https://static.builtin.com/cdn-cgi/image/f=auto,fit=scale-down,w=200,h=200/companies-assets/258439/logo/4d1dc441-159b-461c-8486-3df422abc5ab/company-logo-258439.png Logo

Navanti Group

Cybersecurity Supply Chain Risk Management Subject Matter Expert (Anticipated Position)

Posted 2 Days Ago
Be an Early Applicant
Arlington, VA, USA
In-Office
Mid level
Professional Services • Security • Analytics • Consulting
The Role
Provide subject-matter expertise to mature GSAs Cybersecurity Supply Chain Risk Management program by assessing current practices, improving risk assessments and questionnaires, developing frameworks, strategies, SOPs, and scoring methodologies, integrating C-SCRM into acquisition, advising on NIST SP 800-161 and emerging risks, and producing executive-ready deliverables.
Summary Generated by Built In
Location:
Remote / virtual support, aligned to Eastern Time core hours

Clearance Required:
Active Top Secret clearance with SCI eligibility

Position Summary:
The C-SCRM Subject Matter Expert will support GSA FAS/ASD in maturing its Cybersecurity Supply Chain Risk Management program from a compliance-focused model to a proactive, risk-informed enterprise capability. The SME will assess current C-SCRM practices, improve documentation and risk assessment processes, support strategy development, recommend scoring methodologies, develop practical C-SCRM guides, and advise stakeholders on cybersecurity, supplier risk, acquisition risk, and emerging technology considerations.

Key Responsibilities:
  • Lead assessment of current C-SCRM documentation practices and recommend standardized templates, naming conventions, version control practices, and collaboration processes
  • Review current vendor risk assessment processes covering supplier ownership, foreign influence, cybersecurity posture, product or service criticality, supply chain dependencies, and prohibited source risks
  • Develop recommendations for improving consistency, repeatability, accuracy, and usefulness of C-SCRM risk assessments
  • Review existing C-SCRM questionnaires and recommend improvements to question clarity, evidence collection, applicability, scoring, and risk-informed decision support
  • Develop or support development of a standardized C-SCRM Risk Assessment Framework
  • Support development of a C-SCRM Strategy and Implementation Plan, including priorities, governance approach, maturity objectives, roadmap, milestones, dependencies, and responsible parties
  • Assist with planning, coordination, tracking, and execution of C-SCRM projects
  • Develop C-SCRM guides, standard operating procedures, frameworks, briefings, and other written deliverables as requested
  • Support integration of C-SCRM into acquisition processes and stakeholder workflows
  • Provide expert analysis related to NIST SP 800-161, cybersecurity risk management, enterprise risk management, acquisition assurance, supplier risk, and emerging cybersecurity requirements
  • Support monthly status reporting, technical meetings, deliverable reviews, and Government stakeholder engagement
  • Work with minimal direction and produce executive-ready written products
Required Qualifications:
  • Minimum 3 years of experience establishing or supporting risk management programs, including C-SCRM
  • Demonstrated experience across the PWS task areas, including C-SCRM documentation, vendor risk assessment, questionnaire/scoring methodology, strategy development, and guide development
  • High-level cybersecurity or risk management certification, such as CISSP, CISM, or CRISC
  • Active Top Secret clearance with SCI eligibility
  • Strong knowledge of NIST SP 800-161, cybersecurity supply chain risk management, federal acquisition risk, and cyber risk frameworks
  • Strong written and oral communication skills
  • Ability to work independently with senior Government stakeholders
Preferred Qualifications:
  • Experience supporting GSA, DHS, DoD, IC, or other federal cybersecurity or acquisition programs
  • Experience with Section 889, FASCSA, supplier risk, foreign ownership/control/influence concerns, prohibited source analysis, or acquisition assurance
  • Experience developing federal SOPs, implementation plans, risk frameworks, scoring rubrics, stakeholder guides, and executive briefings
  • Familiarity with AI-enabled risk management, automation, post-quantum cryptography planning, continuous monitoring, and enterprise C-SCRM maturity models

Skills Required

  • Minimum 3 years establishing or supporting risk management programs including C-SCRM
  • Demonstrated experience with C-SCRM documentation, vendor risk assessment, questionnaire/scoring methodology, strategy and guide development
  • High-level cybersecurity or risk management certification (CISSP, CISM, or CRISC)
  • Active Top Secret clearance with SCI eligibility
  • Strong knowledge of NIST SP 800-161, cybersecurity supply chain risk management, federal acquisition risk, and cyber risk frameworks
  • Strong written and oral communication skills and ability to produce executive-ready written products
  • Ability to work independently with senior Government stakeholders
  • Experience supporting GSA, DHS, DoD, IC, or other federal cybersecurity or acquisition programs
  • Experience with Section 889, FASCSA, supplier risk, foreign ownership/control/influence, prohibited source analysis, or acquisition assurance
  • Experience developing federal SOPs, implementation plans, risk frameworks, scoring rubrics, stakeholder guides, and executive briefings
  • Familiarity with AI-enabled risk management, automation, post-quantum cryptography planning, continuous monitoring, and enterprise C-SCRM maturity models
View all jobs at Navanti Group
View Navanti Group Profile
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
88 Employees
Year Founded: 2008

What We Do

Navanti Group is an applied analytics firm dedicated to delivering real-time insight into economic, political, and security trends in complex and conflict-affected environments. Utilizing primary research and open-source analysis, they provide on-demand analytical reports to support clients, including U.S. government agencies, across Africa, the Arabian Peninsula, Central Asia, the Levant, and Eastern Europe to enable informed decision-making and strategic interventions.

Similar Jobs

Pluralsight Logo Pluralsight

Senior Director of Curriculum

Edtech • Information Technology • Software
Remote or Hybrid
USA
1000 Employees
190K-250K Annually

Mastercard Logo Mastercard

Manager, Data Engineering

Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Hybrid
Arlington, VA, USA
38800 Employees
161K-266K Annually

STR Logo STR

Lead Signal Processing Researcher

Machine Learning • Security • Software • Analytics • Defense
Easy Apply
In-Office or Remote
Arlington, VA, USA
800 Employees
173K-216K Annually

Navan Logo Navan

Consultant

Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Easy Apply
Remote or Hybrid
USA
3300 Employees
20-45 Annually

Similar Companies Hiring

Credal.ai Thumbnail
Credal.ai Logo

Credal.ai

Software • Security • Productivity • Machine Learning • Artificial Intelligence
Brooklyn, NY
Scotch Thumbnail
Scotch Logo

Scotch

Artificial Intelligence • eCommerce • Fintech • Payments • Retail • Software • Analytics
US
35 Employees
Milestone Systems Thumbnail
Milestone Systems Logo

Milestone Systems

Artificial Intelligence • Security • Software • Analytics • Big Data Analytics
Lake Oswego, OR
1500 Employees
View all jobs at Navanti Group
View Navanti Group Profile

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account