven organization that puts people’s safety and well-being first. Regardless of your role or where you serve, at HII, you’ll find a supportive and welcoming environment, competitive benefits, and valuable educational and training programs for continual career growth at every stage of your career.

 

Together we are working to ensure a future where everyone can be free and thrive.
Today’s challenges are bigger than ever, and the nation needs the best of us. It’s why we’re focused on hiring, developing and nurturing our diversity. We believe that diversity among our workforce strengthens the organization, stimulates creativity, promotes the exchange of ideas and enriches the work lives of all our employees. 

 

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

 

Do You Need Assistance? 
If you need a reasonable accommodation for any part of the employment process, please send an e-mail to buildyourcareer@hii-co.com and let us know the nature of your request and your contact information. Reasonable accommodations are considered on a case-by-case basis. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address. Additionally, you may also call 1-844-849-8463 for assistance. Press #3 for HII Mission Technologies.

Apply now Apply later
Job stats:  0  0  0

Tags: Analytics Artificial Intelligence Big Data C CCPA CISM CISSP Clearance Compliance CRISC Data Analytics DoD GDPR Governance Incident response ISO 27001 KPIs Machine Learning Monitoring NIST PhD Risk assessment Risk management RMF Security Clearance Surveillance Vendor management Vulnerabilities

Perks/benefits: Career development Competitive pay Health care Insurance Salary bonus Startup environment Wellness

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.