ECS

Supply Chain Risk Management Lead

ECS$120K — $150K *
Aerospace & Defense
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 15+ years' progressive experience in cybersecurity with a focus on Supply Chain Risk Management or related areas.
  • Current Secret clearance, must obtain Top Secret clearance with SCI access.
  • Active DoD IAM Level I certification (e.g., CompTIA Security+ CE, ISC² CAP).
  • Experience in creating and managing Software Bill of Materials (SBOM) documentation across complex software platforms.
  • Proven experience embedding supply chain security requirements into procurement and contracting processes.
  • Familiarity with Risk Management Framework authorization activities and tools like eMASS or Xacta.
  • Strong interpersonal and communication skills for engaging with diverse stakeholders.

Responsibilities

  • Lead the Supply Chain Risk Management strategy for the War Data Platform initiative.
  • Design and implement governance frameworks for managing third-party and software risk across various environments.
  • Execute vendor security assessments to ensure compliance with federal cybersecurity standards.
  • Oversee software supply chain reviews to identify vulnerabilities in suppliers and components.
  • Coordinate with legal, contracting, and system teams to integrate security into procurement actions.
  • Maintain comprehensive risk registers and document mitigation strategies for third-party threats.
  • Provide expert advisory support to senior officials on emerging risks and mitigation strategies.

Benefits

  • Opportunity to work on a key initiative within the U.S. Department of War’s AI-First strategy.
  • Engage with advanced cybersecurity frameworks and tools.
  • Contribute to national security by enhancing supply chain resilience.
  • Collaborative work with senior leadership and diverse teams across defense operations.
Full Job Description
Everforth ECS is seeking a Supply Chain Risk Management Lead to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
• The Supply Chain Risk Management (SCRM) Lead SME serves as the senior enterprise authority for software and vendor supply chain risk governance across the WDP Core Integration program, directing the full lifecycle of third-party risk identification, assessment, mitigation, and reporting across NIPRNet, SIPRNet, and JWICS environments in compliance with DoW SCRM policy, Risk Management Framework requirements, and federal cybersecurity mandates. In this role, the specialist integrates automated supply chain risk tooling, Software Bill of Materials governance, vendor security assessment programs, and threat intelligence monitoring to reduce WDP exposure to supply chain-based attacks and sustain authoritative, audit-ready risk transparency for Authorizing Officials, program leadership, and Government oversight personnel.
• Leads enterprise Supply Chain Risk Management activities supporting Department of War information systems across unclassified and classified environments.
• Designs and executes supply chain risk governance frameworks addressing third-party vendors, commercial software, open-source components, and external service providers throughout the system lifecycle.
• Directs vendor security assessments evaluating cybersecurity posture, access controls, data handling practices, and compliance with federal and DoW requirements.
• Oversees software supply chain reviews including component provenance analysis, dependency mapping, and Software Bill of Materials validation to identify exposure to compromised or high-risk suppliers.
• Coordinates closely with contracting officers, acquisition teams, legal advisors, and system owners to integrate security requirements into procurement actions, vendor onboarding, and contract modifications.
• Maintains risk registers documenting third-party threats, mitigation strategies, residual risk, and acceptance decisions supporting Risk Management Framework activities.
• Provides advisory support to Authorizing Officials, Senior Information Security Officers, and program leadership on supply chain risk posture and emerging threat vectors.
• Monitors threat intelligence, Government advisories, and industry reporting related to supply chain compromise to inform proactive mitigation actions.
• Produces supply chain risk assessments, vendor security reports, and executive briefings supporting authorization decisions and continuous monitoring.
• Drives consistent risk transparency, lifecycle accountability, and mission resilience by reducing exposure to supply chain-based attacks and strengthening trust in system dependencies.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• 15 or more years of progressive experience in cybersecurity, with demonstrated specialization in Supply Chain Risk Management, vendor risk governance, or software assurance programs supporting large-scale federal or defense information systems.
• Active DoW/DoD IAM Level I baseline certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Demonstrated experience designing and operating enterprise SCRM governance frameworks that address third-party software components - including COTS, GOTS, and open-source AI technologies - through automated vulnerability detection and scanning, component provenance analysis, and transitive dependency mapping across the full system development lifecycle.
• Proven ability to create, maintain, and govern Software Bill of Materials documentation for complex software platforms, including management of SBOM artifacts across 150 or more systems with recurring authorization obligations and integration into automated ingest-time scanning pipelines.
• Experience coordinating SCRM activities with contracting officers, acquisition teams, legal advisors, and system owners to embed supply chain security requirements into procurement actions, vendor onboarding agreements, and contract modification packages in compliance with DFARS [redacted], NIST SP 800-171, and applicable DoW acquisition policy.
• Demonstrated experience supporting Risk Management Framework authorization activities, including generation and maintenance of supply chain risk artifacts in eMASS or Xacta, management of Plan of Action and Milestone remediation activities, and preparation of Body of Evidence packages supporting formal Government risk adjudication and audit defense.
• Proven ability to develop and present supply chain risk assessments, vendor security evaluation reports, and executive briefings to Authorizing Officials, Senior Information Security Officers, and program leadership audiences in support of authorization decisions and continuous monitoring obligations.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

About ECS

ECS is a leading provider of digital solutions and services to the federal government. The company was founded in 2001 by Roy Kapani and has since grown to become a trusted partner to a wide range of government agencies. ECS offers a broad range of services, including cloud computing, cybersecurity, and artificial intelligence. The company has been recognized for its innovative solutions and has won numerous awards, including the AWS Public Sector Partner of the Year award.
Learn more about ECS
Size
2,000 employees
Industry

Similar Jobs

More Jobs at ECS

  • ECS
    Principal AI/ML Scientist
    $130K — $180K *
    Arlington, VA 22204 (Arlington County)
    Enterprise Technology
    In-Person
  • ECS
    Data Scientist
    $90K — $130K *
    Arlington, VA 22204 (Arlington County)
    Information Technology
    In-Person
  • ECS
    Imagery Analyst Supervisor
    $80K — $100K *
    Fairfax, VA 22030 (Fairfax City County)
    Aerospace & Defense
    In-Person
  • ECS
    Analytic Engineer
    $90K — $130K *
    Fairfax, VA 22031 (Fairfax County)
    Aerospace & Defense
    In-Person
  • ECS
    Analytic Engineer
    $90K — $130K *
    Falls Church, VA 22042 (Fairfax County)
    Aerospace & Defense
    In-Person

More Aerospace & Defense Jobs

Find similar Supply Chain Risk Management Lead jobs: