Everforth ECS is seeking a Supply Chain Risk Management Audit Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Supply Chain Risk Management Audit Analyst supports WDP's enterprise SCRM program by conducting structured, evidence-based security assessments of third-party vendor documentation and audit artifacts across classified and unclassified environments. This role directly strengthens WDP's mission assurance posture by evaluating vendor compliance, surfacing supply chain risk conditions, and maintaining audit-ready evidence packages that support RMF authorization decisions and government oversight requirements across the full WDP software and services portfolio.
• Performs detailed supply chain security review activities supporting DoW information systems across unclassified and classified environments.
• Conducts structured analysis of third-party vendor security documentation, evaluating cybersecurity controls, governance practices, and risk management approaches against DoW and federal requirements.
• Reviews independent audit artifacts including SOC reports, ISO certifications, penetration test summaries, and vendor attestations to assess adequacy of security safeguards and control implementation.
• Validates vendor responses to security questionnaires, due diligence requests, and contractual security clauses, identifying gaps, inconsistencies, and residual risk conditions.
• Coordinates with Supply Chain Risk Management leadership, contracting personnel, system owners, and cybersecurity teams to document findings and support remediation planning.
• Tracks vendor security deficiencies, corrective actions, and closure status within risk registers, assessment repositories, and continuous monitoring dashboards.
• Prepares assessment summaries, deficiency reports, and supporting documentation for Risk Management Framework activities, authorization decisions, and leadership briefings.
• Maintains organized evidence packages within SharePoint and approved document management systems to support audits and inspections.
• Monitors emerging supply chain threats, government advisories, and policy updates to inform assessment criteria and review focus areas.
• Contributes to improved third-party risk visibility, stronger vendor accountability, and sustained mission assurance while reinforcing program values of diligence, transparency, consistency, and disciplined risk oversight.
• Performs other duties as assigned.
• Current Secret security clearance.
• A minimum of 3 years of experience in supply chain risk management, third-party security assessment, cybersecurity compliance, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated ability to evaluate vendor security documentation and produce audit-ready assessment artifacts in support of RMF authorization activities.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Skills Required
- 3 years of experience in supply chain risk management or cybersecurity compliance
- Current Secret security clearance
- Active IAM Level I certification
ECS Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ECS and has not been reviewed or approved by ECS.
-
Healthcare Strength — ECS advertises multiple national-network medical plan options with HSA eligibility alongside dental and vision coverage. Coverage generally begins quickly and is paired with company-paid short- and long-term disability, adding stability to the health package.
-
Retirement Support — A 401(k) with Safe Harbor and immediate vesting on employer contributions is emphasized, with an employer match available. Access to an employee stock purchase plan via the parent company provides an additional savings avenue.
-
Parental & Family Support — Paid parental leave up to 30 days, adoption assistance, and other family-oriented leaves are highlighted. Feedback suggests these offerings add meaningful value beyond base pay for many roles.
ECS Insights
What We Do
ECS, a segment of ASGN (NYSE: ASGN), delivers advanced solutions and services in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, and science and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,400 employees throughout the U.S. and has been recognized as a Top Workplace by The Washington Post for the last five years.
