Jobloria
Supply Chain Risk Analyst
Base-One Inc
Location : Catharpin, VA, 20143
Job Type : Contractor
Date Posted : 2 December 2025
Primary Responsibilities:
The position of Supply Chain Risk Analyst will provide risk and opportunity planning, analysis and reporting to include:
· Vulnerability due diligence assessments, Cybersecurity Maturity Model Certification, PMO and source code analysis. To also develop policies and procedures that support customer office and align to risk management framework.
· This team will be responsible for developing the foundational policies and processes to stand up the Cyber Risk Management Team within Agency SOC.
· The position will lead the development of supplier threat and vulnerability assessments related to risk and support change management efforts across the corporation. In addition, individual may support category managers in developing risk assessments across various categories.
· May be required to draft and support all-source intelligence production in compliance with Tradecraft Standards
· Candidate will provide methods to properly communicate the risks applicable to Agency stakeholders and senior management.
· Candidate will create a holistic risk picture for the communications branch and will also provide briefings for senior management on the on the cyber risk posture of Agency.
· Attend and participate in meetings, conferences, and working groups in support of Agency.
· Conduct risk, vulnerability, criticality assessments to prioritize supply chain vendors and their potential impact on Agency’s mission.
· Candidate will assist the Government in conducting reviews and recommendations to aid the government in approving of risk acceptance memorandums, assist with the prioritization of POA&Ms, create risk profiles for all Agency information systems, identify common gaps in the information system compliance to focus holistic funding in support of remediating security findings for multiple systems.
Basic Qualifications:
· Clearance: All Agency SOC employees are required to successfully complete a Agency Background Investigation to support this program
· A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
· Professional writing, editing, and sourcing skills are mandatory in order to be successful in the position
· Ability to apply extensive knowledge of grammar, punctuation, and corporate writing standards in order to edit reports
· Ability to handle multiple tasks and adjust to changing priorities as needed
· Strong attention to details is required
· Past history developing policies and procedures for compliant procurement in an services environment
· Fundamental understanding of supplier quality management processes
· Strong understanding of Risk Management Framework (RMF)
· Strong understanding of NIST 800-161, NIST 800-30, NIST 800-37 or equivalent DoD policies/standards
Required Education/Experience
A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
Preferred Qualifications:
o Experience in cyber government, and/or federal law enforcement. Experience in Vulnerability scanning and analysis. Experience in financial, CSP and FISMA audits.
o Prior Agency Experience
Freqently Asked Questions
Catharpin’s proximity to federal agencies creates a niche demand for supply chain risk analysts, especially those versed in cybersecurity and risk management frameworks. Candidates with clearance and government-related experience often find a competitive edge here, given the specialized nature of roles within companies like Base-One Inc.
In Virginia, certifications such as CISSP, CISM, or those aligned with NIST standards (800-161, 800-37) significantly enhance a supply chain risk analyst’s appeal. These credentials align well with government contract requirements and are highly valued by employers supporting federal agencies.
Unlike general supply chain analysts, supply chain risk analysts focus deeply on vulnerability assessments, threat modeling, and risk communication. Mastery of cybersecurity frameworks and risk management standards like NIST 800-30 sets them apart, emphasizing proactive risk mitigation over traditional logistics analysis.
Professionals often transition into senior risk management roles or strategic supply chain leadership positions. Specializing further in cyber risk or government compliance can lead to advisory roles or cross-functional positions bridging supply chain, finance, and security domains.
Daily tasks blend risk data analysis, supplier vulnerability assessments, and policy development. Regular briefings for senior management and collaboration with category managers to align risk strategies are key components, all while adhering to evolving compliance standards.
At Base-One Inc, analysts must navigate stringent agency compliance and dynamic cyber threat landscapes. Developing foundational policies for a nascent cyber risk team requires adaptability, precise communication with stakeholders, and managing classified information under strict security protocols.
Base-One Inc emphasizes integration with federal agency SOCs, demanding a blend of supply chain expertise and government security clearances. The role's focus on all-source intelligence and compliance with tradecraft standards sets it apart from standard corporate risk analyst positions.
Based on industry standards and regional demand, supply chain risk analysts in Catharpin, VA typically earn between $95,000 and $130,000 annually. Factors like security clearance, federal experience, and specialized certifications can push compensation toward the higher end.
Many assume risk analysts solely focus on financial risks, but in supply chain logistics, their role extends to cybersecurity threats, supplier vulnerabilities, and compliance with frameworks like RMF. This multifaceted approach requires technical and strategic expertise beyond traditional risk scopes.
Risk operations analysts often concentrate on operational continuity and incident response, while supply chain risk analysts emphasize vendor threat assessments and policy development. In federal contexts, the latter must also align closely with cybersecurity frameworks and intelligence protocols.
Richmond, VAPopular Searches for Supply Chain Risk Analyst