Logo
PKH Enterprises

Cybersecurity SCRM Analyst Job at PKH Enterprises in Washington

PKH Enterprises, Washington, DC, US


Job Description

Job Description

*This opportunity is remote with occasional meetings onsite, candidates must be in the National Capital Region

Job Title: Subject Matter Expert – Cyber Security – (Intermediate) / SCRM Analyst

Job Summary: We are seeking a highly knowledgeable and experienced Cybersecurity Subject Matter Expert (SME) and Supply Chain Risk Management (SCRM) Analyst to provide expert-level systems analysis, design, integration, and implementation advice on complex cybersecurity challenges, with a specific focus on managing supply chain risks. The successful candidate will contribute to all phases of study development, assist with SCRM program management efforts, and conduct security risk assessments of third-party vendors. Additionally, the Analyst will play a critical role in enhancing cybersecurity awareness through training programs and ensuring adherence to federal regulations, including NIST SP 800-53 Rev. 5 and OMB M-22-18.

Key Responsibilities:

  • Provide high-level analysis, design, and integration advice on complex cybersecurity challenges, particularly within the realm of supply chain risk management (SCRM).
  • Assist the SCRM Task Lead with managing and governing the organization’s cybersecurity SCRM program, ensuring that procedures are up-to-date and aligned with federal regulations.
  • Identify and categorize supply chain vendors into risk levels based on services and products provided and conduct thorough security risk assessments to identify gaps against security controls and requirements.
  • Develop and maintain a framework for proactively managing cybersecurity supply chain risks, addressing issues such as counterfeit insertion, tampering, unauthorized production, theft, and insertion of malicious code throughout the Software Development Life Cycle (SDLC).
  • Integrate SCRM concepts into the organization’s Information Security Continuous Monitoring (ISCM) program, as part of the transition to NIST SP 800-53 Rev. 5.
  • Support the implementation of OMB M-22-18 and assist in integrating the Secure Software Development Framework (SSDF) into the SDLC and ISCM processes.
  • Establish and contribute to a Cyber Workforce Training, Education, and Awareness Program, including the creation of certificate pathways for key cybersecurity roles, with a focus on setting training requirements and ensuring accountability.
  • Assist the customer in developing and maintaining a well-trained cybersecurity workforce that can achieve and maintain necessary industry certifications and academic credentials.
  • Support the Information System Security Officer (ISSO) function by assisting in the development of Authority to Operate (ATO) packages and strategizing ways to centralize the ISSO support function.
  • Prepare and deliver senior management presentations, reports, and briefings on the progress of cybersecurity initiatives, SCRM efforts, and workforce development.

Qualifications:

  • Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
  • Minimum 5 years of experience in cybersecurity, with a focus on supply chain risk management (SCRM) and cybersecurity program management.
  • Possesses IAT Level II certification (e.g., CompTIA Security+, GIAC, or equivalent).
  • Strong understanding of NIST SP 800-53 Rev. 5, federal cybersecurity regulations, and supply chain risk management frameworks.
  • Experience conducting security risk assessments for third-party vendors and identifying compliance gaps.
  • Familiarity with the Information Security Continuous Monitoring (ISCM) process and the integration of SCRM concepts into cybersecurity frameworks.
  • Ability to manage complex projects and collaborate with cross-functional teams to achieve cybersecurity goals.
  • Experience supporting the ISSO function and developing ATO packages.
  • Strong written and verbal communication skills, with the ability to present complex technical information to both technical and non-technical audiences.

Preferred Skills:

  • Experience with Secure Software Development Framework (SSDF) and its integration into organizational processes.
  • Familiarity with the implementation of OMB M-22-18 and other federal cybersecurity regulations.
  • Proven track record of managing and maintaining cybersecurity workforce training programs, including certification tracking and development.

 

Company Description
PKH Enterprises (PKH) is a small, woman-owned professional services firm dedicated to helping clients address challenging policy and technology issues. The PKH team is comprised of professionals with varied backgrounds combining legal, policy and technical expertise and offers the services and experience of business process engineers, senior subject matter experts and certified project managers. Our diverse capabilities help our clients improve performance and achieve innovative solutions to their most complex business problems. Our clients turn to us as partners and trusted advisors, and depend on our ability to anticipate, recognize and address their specific needs. PKHE has a reputation for excellence and remains dedicated to generating successful results for tasks at all levels of project execution.

To all recruitment agencies: PKH Enterprises does not accept unsolicited agency resumes/CVs. PKH Enterprises is not responsible for any fees related to unsolicited resumes/CVs.

PKH Enterprises is an Equal Op

Company Description

PKH Enterprises (PKH) is a small, woman-owned professional services firm dedicated to helping clients address challenging policy and technology issues. The PKH team is comprised of professionals with varied backgrounds combining legal, policy and technical expertise and offers the services and experience of business process engineers, senior subject matter experts and certified project managers. Our diverse capabilities help our clients improve performance and achieve innovative solutions to their most complex business problems. Our clients turn to us as partners and trusted advisors, and depend on our ability to anticipate, recognize and address their specific needs. PKHE has a reputation for excellence and remains dedicated to generating successful results for tasks at all levels of project execution.\r\n\r\nTo all recruitment agencies: PKH Enterprises does not accept unsolicited agency resumes/CVs. PKH Enterprises is not responsible for any fees related to unsolicited resumes/CVs.\r\n\r\nPKH Enterprises is an Equal Op