Everforth ECS is seeking a Supply Chain Risk Management Audit Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Supply Chain Risk Management Audit Analyst supports WDP's enterprise SCRM program by conducting structured, evidence-based security assessments of third-party vendor documentation and audit artifacts across classified and unclassified environments. This role directly strengthens WDP's mission assurance posture by evaluating vendor compliance, surfacing supply chain risk conditions, and maintaining audit-ready evidence packages that support RMF authorization decisions and government oversight requirements across the full WDP software and services portfolio.
• Performs detailed supply chain security review activities supporting DoW information systems across unclassified and classified environments.
• Conducts structured analysis of third-party vendor security documentation, evaluating cybersecurity controls, governance practices, and risk management approaches against DoW and federal requirements.
• Reviews independent audit artifacts including SOC reports, ISO certifications, penetration test summaries, and vendor attestations to assess adequacy of security safeguards and control implementation.
• Validates vendor responses to security questionnaires, due diligence requests, and contractual security clauses, identifying gaps, inconsistencies, and residual risk conditions.
• Coordinates with Supply Chain Risk Management leadership, contracting personnel, system owners, and cybersecurity teams to document findings and support remediation planning.
• Tracks vendor security deficiencies, corrective actions, and closure status within risk registers, assessment repositories, and continuous monitoring dashboards.
• Prepares assessment summaries, deficiency reports, and supporting documentation for Risk Management Framework activities, authorization decisions, and leadership briefings.
• Maintains organized evidence packages within SharePoint and approved document management systems to support audits and inspections.
• Monitors emerging supply chain threats, government advisories, and policy updates to inform assessment criteria and review focus areas.
• Contributes to improved third-party risk visibility, stronger vendor accountability, and sustained mission assurance while reinforcing program values of diligence, transparency, consistency, and disciplined risk oversight.
• Performs other duties as assigned.
• Current Secret security clearance.
• A minimum of 3 years of experience in supply chain risk management, third-party security assessment, cybersecurity compliance, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated ability to evaluate vendor security documentation and produce audit-ready assessment artifacts in support of RMF authorization activities.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).