As the Program Manager (PM) for a dynamic Cyber Supply Chain Risk Management (SCRM) team, the PM role advises customer leadership on compliance with SCRM regulations and FISMA maturity, recommends technical controls required to reduce information and communication technology (ICT) supply chain risks, recommends courses of action and processes to identify and mitigate hardware counterfeits and risks to software provenance, and coordinates risk mitigation recommendations with system owners and mission stakeholders.

The PM role also leads a talented team of risk analysts who are responsible for analyzing life-cycle supply chain risks for all systems, hardware, and software used in support of the customer?s mission. The contract PM ensures the quality control and timely submission of deliverables, provides technical and programmatic guidance to the team, oversees the development of policies and standard operating procedures, and seeks to integrate analytical tradecraft and tools designed to anticipate and mitigate cyber threat tactics, techniques, and procedures (TTPs).

This is considered a Key Position in the performance of the contract and the utmost discretion and maturity is needed in the performance of roles and responsibilities. The PM is also considered a key technical advisor to the customer, so knowledge of FISMA compliance, the NIST SP 800-53, Revision 5 SR control family, EO 14028, hardware and software acquisitions processes, cyber threat TTPs, and best practices for how to lead risk assessments is essential.

Minimum Qualifications

• B.A. or BS in computer science, information technology, or a related discipline
• Significant experience organizing and leading technical discussions and meetings
• Excellent writing skills
• Ten years of related experience
• Experience conducting cyber threat analysis and/or risk assessments
• Experience leading FISMA and NIST compliance efforts
• Solid understanding of hardware and software vulnerabilities and threats

Desired Qualifications

• Certified Information System Security Professional (CISSP)
• Project Management Professional (PMP) or a similar program management credential
• Solid understanding of IT configuration management practices
• Solid understanding of Federal hardware and/or software acquisition processes
• Understanding and use of the MITRE ATT&CK Framework

Competition, Teammates, Other Comments

As a key member of the Sugpiat Defense, LLC company, the PM also reports to the company General Manager on contract performance and staffing matters, aligns to the company Quality Management System (QMS), identifies process improvement opportunities, and supports the General Manager with occasional proposal writing tasks.

As the Program Manager (PM) for a dynamic Cyber Supply Chain Risk Management (SCRM) team, the PM role advises customer leadership on compliance with SCRM regulations and FISMA maturity, recommends technical controls required to reduce information and communication technology (ICT) supply chain risks, recommends courses of action and processes to identify and mitigate hardware counterfeits and risks to software provenance, and coordinates risk mitigation recommendations with system owners and mission stakeholders.

The PM role also leads a talented team of risk analysts who are responsible for analyzing life-cycle supply chain risks for all systems, hardware, and software used in support of the customer?s mission. The contract PM ensures the quality control and timely submission of deliverables, provides technical and programmatic guidance to the team, oversees the development of policies and standard operating procedures, and seeks to integrate analytical tradecraft and tools designed to anticipate and mitigate cyber threat tactics, techniques, and procedures (TTPs).

This is considered a Key Position in the performance of the contract and the utmost discretion and maturity is needed in the performance of roles and responsibilities. The PM is also considered a key technical advisor to the customer, so knowledge of FISMA compliance, the NIST SP 800-53, Revision 5 SR control family, EO 14028, hardware and software acquisitions processes, cyber threat TTPs, and best practices for how to lead risk assessments is essential.

Minimum Qualifications

• B.A. or BS in computer science, information technology, or a related discipline
• Significant experience organizing and leading technical discussions and meetings
• Excellent writing skills
• Ten years of related experience
• Experience conducting cyber threat analysis and/or risk assessments
• Experience leading FISMA and NIST compliance efforts
• Solid understanding of hardware and software vulnerabilities and threats

Desired Qualifications

• Certified Information System Security Professional (CISSP)
• Project Management Professional (PMP) or a similar program management credential
• Solid understanding of IT configuration management practices
• Solid understanding of Federal hardware and/or software acquisition processes
• Understanding and use of the MITRE ATT&CK Framework

Competition, Teammates, Other Comments

As a key member of the Sugpiat Defense, LLC company, the PM also reports to the company General Manager on contract performance and staffing matters, aligns to the company Quality Management System (QMS), identifies process improvement opportunities, and supports the General Manager with occasional proposal writing tasks.