Cybersecurity Supply Chain Risk Management Analyst

Who We AreVigor, a Titan Company, is a values-driven, diversified industrial business operating in six locations with approximately 1,800 people in Oregon, Washington and Alaska. Built around a collection of powerful, unique assets and differentiated capabilities, Vigor excels at specialized shipbuilding, ship repair and handling important, complex projects in support of energy generation, our nation's infrastructure and national defense.With deep respect for people and the planet, Vigor strives to be a positive, regenerative force for good - environmentally, in the lives of our employees and in the community. We have built a positive culture that honors the work we do, the workers who do it, and the world we live in.POSITION SUMMARY:As a Cybersecurity Supply Chain Risk Management (C-SCRM) Analyst, you will be a key member of the Information Security team, reporting directly to the Information Security Director. Your primary responsibility will be to coordinate and conduct evaluations of Supply Chain vendor cyber risk management through the review of vendor cybersecurity questionnaire responses and interaction with Supply Chain vendors. You will work at the enterprise level, overseeing Supply Chain contractual and regulatory flow-downs across our multiple companies. Additionally, you will be building out a program to support our vendors that may need assistance with becoming compliant with NIST 800-171/CMMC and will provide them industry best practices. You will also monitor their cyber compliance posture under a centralized Supply Chain Risk Management Plan that you will develop, implement and manage.ESSENTIAL FUNCTIONS AND MAJOR RESPONSIBILITIES:Coordinate the review of vendor cybersecurity questionnaire responses.Conduct vendor interviews to identify posture and progress in relation to NIST SP 800-171 / CMMC compliance, document responses in the ERP system, and provide risk recommendations related to the sharing of Controlled Unclassified Information (CUI).Develop and implement the program to support supply chain vendors needing assistance with compliance.Develop and manage the Supply Chain Risk Management Plan in accordance with NIST SP 800-171r3 regulatory requirements.Core Competencies:Understand the requirements of, and have worked with, NIST SP 800-171 / CMMC and able to articulate requirements and evaluate vendor postures.Identify cybersecurity deficiencies, develop compliant risk mitigation strategies and effectively convey them to vendors.Evaluate, contribute to and technically write IT and Information Security governance.Stay informed on the latest security threats and recommend improvements to enterprise and vendor postures.Collaborate with colleagues, manage projects independently, and prioritize risk reduction efforts.JOB SCOPE:You will operate within general parameters but must exercise sound judgment and independent decision-making. This role includes the responsibility to oversee the implementation of Information Security measures in line with established government and contract mandates.KNOWLEDGE SKILLS AND ABILITIES:Familiarity with modern adversary tactics, cyber threat mitigation strategies and emerging security technologies. Understand and deliver best practice procedures and appropriate mitigating or remediating controls.Ability to perform technical security assessments of large, complex systems.Self-motivated with ability to operate independently and to adapt to a dynamic operating environment.Strong interpersonal skills for effective collaboration with customers, employees, and management.EDUCATION AND/OR EXPERIENCE:U.S. Citizenship.Experience with implementing, evaluating and/or auditing NIST 800-171/CMMC required.Role is hybrid in the greater Portland, Oregon. Candidate must reside in Oregon or Washington. Travel may occur up to 10%.5 years of experience with a Bachelor's degree in Computer Science, Engineering, Information Technology, Cybersecurity or equivalent, or 10 years of related technical experience (required).3+ years of experience in Information Security.Experience contributing to Information Security solutions, scope, and architecture.Significant experience with Information Security technologies, including vulnerability scanning tools, SIEMs, endpoint protection tools, DLP, and IDS/IPS tools.CERTIFICATES, LICENSES AND REGISTRATIONS:In accordance with

DoDD 8140.01 , candidate must possess at least one active qualifying professional certification for compliance with IAT Level III at time of hire.Vigor Values:Vigor expects all employees to enhance the atmosphere in which they work by living the Vigor Values every day.Truth:

We seek the truth, and we speak the truth.Responsibility:

We act on what we know is right.Evolution:

We seek mastery, and adapt to a changing world.Love:

We care about the people we work with, and the world we live in.At Vigor we offer a generous benefits package that includes:MedicalRXDentalVisionLifeAD&DLTDSTDEAPDiscretionary bonusTuition ReimbursementFSA (Medical, Childcare, Transportation)10 paid holidaysPTO401(k)Vigor and its wholly owned subsidiaries provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veterans, age, disability or genetics. In addition to federal law requirements, Vigor complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, benefits, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

#J-18808-Ljbffr