Logo
Cherokee Nation Businesses

Cybersecurity SCRM SME III Task Lead

Cherokee Nation Businesses, Richmond, VA


Job Description

Cybersecurity SME/SCRM SME III Task Lead

This position requires the ability to obtain a Public Trust

We are seeking a highly skilled and experienced Cybersecurity Subject Matter Expert (SME) and Supply Chain Risk Management (SCRM) Task Lead to provide high-level expertise in the analysis, design, integration, and implementation of complex cybersecurity solutions. The successful candidate will play a critical role in managing and governing the organization's cybersecurity SCRM program, proactively addressing supply chain risks in compliance with federal regulations. The SME will lead efforts in security risk assessments, documentation updates, and integration of supply chain risk concepts into the Information Security Continuous Monitoring (ISCM) program. Additionally, the SME will be responsible for driving the development of a Cyber Workforce Training, Education, and Awareness Program.

Please Note: This position is for future needs. If you are interested in a future with Cherokee Federal, APPLY TODAY! We are accepting applications.

Compensation & Benefits:
  • Estimated Starting Salary Range for Cyber Security SME/SCRM SME III ask Lead: $160,000 to $167,000
  • Pay commensurate with experience.
  • Full time benefits include Medical, Dental, Vision, 401K and other possible benefits as provided. Benefits are subject to change with or without notice.

Cyber Security SME/SCRM SME III Task Lead Responsibilities Include:
  • Serve as a subject matter expert in cybersecurity with a focus on supply chain risk management (SCRM), providing strategic guidance on complex cybersecurity challenges.
  • Manage and govern the organization's cybersecurity SCRM program, ensuring adherence to federal regulations and frameworks, including NIST SP 800-53 Rev. 5.
  • Update and enhance existing SCRM procedures to incorporate current best practices and proactively manage supply chain risks from a cybersecurity perspective.
  • Identify and prioritize supply chain vendors based on risk levels, with assessments tied to the services and products provided by third-party vendors.
  • Conduct security risk assessments of third-party vendors, identifying gaps in compliance with security requirements and controls.
  • Integrate security-related SCRM concepts into the organization's Information Security Continuous Monitoring (ISCM) efforts, particularly as part of the transition to NIST SP 800-53 Rev. 5.
  • Address supply chain risks including untrustworthy suppliers, counterfeit insertion, tampering, unauthorized production, theft, malicious code, and poor manufacturing practices throughout the Software Development Life Cycle (SDLC).
  • Support the implementation of OMB M-22-18 and integrate the Secure Software Development Framework into the SDLC and ISCM.
  • Develop and establish a Cyber Workforce Training, Education, and Awareness Program, including the creation of certificate pathways and the definition of training requirements for key cybersecurity roles.
  • Ensure accountability for cybersecurity training, including tracking and supporting employees in obtaining industry certifications and academic credentials.
  • Provide support to the Information System Security Officer (ISSO) function, including developing strategies for centralizing the ISSO support function and assisting with the development of Authority to Operate (ATO) packages.
  • Prepare and deliver senior management presentations, briefings, and reports as required.
  • Performs other job-related duties as assigned


Cyber Security SME/SCRM SME III Task Lead Experience, Education, Skills, Abilities requested:
  • Bachelor's degree in Cybersecurity, Information Technology, or a related field.
  • Minimum 8 years of experience in cybersecurity, including substantial experience with supply chain risk management (SCRM) and cybersecurity program management.
  • Possesses IAT Level III certification (CISSP, CISM, or equivalent) or similar certifications in a relevant technical or management discipline.
  • Expert knowledge of NIST SP 800-53 Rev. 5, supply chain cybersecurity, and risk management frameworks.
  • Proven experience with Information Security Continuous Monitoring (ISCM) and supply chain security concepts.
  • Experience supporting or leading the ISSO function, including ATO package development.
  • Knowledge of federal regulations, including OMB M-22-18 and other supply chain risk management mandates.
  • Strong ability to conduct security risk assessments and identify gaps in security requirements.
  • Excellent communication skills, with the ability to prepare and deliver presentations to senior management.
  • Demonstrated experience managing complex projects and leading cross-functional teams
  • Experience with the Secure Software Development Framework (SSDF) and integrating it into organizational processes preferred.
  • Familiarity with software supply chain risks, including addressing issues such as counterfeit products and malicious code preferred.
  • Experience establishing and managing workforce training programs focused on cybersecurity roles preferred.
  • Past applicable job experience may include, but is not limited to: Cyber Security Subject Matter Expert (SME), Security Risk Management Lead, or Cybersecurity Project Manager
  • Must pass pre-employment qualifications of Cherokee Federal


Company Information:

Cherokee United Services (CUS) is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about CUS, visit cherokee-federal.com.

#CherokeeFederal #LI-DNI

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Similar job titles
  • Cyber Security Subject Matter Expert (SME)
  • Security Risk Management Lead
  • Cybersecurity Project Manager
  • Information Assurance Task Lead
  • Cyber Risk Assessment Specialist

Keywords
  • Risk Assessment
  • Security Compliance
  • Incident Response
  • Threat Mitigation
  • Vulnerability Management

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.

Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.