Sr. Analyst - SCRM
Maximus · United States · 1 wk ago
RemoteRemoteBusiness Development$91k/yrFull-time
Requirements
The Sr. Analyst – Supply Chain Risk Management (SCRM) Analyst supports enterprise and program stakeholders in ensuring Maximus, Maximus Federal, and third-party relationships meet U.S. federal and DoD contractual and regulatory obligations. This role helps translate requirements into actionable SCRM governance, due diligence, and monitoring activities aligned to applicable FAR/DFARS clauses (including Section 889 considerations), customer security requirements (e.g., NIST-based controls and RMF/ATO expectations where applicable), and other federal directives affecting supplier and technology risk.
- Perform complex risk analyses and risk assessment.
- Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Support customers in the development and implementation of doctrine and policies.
- Advise information system owners on client/project security policies and requirements for systems.
- Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation.
- Interpret and operationalize federal and DoD supply chain requirements by mapping applicable FAR/DFARS clauses (including Section 889 considerations) and customer SCRM expectations into enterprise policies, procedures, and control guidance for shared services and third-party providers.
- Conduct and document supplier/third-party SCRM due diligence (pre-award and periodic) for federal and DoD pursuits and programs, including risk questionnaires, evidence reviews, and validation of flow-downs to subcontractors and cloud/service providers.
- Assess, track, and report SCRM control effectiveness using NIST guidance (e.g., NIST SP 800-161 concepts and NIST SP 800-53 control families as applicable), maintaining risk registers, corrective action plans, POA&Ms, and supporting evidence to enable audit- and assessment-ready compliance.
- Support contract lifecycle governance by advising procurement and program teams on SCRM-related contract language, required representations, and evidence packages; manage exceptions/waivers and coordinate legal/security reviews to ensure consistent FAR/DFARS compliance decisions.
- Perform ongoing SCRM monitoring for high-risk suppliers (e.g., performance, financial, cybersecurity, and geopolitical indicators), coordinate issue escalation and remediation with internal stakeholders and vendors, and deliver recurring leadership reporting for federal/DoD readiness and program assurance.
Qualifications
Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required.
- Bachelor's Degree in related field. 5-7 years of relevant professional experience required. Equivalent combination of education and experience considered in lieu of degree.
- Education/Requirements: Bachelor’s degree in supply chain, business, information systems, cybersecurity, risk management, or a related field (or equivalent combination of education, training, and experience).
- 7+ years of experience in supply chain risk management, third-party/vendor risk management (TPRM), federal compliance, or related risk/governance functions within a regulated environment.
- U.S Citizen with ability to obtain a US government security clearance.
- Experience supporting federal and/or DoD contract compliance activities (e.g., proposal support, contract onboarding, evidence collection, internal/external audits, and customer assessments).
- Strong knowledge of federal acquisition and cybersecurity supply chain requirements, including applicable FAR/DFARS clauses, subcontractor flow-down concepts, and prohibited/covered telecommunications considerations (e.g., Section 889).
- Experience using GRC/TPRM tooling to manage supplier inventories, risk assessments, evidence collection, issues/remediation, and reporting (tool experience may include platforms such as Archer, ServiceNow GRC, Coupa Risk, or equivalents).
- Demonstrated experience performing supplier due diligence (pre-award and periodic), maintaining SCRM risk registers, and driving remediation and exception workflows with procurement, legal, IT, security, and business stakeholders.
- Working knowledge of NIST supply chain risk guidance (e.g., NIST SP 800-161 concepts) and ability to align SCRM practices to NIST SP 800-53 control expectations where required by customer contracts.