SCRM / Emerging Technology Security Analyst

About

We are seeking an SCRM / Emerging Technology Security Analyst to support a Washington, DC-based contract opportunity. This role will support cybersecurity supply chain risk management, emerging technology security reviews, third-party risk analysis, technology risk assessments, and integration of supply chain security activities into broader risk and compliance processes.

The ideal candidate will have experience supporting supply chain risk management, vendor risk reviews, technology assessments, cybersecurity compliance, and risk reporting. This individual will work with cybersecurity, procurement, legal, privacy, compliance, architecture, engineering, and business stakeholders to assess and document risks associated with vendors, software, hardware, cloud services, managed services, and emerging technologies.

Responsibilities

• Support Supply Chain Risk Management activities for vendors, third-party providers, software, hardware, cloud services, managed services, and emerging technologies.
• Conduct cybersecurity risk assessments for new and existing technologies, products, platforms, services, and vendor solutions.
• Review vendor security documentation, questionnaires, compliance artifacts, architecture information, and technical evidence.
• Analyze supply chain risks related to software dependencies, hardware components, cloud services, managed service providers, open-source software, and external technology providers.
• Support emerging technology security reviews for artificial intelligence, automation tools, cloud-native services, IoT, operational technology, and other technology initiatives.
• Identify security risks, compliance gaps, data protection concerns, and control weaknesses.
• Coordinate with procurement, legal, privacy, cybersecurity, compliance, architecture, engineering, and business stakeholders.
• Document risk findings, mitigation recommendations, compensating controls, exceptions, and risk acceptance decisions.
• Maintain tracking records for vendor risks, technology risks, remediation actions, and risk decisions.
• Prepare risk reports, trend analysis, dashboards, assessment summaries, and stakeholder briefing materials.
• Support audit readiness and compliance reporting related to supply chain risk management and third-party security.

Qualifications

• Experience in cybersecurity, supply chain risk management, third-party risk management, vendor risk, governance, risk, compliance, security assessment, or technology risk.
• Understanding of cybersecurity supply chain risks, vendor risk management, third-party reviews, and technology risk assessment processes.
• Ability to assess security risks related to software, hardware, cloud services, managed services, emerging technologies, and external providers.
• Experience reviewing security questionnaires, vendor documentation, compliance reports, policies, procedures, architecture diagrams, or technical evidence.
• Ability to identify control gaps, document findings, recommend mitigations, and support risk acceptance processes.
• Strong written communication, documentation, analytical, research, and stakeholder coordination skills.

Preferred Certifications

Candidates should possess or be working toward a relevant cybersecurity, risk management, compliance, audit, supply chain risk, or security operations certification. Preferred certifications include:

• Security+
• CISSP
• CISA
• CISM
• CRISC
• Certified Third Party Risk Professional
• Certified Third Party Risk Assessor
• GSEC
• GCCC
• ITIL Foundation
• Relevant cloud security, privacy, audit, risk, or governance certifications

Preferred Experience

• Experience supporting government, public sector, or regulated cybersecurity environments.
• Familiarity with NIST, FISMA, FedRAMP, CISA guidance, CIS Controls, ISO 27001, SOC 2, or similar frameworks.
• Experience with software supply chain security, SBOM concepts, open-source software risk, vendor dependency risk, and secure software development.
• Experience reviewing SaaS platforms, cloud service providers, managed service providers, enterprise software, and infrastructure vendors.
• Familiarity with GRC, third-party risk, procurement, and workflow tools such as ServiceNow, Archer, OneTrust, ProcessUnity, Prevalent, Jira, or SharePoint.

Benefits

• Flexible schedule
• Paid time off

Work Location

Hybrid remote in Washington, DC 20586