cFocus Software seeks a SCRM/Emerging Technology Security Analyst to join our program supporting the Federal Communications Commission (FCC). This position is remote. This position requires the ability a Public Trust clearance. Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
3–7+ years of experience in cybersecurity, risk management, or supply chain security.
Experience supporting enterprise cybersecurity environments of similar scale and complexity.
Knowledge of NIST frameworks (RMF, CSF), FISMA, and federal security standards.
Experience with third-party risk management, vendor assessments, or SCRM programs.
Familiarity with AI/ML security risks and emerging cybersecurity trends
Strong analytical and risk assessment capabilities
Knowledge of supply chain threats and mitigation strategies
Understanding of AI/ML security risks and governance
Experience with security documentation and reporting
Excellent communication and stakeholder coordination skills
Required Certifications
At least one relevant cybersecurity certification such as:
CISSP, CISM, or Security+
Certified in Risk and Information Systems Control (CRISC)
Certified Supply Chain Professional (CSCP) or equivalent (preferred)
Additional role-based certifications related to cloud, AI security, or risk management are desirable..
Duties:
Support Supply Chain Risk Management (SCRM) activities including analysis of third-party/vendor risks, documentation, and mitigation strategies.
Assess risks associated with emerging technologies including AI, automation, and cloud-based services.
Provide risk-informed recommendations for secure adoption of new technologies.
Support development and maintenance of SCRM documentation, policies, and processes.
Conduct security reviews of vendors, software, and emerging platforms.
Analyze cybersecurity threats related to supply chain and emerging technologies.
Collaborate with compliance, engineering, SOC/NOC, and risk teams.
Support reporting activities including SCRM status reports, risk registers, and audit artifacts.
Identify gaps in SCRM and emerging technology security practices and recommend improvements.
Assist with governance and compliance activities aligned to NIST, FISMA, and federal cybersecurity frameworks.