The Supply Chain Risk Management Audit Analyst supports WDP's enterprise SCRM program by conducting structured, evidence-based security assessments of third-party vendor documentation and audit artifacts across classified and unclassified environments. This role directly strengthens WDP's mission assurance posture by evaluating vendor compliance, surfacing supply chain risk conditions, and maintaining audit-ready evidence packages that support RMF authorization decisions and government oversight requirements across the full WDP software and services portfolio.
• Performs detailed supply chain security review activities supporting DoW information systems across unclassified and classified environments.
• Conducts structured analysis of third-party vendor security documentation, evaluating cybersecurity controls, governance practices, and risk management approaches against DoW and federal requirements.
• Reviews independent audit artifacts including SOC reports, ISO certifications, penetration test summaries, and vendor attestations to assess adequacy of security safeguards and control implementation.
• Validates vendor responses to security questionnaires, due diligence requests, and contractual security clauses, identifying gaps, inconsistencies, and residual risk conditions.
• Coordinates with Supply Chain Risk Management leadership, contracting personnel, system owners, and cybersecurity teams to document findings and support remediation planning.
• Tracks vendor security deficiencies, corrective actions, and closure status within risk registers, assessment repositories, and continuous monitoring dashboards.
• Prepares assessment summaries, deficiency reports, and supporting documentation for Risk Management Framework activities, authorization decisions, and leadership briefings.
• Maintains organized evidence packages within SharePoint and approved document management systems to support audits and inspections.
• Monitors emerging supply chain threats, government advisories, and policy updates to inform assessment criteria and review focus areas.
• Contributes to improved third-party risk visibility, stronger vendor accountability, and sustained mission assurance while reinforcing program values of diligence, transparency, consistency, and disciplined risk oversight.
• Performs other duties as assigned.
• Current Secret security clearance.
• A minimum of 3 years of experience in supply chain risk management, third-party security assessment, cybersecurity compliance, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated ability to evaluate vendor security documentation and produce audit-ready assessment artifacts in support of RMF authorization activities.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISCB2 CAP, ISCB2 SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
