Logistics Management Institute
Cyber Supply Chain Management Consultant
Logistics Management Institute, Baltimore, Maryland, United States, 21276
Cyber Supply Chain Management Consultant
LMI is seeking a skilled
Cyber Supply Chain Risk Management Policy, Strategy & Governance Lead
to work
hybridly
in
Woodlawn, MD.
Successful
Cyber Supply Chain Risk Management Policy, Strategy & Governance Leads
demonstrate competency in developing policies and procedures to structure a SCRM program intended to mitigate risks associated with the agency's supply chain and third-party vendors.LMI offers a generous compensation package with excellent benefits that start the first day of employment. Come join the #1 top ranked workplace by the Washington Post in 2021,
and 2024 Winner of Built In's Best Places to Work!Responsibilities
Responsibilities may include:Policy Creation and Governance :
Develop Comprehensive Cyber Supply Chain Risk Management Policies: Establish policies that define the security requirements and expectations for all supply chain partners and third-party vendors.Ensure policies cover key areas such as data protection, incident response, access controls, and secure software development.Align policies with industry standards (e.g., NIST SP 800-161) and regulatory requirements (e.g., GDPR, CCPA).
Policy Implementation and Enforcement :
Develop procedures to enforce compliance with established policies.Implement monitoring mechanisms to ensure adherence to policies and procedures.Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes.
Continuous Improvement and Policy Updates :
Regularly review and update policies to address new threats and vulnerabilities.Gather feedback from stakeholders to improve policy effectiveness.Stay informed about industry best practices and regulatory changes to ensure policies remain current.
Risk Management Framework :
Create a framework for identifying, assessing, and mitigating risks associated with the supply chain and third-party vendors.Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers.Develop risk mitigation strategies and action plans to address identified vulnerabilities.Ensure the risk management framework is integrated with governance processes to provide oversight and accountability.Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities.
Governance and Oversight :
Form and lead governance committees or working groups focused on third-party risk management.Develop governance structures to ensure clear roles, responsibilities, and accountability.Create and maintain third-party risk registers to document and track identified risks.Generate regular reports on the status of governance activities, including policy compliance and risk management efforts.Present findings and recommendations to senior leadership and relevant stakeholders.
Due Diligence and Onboarding :
Conduct thorough due diligence on potential vendors and third-party partners.Ensure security requirements are integrated into vendor selection and onboarding.Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
Qualifications
MINIMUM QUALIFICATIONS:15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.Minimum of 10 years of experience in policy creation, governance, and risk management in supply chain or third-party risk management.Strong knowledge of cybersecurity principles, risk management frameworks, and regulatory requirements (e.g., NIST, ISO 27001, GDPR).Experience developing and implementing risk management policies and governance frameworks.Proven experience in integrating security requirements into contract/acquisition policies and managing terms/conditions in vendor agreements.Excellent analytical, problem-solving, and communication skills.Ability to work independently and as part of a team in a fast-paced hybrid environment.Possess and maintain a current TS-SCI clearance.DESIRED SKILLSFamiliarity with supply chain management and federal acquisition procurement processes.Experience with governance, risk, and compliance (GRC) tools and software.Knowledge of emerging threats and trends in cybersecurity and supply chain risk management.
#J-18808-Ljbffr
LMI is seeking a skilled
Cyber Supply Chain Risk Management Policy, Strategy & Governance Lead
to work
hybridly
in
Woodlawn, MD.
Successful
Cyber Supply Chain Risk Management Policy, Strategy & Governance Leads
demonstrate competency in developing policies and procedures to structure a SCRM program intended to mitigate risks associated with the agency's supply chain and third-party vendors.LMI offers a generous compensation package with excellent benefits that start the first day of employment. Come join the #1 top ranked workplace by the Washington Post in 2021,
and 2024 Winner of Built In's Best Places to Work!Responsibilities
Responsibilities may include:Policy Creation and Governance :
Develop Comprehensive Cyber Supply Chain Risk Management Policies: Establish policies that define the security requirements and expectations for all supply chain partners and third-party vendors.Ensure policies cover key areas such as data protection, incident response, access controls, and secure software development.Align policies with industry standards (e.g., NIST SP 800-161) and regulatory requirements (e.g., GDPR, CCPA).
Policy Implementation and Enforcement :
Develop procedures to enforce compliance with established policies.Implement monitoring mechanisms to ensure adherence to policies and procedures.Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes.
Continuous Improvement and Policy Updates :
Regularly review and update policies to address new threats and vulnerabilities.Gather feedback from stakeholders to improve policy effectiveness.Stay informed about industry best practices and regulatory changes to ensure policies remain current.
Risk Management Framework :
Create a framework for identifying, assessing, and mitigating risks associated with the supply chain and third-party vendors.Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers.Develop risk mitigation strategies and action plans to address identified vulnerabilities.Ensure the risk management framework is integrated with governance processes to provide oversight and accountability.Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities.
Governance and Oversight :
Form and lead governance committees or working groups focused on third-party risk management.Develop governance structures to ensure clear roles, responsibilities, and accountability.Create and maintain third-party risk registers to document and track identified risks.Generate regular reports on the status of governance activities, including policy compliance and risk management efforts.Present findings and recommendations to senior leadership and relevant stakeholders.
Due Diligence and Onboarding :
Conduct thorough due diligence on potential vendors and third-party partners.Ensure security requirements are integrated into vendor selection and onboarding.Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
Qualifications
MINIMUM QUALIFICATIONS:15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.Minimum of 10 years of experience in policy creation, governance, and risk management in supply chain or third-party risk management.Strong knowledge of cybersecurity principles, risk management frameworks, and regulatory requirements (e.g., NIST, ISO 27001, GDPR).Experience developing and implementing risk management policies and governance frameworks.Proven experience in integrating security requirements into contract/acquisition policies and managing terms/conditions in vendor agreements.Excellent analytical, problem-solving, and communication skills.Ability to work independently and as part of a team in a fast-paced hybrid environment.Possess and maintain a current TS-SCI clearance.DESIRED SKILLSFamiliarity with supply chain management and federal acquisition procurement processes.Experience with governance, risk, and compliance (GRC) tools and software.Knowledge of emerging threats and trends in cybersecurity and supply chain risk management.
#J-18808-Ljbffr