Cyber-Supply Chain Risk Management (C-SCRM) SME Analyst

This Department of War enterprise data and analytics program delivers mission‑critical capabilities that enable leaders across the Department to make faster, better‑informed decisions using trusted data at scale. Leidos Digital Modernization sector seeks an experienced SCRM Analyst SME to support the delivery, enhancement, and adoption of enterprise data and analytics products used across multiple DoD organizations. The role works alongside government partners, engineers, and industry teammates to translate operational and strategic requirements into scalable, production‑ready solutions. Primary Responsibilities Conduct comprehensive Cyber Supply Chain Risk Assessments on systems, products, and suppliers to identify vulnerabilities, foreign influence, and compliance gaps. Monitor program adherence to all applicable supply‑chain policies, federal regulations, Executive Orders, and Office of Management and Budget (OMB) memorandums. Ensure continuous compliance with National Institute of Standards and Technology (NIST) guidelines and statutory requirements such as NDAA Section 889 Parts A and B. Provide risk findings and mitigation recommendations to leadership to safeguard the integrity, security, and reliability of the supply chain. Provide subject matter expertise in DoD Supply Chain Risk Management (SCRM) to implement, expand, and mature an end‑to‑end SCRM program. Support the development and continued refinement/updates of Mission Assurance policy. Produce and present briefings of findings and prepare minutes, after‑action reports, trip reports, and other required documentation. Support SCRM commercial assessments of networks, network availability, and relevant hardware to protect DoD's mission‑critical functions. Capture specific information from the PMO and submit that information as a Request for Information (RFI) to the appropriate entity to support SCRM Counter‑Intelligence (CI) risk‑management analysis. Gather requirements and develop SCRM RFIs. Project‑manage the SCRM Threat Analysis Center (TAC) RFI queue (informal inquiries, quick‑turn reports, formal TAC RFIs). Support implementation of SCRM processes and policies. Support periodic collection of SCRM internal process metrics in accordance with SCRM SOPs/CONOPS. Support the implementation of the SCRM program strategy and associated training, procedures, and other support related to supply‑chain risk management. Conduct evaluations and prepare reports detailing potential foreign influence or threats to DoD supply chains. Prepare risk‑assessment products in accordance with guidance from the Government Program lead, following SCRM SOPs and CONOPS. Maintain active lines of communication with the MA/SCRM liaison at the Government. Integrate with the ConMon dashboard to ensure visibility of FOCI, SBOM, and attestations. Basic Qualifications Top Secret clearance with SCI eligibility. Bachelor’s degree and 12+ years of experience; or equivalent experience in lieu of a degree. Knowledge of DoD SCRM standards, including DoDI 5200.44, NIST 800‑161, and NIST 800‑53A. Demonstrated ability to communicate with senior government customers and influence across multiple organizational levels. Experience developing SBOM and HBOM analyses and in end‑to‑end cyber supply‑chain risk assessment. Proficiency with GRC tools such as eMASS and general cybersecurity experience. Fundamental project‑management skills. In‑depth analysis of C‑SCRM, Zero Trust capabilities, infrastructure, and architecture. 8+ years of team and/or operational leadership experience. 10+ years of experience in USG cyber risk management, assessments and authorizations (A&A), and use of NIST Special Publications (e.g., SP‑800‑30, SP‑800‑37, SP‑800‑53). 10+ years of experience designing and engineering enterprise IT solutions within the USG using NIST SP suites (e.g., SP‑800‑60, SP‑800‑64, etc.). Certifications in cybersecurity (e.g., Security+, CISM). Preferred: Certifications such as CISSP, CISM, ERAI, or CASP. Preferred Qualifications Active TS/SCI clearance. Master’s degree in supply‑chain management, engineering, cybersecurity, or another technical discipline. Project Management experience or PMP certification. Experience with core Systems Engineering disciplines (Requirements, Schedule, Risk, Readiness, System Closure). Commitment and Diversity All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws. Pay Range: 131,300–237,350USD. Compensation includes base salary plus health and wellness programs, income protection, paid leave, and retirement benefits. #J-18808-Ljbffr Leidos LLC