Job Description
Who We Are: The Purchasing Program Compliance Group's Cybersecurity Office is responsible for vetting vendors for cybersecurity compliance, and ensuring that all procurement processes align with federal CMMC requirements. This position requires strong communication skills, problem-solving abilities, and a deep understanding of supply chain management and cybersecurity regulations. Objectives of this Role: Associate Specialist/Specialist position to perform supply chain cybersecurity risk management and ensure supply chain compliance with government cybersecurity requirements. Monitor cybersecurity surveys, review files produced for audit, and assist with training the Purchasing Department and technical division staff. Ensure effective supply chain cyber risk management in accordance with internal and regulatory requirements. Oversee Supply Chain Cybersecurity Compliance to ensure alignment with Federal Government requirements, including Supply Chain Cyber Risk Management (SCRM). Manage and monitor the entire SCRM lifecycle, identify, mitigate, and document risk throughout the process. Attend/ participate in meetings, incl. virtual, conferences, and working groups related to the Cybersecurity Maturity Model Certification (CMMC) and other Federal Government cybersecurity requirements. Help develop and maintain policies and procedures and other process documents. Contribute to increasing awareness of supply chain cyber risk management through training for Purchasing and non-Purchasing staff. Continuously monitor suppliers to ensure compliance, identify issues, and work with suppliers and internal stakeholders to manage timely remediation. Daily and Monthly Responsibilities: Submit surveys to suppliers to determine compliance with Federal Government cybersecurity requirements. Receive, analyze, and interpret supplier survey responses. Communicate survey results to stakeholders and management as needed. Regularly monitor and stay updated on CMMC rules and regulations, while providing training and guidance to purchasing and technical staff to ensure compliance and understanding. Draft contract language as needed to ensure compliance, and maintain standard language approved by Legal in a central repository. Support DCMA cybersecurity assessments of Purchasing processes, and help develop corrective action plans in the event of findings. Perform daily administrative tasks to document and maintain Purchasing Cybersecurity vendor records, ensuring vendor compliance statuses are accurate, organized, and audit-ready for both internal and external reviews. Develop a deep understanding of the risk landscape for supply chain cybersecurity, and gain a good understanding of how to prioritize and protect against these threats from a procurement standpoint through approved training and online research. Other duties as assigned. Requirements: Requires a Bachelors degree in Supply Chain Management, Business Administration, Cybersecurity, or a related field. 1-5 years: Exceptional organizational skills, with the ability to manage multiple priorities in a fast-paced environment. Strong problem-solving skills with a proactive, detail-oriented approach to mitigating supply chain risks. Excellent written and verbal communication skills. 1-5 years: Proven ability to work collaboratively with cross-functional teams, leveraging strong interpersonal skills to build relationships, facilitate teamwork, and drive successful outcomes in a dynamic and fast-paced environment. Proven ability to design and conduct effective training. 1-5 years: Must have advanced skills Microsoft Office Suite (Excel, Word, PowerPoint, Outlook, and Teams), with advanced skills in Excel (e.g., pivot tables, VLOOKUP, and data analysis) as well as experience in Adobe Acrobat, with strong skills in creating, editing, and formatting. A valid/clear driver's license is required.