LMI

Senior Cyber Supply Chain Management Consultant - TS/SCI Required

Job Locations US-MD-Baltimore
Posted Date 1 week ago(4/10/2024 4:45 PM)
Job ID
2024-10908
# of Openings
1
Category
Supply Chain

Overview

LMI is seeking a skilled Cyber Supply Chain Risk Management (C-SCRM) Sr. Consultant to work in a hybrid work environment that includes teleworking and being on site at the client site (Baltimore, MD). This role is crucial for advising government staff on supply chain risks, particularly those related to Information and Communications Technology (ICT) assets within the supply chain. The successful candidate will have a strong background in supply chain management, cybersecurity, and risk assessment methodologies, and will be adept at developing strategic responses to mitigate these risks. This is a hybrid position with partial onsite/partial telework permitted.

 

LMI: Innovation at the Pace of Need™

 

At LMI, we’re reimagining the path from insight to outcome at The New Speed of Possible™. Combining a legacy of over 60 years of federal expertise with our innovation ecosystem, we minimize time to value and accelerate mission success. We energize the brightest minds with emerging technologies to inspire creative solutioning and push the boundaries of capability. LMI advances the pace of progress, enabling our customers to thrive while adapting to evolving mission needs.

Responsibilities

  • Serve as advisor to government staff on supply chain risk, with a focus on cyber supply chain risk. This may include developing position papers or processes, leading discussions with staff, providing ad-hoc feedback or briefings.
  • Identify all CMS vendors/suppliers who have ICT products/services that connect to or traverse Centers for Medicare & Medicaid Services (CMS) networks. This includes analyzing active contracts lists (including subcontracts) and reviewing completed Information Security Certification forms.
  • Review/evaluate products against known threats, known exploitable vulnerabilities (KEVs), and Common Vulnerabilities and Exposures (CVEs).
  • Develop and maintain processes related to C-SCRM and ICT risk assessments
  • Analyze the data and convey the threat level to senior leadership along with a recommendation on how to best mitigate risk.
  • Evaluate and monitor software supplier adherence to Secure Software Development Framework (SSDF) attestations and other cybersecurity contractual requirements (especially for Executive Order defined critical software)
  • Review and evaluate software supplier SBOMs for supply chain risks.
  • Review and evaluate existing and prospective suppliers Service Organization Control (SOC) 2 reports
  • Review, evaluate, and continuously monitor prospective and existing supplier cyber hygiene, illuminated through 3rd party due diligence tools or other government tools.
  • Responsible for developing the supplier cyber evaluation portion of the supply chain risk assessment reports.
  • Collaborate and liason with CMS' cybersecurity staff  to gather relevant information to include in reports.
  • Identify resources used to conduct or enhance the SCRA assessment and collaborate with the government to obtain access.
  • Contribute to development and evaluation of pre-acquisition vendor/supplier questionnaires.
  • Contribute to the development of CMS C-SCRM policies and procedures required to operate an agency wide program, while incorporating stakeholder buy-in and alignment.
  • Assist with development and implementation of cyber-related supplier risk event/ incident responses.
  • Identify resources used to conduct or enhance the SCRA assessment and collaborate with the government to obtain access.

Qualifications

  • Bachelors degree in business administration, supply chain management, logistics, cybersecurity, information technology, or related field. Masters degree is preferred.
  • 6+ plus years’ experience in supply chain risk. Specific focus on cyber supply chain management (C-SCRM) is preferred.
  • Familiarity with cybersecurity practices to integrate cybersecurity and C-SCRM.
  • Knowledge of commercially available C-SCRM tools and proficiency in analyzing ICT products/services and understanding both supply chain risk and cybersecurity frameworks and standards.
  • Good quantitative and analytical skills 
  • Demonstrated ability to use MS Office Suite to include Word, PowerPoint, and Excel.
  • Superior communication skills, both oral and written 
  • High energy, enthusiasm, tact, ability to effectively interact with senior executives from Government and industry 
  • Ability to create and foster a cooperative work environment.
  • Self-directed, detail oriented in completing assigned tasks, able to adapt to changing work efforts and manage impact of shifting priorities.
  • Availability for occasional travel.
  • This position requires an active security clearance at the TS/SCI level. You must be a US citizen.

#LI-SH1

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed


LMI is an Equal Opportunity Employer. LMI is committed to the fair treatment of all and to our policy of providing applicants and employees with equal employment opportunities. LMI recruits, hires, trains, and promotes people without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, disability, age, protected veteran status, citizenship status, genetic information, or any other characteristic protected by applicable federal, state, or local law. If you are a person with a disability needing assistance with the application process, please contact accommodations@lmi.org

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.