Supply Chain Risk Management (SCRM) Analyst

About

This role focuses on identifying, analyzing, and managing cybersecurity, compliance, and operational risks across defense suppliers, with a strong emphasis on software and technology supply chains.

Responsibilities

• Identify and assess risks in defense suppliers, systems, and software components
• Evaluate vendors for cybersecurity posture, compliance, and reliability
• Ensure adherence to federal regulations (NIST 800-53, DFARS, FAR, NDAA restrictions, etc.)
• Monitor supplier environments for vulnerabilities, changes, and emerging risks
• Produce risk assessments, reports, and recommendations for leadership and stakeholders
• Collaborate with engineering, procurement, and security teams to mitigate identified risks
• Support improvements to the organization’s supply chain risk management framework and processes

Requirements

• U.S. citizen with active Secret clearance (TS eligibility required)
• Bachelor’s degree
• 3–5 years of experience in defense, cybersecurity, supply chain risk, or related fields
• Strong understanding of software supply chain security and defense industry compliance frameworks
• Familiarity with NIST 800-53, DFARS, FAR, and NDAA requirements
• Strong analytical, communication, and reporting skills

Company Description

GCR Professional Services is an engineering and information technology staffing firm (direct-hire, consultants, contract-to-hire).