The Sr. Analyst – Supply Chain Risk Management (SCRM) Analyst supports enterprise and program stakeholders in ensuring Maximus, Maximus Federal, and third-party relationships meet U.S. federal and DoD contractual and regulatory obligations. This role helps translate requirements into actionable SCRM governance, due diligence, and monitoring activities aligned to applicable FAR/DFARS clauses (including Section 889 considerations), customer security requirements (e.g., NIST-based controls and RMF/ATO expectations where applicable), and other federal directives affecting supplier and technology risk. The position partners with procurement, legal, security, IT, and business teams to conduct supplier risk assessments, maintain risk registers and supporting evidence, track remediation and exceptions, and produce compliance-ready reporting that enables informed leadership decisions and supports audits, assessments, and ongoing federal/DoD growth.
Essential Duties and Responsibilities:
- Perform complex risk analyses and risk assessment.
- Establish and satisfy Information Assurance (IA) and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Support customers in the development and implementation of doctrine and policies.
- Advise information system owners on client/project security policies and requirements for systems.
- Keep abreast of emerging security technologies and make appropriate recommendations regarding the enhancement of the security posture of systems and their implementation.
- Interpret and operationalize federal and DoD supply chain requirements by mapping applicable FAR/DFARS clauses (including Section 889 considerations) and customer SCRM expectations into enterprise policies, procedures, and control guidance for shared services and third-party providers.
- Conduct and document supplier/third-party SCRM due diligence (pre-award and periodic) for federal and DoD pursuits and programs, including risk questionnaires, evidence reviews, and validation of flow-downs to subcontractors and cloud/service providers.
- Assess, track, and report SCRM control effectiveness using NIST guidance (e.g., NIST SP 800-161 concepts and NIST SP 800-53 control families as applicable), maintaining risk registers, corrective action plans, POA&Ms, and supporting evidence to enable audit- and assessment-ready compliance.
- Support contract lifecycle governance by advising procurement and program teams on SCRM-related contract language, required representations, and evidence packages; manage exceptions/waivers and coordinate legal/security reviews to ensure consistent FAR/DFARS compliance decisions.
- Perform ongoing SCRM monitoring for high-risk suppliers (e.g., performance, financial, cybersecurity, and geopolitical indicators), coordinate issue escalation and remediation with internal stakeholders and vendors, and deliver recurring leadership reporting for federal/DoD readiness and program assurance.
Minimum Requirements
- Please refer to the additional information section of the job requisition for this opening to determine clearance eligibility required.
- Bachelor's Degree in related field.
- 5-7 years of relevant professional experience required.
- Equivalent combination of education and experience considered in lieu of degree.
Education/Requirements
- Bachelor’s degree in supply chain, business, information systems, cybersecurity, risk management, or a related field (or equivalent combination of education, training, and experience).
- 7+ years of experience in supply chain risk management, third-party/vendor risk management (TPRM), federal compliance, or related risk/governance functions within a regulated environment.
- U.S Citizen with ability to obtain a US government security clearance.
- Experience supporting federal and/or DoD contract compliance activities (e.g., proposal support, contract onboarding, evidence collection, internal/external audits, and customer assessments).
- Strong knowledge of federal acquisition and cybersecurity supply chain requirements, including applicable FAR/DFARS clauses, subcontractor flow-down concepts, and prohibited/covered telecommunications considerations (e.g., Section 889).
- Experience using GRC/TPRM tooling to manage supplier inventories, risk assessments, evidence collection, issues/remediation, and reporting (tool experience may include platforms such as Archer, ServiceNow GRC, Coupa Risk, or equivalents).
- Demonstrated experience performing supplier due diligence (pre-award and periodic), maintaining SCRM risk registers, and driving remediation and exception workflows with procurement, legal, IT/security, and business stakeholders.
- Working knowledge of NIST supply chain risk guidance (e.g., NIST SP 800-161 concepts) and ability to align SCRM practices to NIST SP 800-53 control expectations where required by customer contracts.
- Preferred: relevant certifications (e.g., CTPRP/CTPR, CISM, CRISC, CISSP, PMP) and/or eligibility to obtain a U.S. government security clearance, if required by program/customer needs.
- Applies risk-based analysis to complex supplier, technology, and sourcing scenarios; independently evaluates tradeoffs across compliance, operational impact, and mission needs.
- Proven ability to influence and coordinate across procurement, legal, security, IT, finance, and program teams to drive consistent SCRM governance and timely decisions.
- Experienced in building compliance-ready evidence packages and responding to federal/DoD customer questions, audits, and assessments related to third-party and supply chain risk.
- Skilled in developing SCRM metrics and executive reporting (risk trends, supplier segmentation, remediation aging, compliance status) to support leadership visibility and continuous improvement.
- Strong documentation discipline and attention to detail; able to track contractual requirements, subcontractor flow-downs, and exceptions through closure.
- Ability to translate FAR/DFARS and NIST-aligned requirements into practical supplier due diligence, contracting, and operational control expectations.
- Strong verbal and written communication skills, including drafting SCRM policies, procedures, assessment narratives, and leadership briefings.
- Demonstrated ability to support fast-paced capture/proposal and program delivery timelines with responsive, customer-focused risk guidance.
- Analytical skills to support supplier segmentation, risk scoring, and trend analysis using Excel and/or reporting tools.
- Proficient in Microsoft Office (Excel, Word, PowerPoint; Visio preferred) to develop procedures, process maps, risk analyses, and executive-ready briefings.
- Ability to manage multiple supplier assessments, remediation actions, and stakeholder requests simultaneously, prioritizing work based on risk and contractual deadlines.
- Understanding of insider threat, counterintelligence, and supply chain threat concepts, including recognizing/reporting indicators (e.g., suspicious vendor behavior, anomalous access requests, counterfeit/compromised components, foreign influence concerns) in coordination with security leadership.
- Knowledge of the 32 CFR Part 117 (National Industrial Security Program Operating Manual (NISPOM) Rule) and the Defense Counterintelligence and Security Agency (DCSA) oversight environment, including understanding of supplier/outsourcing considerations that may impact safeguarding of classified information.
EEO Statement
Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics.
Pay Transparency
Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.
Accommodations
Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process—including accessing job postings, completing assessments, or participating in interviews,—please contact People Operations at applicantaccom@maximus.com.
