ASRC Federal is seeking a Cybersecurity Supply Chain Risk Management to join our team at DMDC. In this critical role, you will oversee the development and maintenance of a Software Bill of Materials (SBoM) to ensure the organization’s software supply chain complies with cybersecurity standards. You will lead the implementation and management of the Sonatype SBoM tool, perform regular software security scans, and collaborate with key stakeholders to mitigate risks associated with software dependencies and supply chain vulnerabilities. This position will require collaboration across multiple teams to ensure the security and compliance of the software supply chain and the ongoing management of supply chain risks. The ideal candidate will have strong expertise in supply chain cybersecurity, vendor management, and risk mitigation strategies.
Key Responsibilities:
Develop and maintain a comprehensive Software Bill of Materials (SBoM) for the organization. Implement and manage the Sonatype SBoM tool, ensuring accurate tracking of software components. Perform regular analysis of SBoM scans, ensuring secure integration of software libraries and dependencies. Collaborate with legal and compliance teams to ensure open-source software adheres to licensing requirements. Lead supply chain risk management efforts, ensuring unauthorized or risky software components are not integrated into systems. Work with program owners to guide decisions on software integration and migration, such as transitioning frameworks (e.g., Angular to Spring). Develop and maintain a risk register for supply chain risks, identifying critical suppliers and high-risk areas. Establish and enforce security controls, policies, and procedures to mitigate supply chain risks. Lead efforts to implement risk mitigation strategies, including vendor audits and continuous monitoring. Conduct due diligence of suppliers, ensuring adherence to cybersecurity standards and best practices. Manage relationships with vendors, focusing on improving supply chain resilience and resolving cybersecurity issues. Support audits and maintain documentation related to supply chain cybersecurity compliance. Stay informed on the latest regulations and best practices in supply chain cybersecurity and integrate them into organizational processes. Required Qualifications: Active secret clearance is required Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field. Equivalent work experience may be considered. Demonstrate and maintain knowledge to meet DOD 8140 requirements through education, training, or personnel certification such as but not limited to an active DoD 8570 IA baseline security certification 8+ years of experience in information technology/cybersecurity operations Experience with supply chain risk management in the context of software development and cybersecurity. Familiarity with Sonatype tools and SBoM concepts. Strong understanding of open-source software licensing models and compliance Familiarity with supply chain technologies and their potential cybersecurity risks. Knowledge of cybersecurity practices, especially in a DoD context