Hybrid C-SCRM Policy and Governance Lead (Intelligence Analyst 5) - 20990
Date: Nov 2, 2024
Location: Woodlawn, MD, Maryland, United States
Company: HII's Mission Technologies division
Requisition Number: 20990
Required Travel: 0 - 10%
Employment Type: Full Time/Salaried/Exempt
Anticipated Salary Range: $118,635.00 - $169,000.00
Security Clearance: TS/SCI
Level of Experience: Senior HI
This opportunity resides with Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR), a business group within HII’s Mission Technologies division. From towers to processors, we design, develop, integrate and manage the sensors, systems and other assets necessary to support integrated intelligence, surveillance and reconnaissance (ISR) operations, exploitation and analysis for the Intelligence Community, the military services, geographic and functional combatant commands and DoD agencies.
Meet HII’s Mission Technologies Division
Our team of more than 7,000 professionals worldwide delivers all-domain expertise and advanced technologies in service of mission partners across the globe. Mission Technologies is leading the next evolution of national defense – the data evolution - by accelerating a breadth of national security solutions for government and commercial customers. Our capabilities range from C5ISR, AI and Big Data, cyber operations and synthetic training environments to fleet sustainment, environmental remediation and the largest family of unmanned underwater vehicles in every class. Find the role that’s right for you. Apply today. We look forward to meeting you.
To learn more about Mission Technologies, click here for a short video: https://vimeo.com/732533072
Who We Are
HII - Mission Technologies is seeking a Hybrid Cyber Supply Chain Risk Management (CSCRM) Governance Lead. This position will focus on developing policies and procedures to structure a SCRM program intended to mitigate risks associated with the agency's supply chain and third-party vendors. This role involves creating and maintaining a comprehensive cyber risk management framework, ensuring compliance with security standards and regulatory requirements, and overseeing governance processes to protect the organization’s assets and data. They will also work to develop and incorporate contract and acquisition policies with associated terms and conditions to ensure all agreements align with the agency's security standards and risk management objectives.
What You Will Do
Policy Creation and Governance:
Develop Comprehensive Cyber Supply Chain Policies:
• Establish policies that define the security requirements and expectations for all supply chain partners and third-party vendors.
• Ensure policies cover key areas such as data protection, incident response, access controls, and secure software development.
• Align policies with industry standards (e.g., NIST SP 800-161) and regulatory requirements (e.g., GDPR, CCPA).
Policy Implementation and Enforcement:
• Develop procedures to enforce compliance with established policies.
• Implement monitoring mechanisms to ensure adherence to policies and procedures.
• Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes.
Continuous Improvement and Policy Updates:
• Regularly review and update policies to address new threats and vulnerabilities.
• Gather feedback from stakeholders to improve policy effectiveness.
• Stay informed about industry best practices and regulatory changes to ensure policies remain current.
Risk Management Framework:
Design and Maintain Risk Management Framework:
• Create a framework for identifying, assessing, and mitigating risks associated with the supply chain and third-party vendors.
• Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers.
• Develop risk mitigation strategies and action plans to address identified vulnerabilities.
Integrate Risk Management with Governance:
• Ensure the risk management framework is integrated with governance processes to provide oversight and accountability.
• Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities.
Governance and Oversight:
Establish Governance Committees:
• Form and lead governance committees or working groups focused on third-party risk management.
• Develop governance structures to ensure clear roles, responsibilities, and accountability.
• Develop and Maintain Risk Registers: Create and maintain third-party risk registers to document and track identified risks.
Monitor and Report on Governance Activities:
• Generate regular reports on the status of governance activities, including policy compliance and risk management efforts.
• Present findings and recommendations to senior leadership and relevant stakeholders.
Due Diligence and Onboarding:
• Conduct thorough due diligence on potential vendors and third-party partners.
• Ensure security requirements are integrated into vendor selection and onboarding. Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
Contract and Acquisition Policy Integration:
• Develop and incorporate security and risk management requirements into contract and acquisition policies.
• Ensure all vendor agreements and contracts include terms and conditions that align with the company’s security standards and risk management objectives.
• Review and update contract terms and conditions regularly to address evolving risks and regulatory requirements.
What We Are Looking For
- 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
- Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.
- Minimum of 10 years of experience in policy creation, governance, and risk management in supply chain or third-party risk management.
- Strong knowledge of cybersecurity principles, risk management frameworks, and regulatory requirements (e.g., NIST, ISO 27001, GDPR).
- Experience developing and implementing risk management policies and governance frameworks.
- Proven experience in integrating security requirements into contract/acquisition policies and managing terms/conditions in vendor agreements.
- Excellent analytical, problem-solving, and communication skills.
- Ability to work independently and as part of a team in a fast-paced environment.
- Possess and maintain a current TS-SCI clearance.
Preferred: Bonus Points For...
- Familiarity with supply chain management and federal acquisition procurement processes.
- Experience with governance, risk, and compliance (GRC) tools and software.
- Knowledge of emerging threats and trends in cybersecurity and supply chain risk management.
- Relevant certifications (CISSP, CISM, CRISC, or CTPRP, etc.)
#LI-DK1
Physical Requirements
HII is more than a job - it’s an opportunity to build a new future. We offer competitive benefits such as best-in-class medical, dental and vision plan choices; wellness resources; employee assistance programs; Savings Plan Options (401(k)); financial planning tools, life insurance; employee discounts; paid holidays and paid time off; tuition reimbursement; as well as early childhood and post-secondary education scholarships. Bonus/other non-recurrent compensation is occasionally offered for qualified positions, and if applicable to this role will be addressed by the recruiter at the screening phase of application.
Why HII
We build the world’s most powerful, survivable naval ships and defense technology solutions that safeguard our seas, sky, land, space and cyber. Our diverse workforce includes skilled tradespeople; artificial intelligence, machine learning (AI/ML) experts; engineers; technologists; scientists; logistics experts; and business administration professionals.
Recognized as one of America’s top large company employers, we are a values and ethics driven organization that puts people’s safety and well-being first. Regardless of your role or where you serve, at HII, you’ll find a supportive and welcoming environment, competitive benefits, and valuable educational and training programs for continual career growth at every stage of your career.
Together we are working to ensure a future where everyone can be free and thrive.
Today’s challenges are bigger than ever, and the nation needs the best of us. It’s why we’re focused on hiring, developing and nurturing our diversity. We believe that diversity among our workforce strengthens the organization, stimulates creativity, promotes the exchange of ideas and enriches the work lives of all our employees.
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.
Do You Need Assistance?
If you need a reasonable accommodation for any part of the employment process, please send an e-mail to buildyourcareer@hii-co.com and let us know the nature of your request and your contact information. Reasonable accommodations are considered on a case-by-case basis. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address. Additionally, you may also call 1-844-849-8463 for assistance. Press #3 for HII Mission Technologies.