Cyber Security (SME) C-SCRM

Job Summary:

The Cybersecurity SME – C-SCR is responsible for supply chain risk management (C-SCRM) across the Department of Commerce (DOC) cybersecurity programs. This role involves evaluating supply chain threats, conducting risk assessments, developing security documentation, and ensuring compliance with federal cybersecurity requirements. The SME will work closely with technical, administrative, and executive personnel to identify supply chain vulnerabilities, assess risks, and map security controls to federal policies. Additionally, the role requires data analysis from multiple intelligence sources to inform decision-making and enhance supply chain security.

*This position is dependent upon contract award. Selected candidate must be onsite in Washington, DC.* 

Job Duties and Responsibilities:

• Supply Chain Risk Management (C-SCRM) & Compliance
• Ensure compliance with NIST SP 800-161, FISMA, Office of Management and Budget (OMB) directives, and other federal regulations related to supply chain risk management.
• Evaluate supply chain threats and develop mitigation strategies for DOC systems.
• Work with senior leadership and security teams to develop policies and best practices for managing supply chain risk.
• Provide expert analysis of third-party risk, vendor security controls, and acquisition cybersecurity requirements.
• Provide input for policies that pertain to C-SCRM. These efforts shall culminate into use of qualitative and quantitative performance metrics to measure, report on, and monitor the information security and supply chain risk performance of products, systems, and services provided by external service providers.
• Evaluate supplier risks through continuous monitoring practices for situational awareness of supply chain risks.
• Other duties as assigned.

Job Requirements (Education/Skills/Experience):

• Must have an active TS/SCI clearance. 
• Minimum 8 years of experience in Federal cybersecurity, including experience in supply chain risk management (C-SCRM), cybersecurity compliance, and risk assessments.
• Strong knowledge of NIST SP 800-161, FISMA, Risk Management Framework (RMF), and federal cybersecurity directives.
• Experience in assessing third-party/vendor security controls, supply chain vulnerabilities, and acquisition security requirements.
• Proficiency in supply chain risk assessment tools, security compliance frameworks, and threat intelligence analysis.
• Demonstrated ability to analyze complex security data and provide risk mitigation strategies.
• Experience in policy development, executive briefings, and cross-functional collaboration

• Education: Master’s degree in Cybersecurity, Enginering, Information Technology, or a related field. 

  System Tools Familiarity: Risk assessment and compliance tools, supply chain monitoring platforms, and data analytics tools. 

Desired:

• Experience working with DOC or similar federal agencies.
• Certifications such as CISSP, CISM, or CISA preferred.

Work Location:

• DOC Headquarters, Washington, DC

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.