Supply Chain Risk Management (SCRM) Lead

Supply Chain Risk Management (SCRM) Lead
Falls Church, Virginia.
Full-time.

Important Notice: This position is contingent upon contract award.

Summary:
SCRM Leads develop and implement supply chain risk management programs assessing and mitigating risks from third-party vendors, commercial software, and supply chain dependencies. This role coordinates vendor security assessments, establishes SCRM policies, and interfaces with contracting and acquisition teams on security requirements.

Key Responsibilities:

• Develop comprehensive supply chain risk management program.
• Manage 30-80 third-party vendor relationships requiring security assessment.
• Conduct 20-40 vendor security assessments annually.
• Review 50-150 commercial software products for supply chain risk.
• Analyze software composition and third-party dependencies.
• Interface with contracting and acquisition teams on security requirements.
• Develop 5-15 SCRM policies and procedures.
• Monitor vendor security posture for changes and incidents.

Performance Metrics:

• Vendors Managed: 30-80 requiring assessment per network.
• Annual Assessments: 20-40 vendor security evaluations.
• Software Reviews: 50-150 commercial products assessed.
• SCRM Policies: 5-15 procedures developed and maintained.
• Quarterly Reports: SCRM metrics and risk reporting.

Requirements:

• Clearance: Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS) based on network assignment.
• Education: Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Experience: 10+ years cybersecurity; 3+ years supply chain risk management or third-party risk.
• Certifications: CISSP required; CISM, CRISC, or procurement certifications desired.
• Technical Knowledge: Understanding of supply chain security threats, vendor risk assessment methodologies, Software Composition Analysis, NIST 800-161.

About Advana:
Advana is the Department of Defense Chief Digital and Artificial Intelligence Office's (CDAO) enterprise-wide data, analytics, and AI platform. Advana provides DoD military and civilian decision makers with unprecedented access to enterprise data, tools, and capabilities in a secure environment. The platform hosts hundreds of curated applications across logistics, financial management, personnel, health, and other domains, accelerating decision advantage through accessible, actionable data and AI capabilities.

This position supports comprehensive cybersecurity operations for the Advana platform across three classified networks (NIPR, SIPR, JWICS).

Important Notes:

Position Status:

• This position is contingent upon contract award.
• Start date will be determined upon contract award.
• We will maintain contact with selected candidates throughout the award process.

Work Requirements:

• U.S. Citizen required.
• Clearance varies by network: Secret (NIPR), Top Secret (SIPR), or TS/SCI Eligible (JWICS).
• On-premises work required at Suffolk Building, Falls Church, VA.
• No remote work options available.
• Standard business hours with operational flexibility.

Benefits:

• 4 Weeks Paid Time Off.
• All Federal Holiday’s Paid Vacation.
• Four Percent Matching 401K.
• Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC.

We thank all applicants for their interest. Only candidates selected for interviews will be contacted.

About ZTI Solutions, LLC:

ZTI Solutions, LLC was founded in 1997 in Virginia and is classified as a small business. The company is owned and operated by its founder, Rudy Zadnik, who emphasizes moral and business excellence over increasing company profits. This results in a more customer-oriented attitude towards mission accomplishment, as opposed to growing profits or sales.Our approach to consulting and engineering centers around using only highly skilled personnel who are seasoned industry veterans. All employees hold high-level industry and vendor certifications. We offer a comprehensive set of consulting and staff augmentation services, primarily focused on networking and security consulting in the classified space.