Sign upLog in

Sr. Analyst - SCRM

Maximus

Olympia, WA

Apply
JOB DETAILS
SALARY
SKILLS
Alliance/Partner Marketing, Analysis Skills, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Code of Federal Regulations, Communication Skills, Computer Security, Continuous Improvement, Contract Requirements, Corrective Action, Customer Relations, Customer Support/Service, Defense Federal Acquisition Regulations Supplement (DFARS), Detail Oriented, Documentation, Due Diligence, Emerging Technology, Establish Priorities, External Audit, Federal Acquisition Regulations (FAR), Federal Contracts, Finance, Government Contracts, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Inventory Management, Leadership, Legal, Machine Tool, Metrics, Microsoft Excel, Microsoft Office, Microsoft PowerPoint, Microsoft Visio, Microsoft Word, Onboarding, Operational Control, Outsourcing, Policy Analysis, Policy Development, Presentation/Verbal Skills, Procedure Development, Process Development, Project Management Professional (PMP), Purchasing/Procurement, Regulations, Requirements Management, Risk, Risk Analysis, Risk Management, Scorecarding, Security Clearance, ServiceNow, Supply Chain, Supply Chain Management, Telecommunications, Time Management, Trade-Off Analysis, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD), Vendor/Supplier Evaluation, Vendor/Supplier Management, Writing Skills
LOCATION
Olympia, WA
POSTED
20 days ago
The Sr. Analyst - Supply Chain Risk Management (SCRM) Analyst supports enterprise and program stakeholders in ensuring Maximus, Maximus Federal, and third-party relationships meet U.S. federal and DoD contractual and regulatory obligations. This role helps translate requirements into actionable SCRM governance, due diligence, and monitoring activities aligned to applicable FAR/DFARS clauses (including Section 889 considerations), customer security requirements (e.g., NIST-based controls and RMF/ATO expectations where applicable), and other federal directives affecting supplier and technology risk. The position partners with procurement, legal, security, IT, and business teams to conduct supplier risk assessments, maintain risk registers and supporting evidence, track remediation and exceptions, and produce compliance-ready reporting that enables informed leadership decisions and supports audits, assessments, and ongoing federal/DoD growth. Essential Duties and Responsibilities: - Perform complex risk analyses and risk assessment. - Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands. - Support customers in the development and implementation of doctrine and policies. - Advise information system owners on client/project security policies and requirements for systems. - Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation. '- Interpret and operationalize federal and DoD supply chain requirements by mapping applicable FAR/DFARS clauses (including Section 889 considerations) and customer SCRM expectations into enterprise policies, procedures, and control guidance for shared services and third-party providers. - Conduct and document supplier/third-party SCRM due diligence (pre-award and periodic) for federal and DoD pursuits and programs, including risk questionnaires, evidence reviews, and validation of flow-downs to subcontractors and cloud/service providers. - Assess, track, and report SCRM control effectiveness using NIST guidance (e.g., NIST SP 800-161 concepts and NIST SP 800-53 control families as applicable), maintaining risk registers, corrective action plans, POA&Ms, and supporting evidence to enable audit- and assessment-ready compliance. - Support contract lifecycle governance by advising procurement and program teams on SCRM-related contract language, required representations, and evidence packages; manage exceptions/waivers and coordinate legal/security reviews to ensure consistent FAR/DFARS compliance decisions. - Perform ongoing SCRM monitoring for high-risk suppliers (e.g., performance, financial, cybersecurity, and geopolitical indicators), coordinate issue escalation and remediation with internal stakeholders and vendors, and deliver recurring leadership reporting for federal/DoD readiness and program assurance. Minimum Requirements '- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required. - Bachelor's Degree in related field. - 5-7 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Education/Requirements - Bachelor's degree in supply chain, business, information systems, cybersecurity, risk management, or a related field (or equivalent combination of education, training, and experience). - 7+ years of experience in supply chain risk management, third-party/vendor risk management (TPRM), federal compliance, or related risk/governance functions within a regulated environment. - U.S Citizen with ability to obtain a US government security clearance. - Experience supporting federal and/or DoD contract compliance activities (e.g., proposal support, contract onboarding, evidence collection, internal/external audits, and customer assessments). - Strong knowledge of federal acquisition and cybersecurity supply chain requirements, including applicable FAR/DFARS clauses, subcontractor flow-down concepts, and prohibited/covered telecommunications considerations (e.g., Section 889). - Experience using GRC/TPRM tooling to manage supplier inventories, risk assessments, evidence collection, issues/remediation, and reporting (tool experience may include platforms such as Archer, ServiceNow GRC, Coupa Risk, or equivalents). - Demonstrated experience performing supplier due diligence (pre-award and periodic), maintaining SCRM risk registers, and driving remediation and exception workflows with procurement, legal, IT/security, and business stakeholders. - Working knowledge of NIST supply chain risk guidance (e.g., NIST SP 800-161 concepts) and ability to align SCRM practices to NIST SP 800-53 control expectations where required by customer contracts. - Preferred: relevant certifications (e.g., CTPRP/CTPR, CISM, CRISC, CISSP, PMP) and/or eligibility to obtain a U.S. government security clearance, if required by program/customer needs. - Applies risk-based analysis to complex supplier, technology, and sourcing scenarios; independently evaluates tradeoffs across compliance, operational impact, and mission needs. - Proven ability to influence and coordinate across procurement, legal, security, IT, finance, and program teams to drive consistent SCRM governance and timely decisions. - Experienced in building compliance-ready evidence packages and responding to federal/DoD customer questions, audits, and assessments related to third-party and supply chain risk. - Skilled in developing SCRM metrics and executive reporting (risk trends, supplier segmentation, remediation aging, compliance status) to support leadership visibility and continuous improvement. - Strong documentation discipline and attention to detail; able to track contractual requirements, subcontractor flow-downs, and exceptions through closure. - Ability to translate FAR/DFARS and NIST-aligned requirements into practical supplier due diligence, contracting, and operational control expectations. - Strong verbal and written communication skills, including drafting SCRM policies, procedures, assessment narratives, and leadership briefings. - Demonstrated ability to support fast-paced capture/proposal and program delivery timelines with responsive, customer-focused risk guidance. - Analytical skills to support supplier segmentation, risk scoring, and trend analysis using Excel and/or reporting tools. - Proficient in Microsoft Office (Excel, Word, PowerPoint; Visio preferred) to develop procedures, process maps, risk analyses, and executive-ready briefings. - Ability to manage multiple supplier assessments, remediation actions, and stakeholder requests simultaneously, prioritizing work based on risk and contractual deadlines. - Understanding of insider threat, counterintelligence, and supply chain threat concepts, including recognizing/reporting indicators (e.g., suspicious vendor behavior, anomalous access requests, counterfeit/compromised components, foreign influence concerns) in coordination with security leadership. - Knowledge of the 32 CFR Part 117 (National Industrial Security Program Operating Manual (NISPOM) Rule) and the Defense Counterintelligence and Security Agency (DCSA) oversight environment, including understanding of supplier/outsourcing considerations that may impact safeguarding of classified information. \#maxcorp #c0rejobs #CoreTech Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Minimum Salary $90,780 Maximum Salary $122,820

About the Company

M

Maximus

MAXIMUS provides business services to help governments operate health and human services programs, mostly at the state and national levels. The company's health services segment offers outsourced program management and administrative services,
COMPANY SIZE
5,000 to 9,999 employees
INDUSTRY
Other/Not Classified
WEBSITE
https://www.maximus.com/