LMI is seeking a skilled Cyber Supply Chain Risk Management Policy, Strategy & Governance Lead. Successful Cyber Supply Chain Risk Management Policy, Strategy & Governance Leads demonstrate competency in developing policies and procedures to structure a SCRM program intended to mitigate risks associated with the agency's supply chain and third-party vendors. This is a hybrid work opportunity, with 1-2 days per week expected on client site in Woodlawn, MD.
LMI is a consultancy dedicated to improving the business of government, drawing from deep expertise in advanced analytics, digital services, logistics, and management advisory services. Established in 1961, LMI is a trusted third party to federal civilian and defense agencies, free of commercial and political bias. We operate completely free of political and commercial bias, and we are entirely aligned with the goals of our clients. Our clients value our specialized services in logistics, intelligence, homeland security, health care, and energy and environment markets. We believe government can make a difference, and we seek talented, hardworking people who share that conviction.
LMI offers a generous compensation package with excellent benefits that start the first day of employment. Business casual dress, flex time, and tuition reimbursement are a few of our many work-life benefits available to our employees. Come join an organization consistently ranked as a tope workplace!
Responsibilities may include:
Policy Creation and Governance:
Develop Comprehensive Cyber Supply Chain Risk Management Policies:
• Establish policies that define the security requirements and expectations for all supply chain partners and third-party vendors.
• Ensure policies cover key areas such as data protection, incident response, access controls, and secure software development.
• Align policies with industry standards (e.g., NIST SP 800-161) and regulatory requirements (e.g., GDPR, CCPA).
Policy Implementation and Enforcement:
• Develop procedures to enforce compliance with established policies.
• Implement monitoring mechanisms to ensure adherence to policies and procedures.
• Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes.
Continuous Improvement and Policy Updates:
• Regularly review and update policies to address new threats and vulnerabilities.
• Gather feedback from stakeholders to improve policy effectiveness.
• Stay informed about industry best practices and regulatory changes to ensure policies remain current.
Risk Management Framework:
Design and Maintain Risk Management Framework:
• Create a framework for identifying, assessing, and mitigating risks associated with the supply chain and third-party vendors.
• Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers.
• Develop risk mitigation strategies and action plans to address identified vulnerabilities.
Integrate Risk Management with Governance:
• Ensure the risk management framework is integrated with governance processes to provide oversight and accountability.
• Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities.
Governance and Oversight:
Establish Governance Committees:
• Form and lead governance committees or working groups focused on third-party risk management.
• Develop governance structures to ensure clear roles, responsibilities, and accountability.
• Develop and Maintain Risk Registers: Create and maintain third-party risk registers to document and track identified risks.
Monitor and Report on Governance Activities:
• Generate regular reports on the status of governance activities, including policy compliance and risk management efforts.
• Present findings and recommendations to senior leadership and relevant stakeholders.
Due Diligence and Onboarding:
• Conduct thorough due diligence on potential vendors and third-party partners.
• Ensure security requirements are integrated into vendor selection and onboarding. Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
MINIMUM QUALIFICATIONS:
DESIRED SKILLS
#LI-SH1
Software Powered by iCIMS
www.icims.com