Overview
LMI is seeking a skilled Cyber Supply Chain Risk Management Policy, Strategy & Governance Lead to work hybridly in Woodlawn, MD. Successful Cyber Supply Chain Risk Management Policy, Strategy & Governance Leads demonstrate competency in developing policies and procedures to structure a SCRM program intended to mitigate risks associated with the agency's supply chain and third-party vendors.
LMI is a consultancy dedicated to improving the business of government, drawing from deep expertise in advanced analytics, digital services, logistics, and management advisory services. Established in 1961, LMI is a trusted third party to federal civilian and defense agencies, free of commercial and political bias. We operate completely free of political and commercial bias, and we are entirely aligned with the goals of our clients. Our clients value our specialized services in logistics, intelligence, homeland security, health care, and energy and environment markets. We believe government can make a difference, and we seek talented, hardworking people who share that conviction.
LMI offers a generous compensation package with excellent benefits that start the first day of employment. Business casual dress, flex time, and tuition reimbursement are a few of our many work-life benefits available to our employees. Come join the #1 top ranked workplace by the Washington Post in 2021, and 2024 Winner of Built In's Best Places to Work!
Responsibilities
Responsibilities may include:
- Policy Creation and Governance:
Develop Comprehensive Cyber Supply Chain Risk Management Policies:
• Establish policies that define the security requirements and expectations for all supply chain partners and third-party vendors.
• Ensure policies cover key areas such as data protection, incident response, access controls, and secure software development.
• Align policies with industry standards (e.g., NIST SP 800-161) and regulatory requirements (e.g., GDPR, CCPA).Policy Implementation and Enforcement:
• Develop procedures to enforce compliance with established policies.
• Implement monitoring mechanisms to ensure adherence to policies and procedures.
• Collaborate with internal teams to integrate policy requirements into procurement and vendor management processes.Continuous Improvement and Policy Updates:
• Regularly review and update policies to address new threats and vulnerabilities.
• Gather feedback from stakeholders to improve policy effectiveness.
• Stay informed about industry best practices and regulatory changes to ensure policies remain current.Risk Management Framework:
Design and Maintain Risk Management Framework:
• Create a framework for identifying, assessing, and mitigating risks associated with the supply chain and third-party vendors.
• Implement risk assessment tools and methodologies to evaluate the security posture of vendors and suppliers.
• Develop risk mitigation strategies and action plans to address identified vulnerabilities.
Integrate Risk Management with Governance:
• Ensure the risk management framework is integrated with governance processes to provide oversight and accountability.
• Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the effectiveness of risk management activities.Governance and Oversight:
Establish Governance Committees:
• Form and lead governance committees or working groups focused on third-party risk management.
• Develop governance structures to ensure clear roles, responsibilities, and accountability.
• Develop and Maintain Risk Registers: Create and maintain third-party risk registers to document and track identified risks.
Monitor and Report on Governance Activities:
• Generate regular reports on the status of governance activities, including policy compliance and risk management efforts.
• Present findings and recommendations to senior leadership and relevant stakeholders.Due Diligence and Onboarding:
Contract and Acquisition Policy Integration:
• Conduct thorough due diligence on potential vendors and third-party partners.
• Ensure security requirements are integrated into vendor selection and onboarding. Collaborate with procurement and legal teams to negotiate contracts that include robust security clauses.
• Develop and incorporate security and risk management requirements into contract and acquisition policies.
• Ensure all vendor agreements and contracts include terms and conditions that align with the company’s security standards and risk management objectives.
• Review and update contract terms and conditions regularly to address evolving risks and regulatory requirements.
Qualifications
MINIMUM QUALIFICATIONS:
- 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
- Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.
- Minimum of 10 years of experience in policy creation, governance, and risk management in supply chain or third-party risk management.
- Strong knowledge of cybersecurity principles, risk management frameworks, and regulatory requirements (e.g., NIST, ISO 27001, GDPR).
- Experience developing and implementing risk management policies and governance frameworks.
- Proven experience in integrating security requirements into contract/acquisition policies and managing terms/conditions in vendor agreements.
- Excellent analytical, problem-solving, and communication skills.
- Ability to work independently and as part of a team in a fast-paced hybrid environment.
- Possess and maintain a current TS-SCI clearance.
DESIRED SKILLS
- Familiarity with supply chain management and federal acquisition procurement processes.
- Experience with governance, risk, and compliance (GRC) tools and software.
- Knowledge of emerging threats and trends in cybersecurity and supply chain risk management.
- Relevant certifications (CISSP, CISM, CRISC, or CTPRP, etc.)
#LI-SH1