Jobloria
Supply Chain Risk Analyst
Base-One Inc
Location : Reston, VA, 20190
Job Type : Contractor
Date Posted : 2 December 2025
Primary Responsibilities:
The position of Supply Chain Risk Analyst will provide risk and opportunity planning, analysis and reporting to include:
· Vulnerability due diligence assessments, Cybersecurity Maturity Model Certification, PMO and source code analysis. To also develop policies and procedures that support customer office and align to risk management framework.
· This team will be responsible for developing the foundational policies and processes to stand up the Cyber Risk Management Team within Agency SOC.
· The position will lead the development of supplier threat and vulnerability assessments related to risk and support change management efforts across the corporation. In addition, individual may support category managers in developing risk assessments across various categories.
· May be required to draft and support all-source intelligence production in compliance with Tradecraft Standards
· Candidate will provide methods to properly communicate the risks applicable to Agency stakeholders and senior management.
· Candidate will create a holistic risk picture for the communications branch and will also provide briefings for senior management on the on the cyber risk posture of Agency.
· Attend and participate in meetings, conferences, and working groups in support of Agency.
· Conduct risk, vulnerability, criticality assessments to prioritize supply chain vendors and their potential impact on Agency’s mission.
· Candidate will assist the Government in conducting reviews and recommendations to aid the government in approving of risk acceptance memorandums, assist with the prioritization of POA&Ms, create risk profiles for all Agency information systems, identify common gaps in the information system compliance to focus holistic funding in support of remediating security findings for multiple systems.
Basic Qualifications:
· Clearance: All Agency SOC employees are required to successfully complete a Agency Background Investigation to support this program
· A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
· Professional writing, editing, and sourcing skills are mandatory in order to be successful in the position
· Ability to apply extensive knowledge of grammar, punctuation, and corporate writing standards in order to edit reports
· Ability to handle multiple tasks and adjust to changing priorities as needed
· Strong attention to details is required
· Past history developing policies and procedures for compliant procurement in an services environment
· Fundamental understanding of supplier quality management processes
· Strong understanding of Risk Management Framework (RMF)
· Strong understanding of NIST 800-161, NIST 800-30, NIST 800-37 or equivalent DoD policies/standards
Required Education/Experience
A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
Preferred Qualifications:
o Experience in cyber government, and/or federal law enforcement. Experience in Vulnerability scanning and analysis. Experience in financial, CSP and FISMA audits.
o Prior Agency Experience
Freqently Asked Questions
In Reston, VA, a Supply Chain Risk Analyst tailors risk management frameworks specifically to comply with federal guidelines like NIST 800-161 and RMF. This involves integrating cybersecurity maturity models and vendor vulnerability assessments to protect sensitive supply chain operations within government agencies.
Certifications such as CISSP, CISA, or those aligned with NIST standards carry significant weight in Northern Virginia, especially for supply chain risk roles supporting federal agencies. These credentials demonstrate expertise in cybersecurity risk and compliance essential for working in high-security environments like Base-One Inc.
Professionals in this field often evolve into senior risk management or compliance leadership roles within government contractors, leveraging their deep understanding of supplier threat assessments and cyber risk. The D.C. metro’s dense federal presence offers numerous pathways into strategic policy development and intelligence analysis.
Base-One Inc emphasizes developing foundational cyber risk policies and all-source intelligence capabilities within agency SOCs. Their analysts focus heavily on integrating risk assessments with real-time threat intelligence, ensuring supply chain vulnerabilities align with evolving federal risk acceptance and remediation priorities.
Base-One Inc offers a specialized focus on cyber risk within supply chains, combining vulnerability due diligence with intelligence production. Their approach often involves close collaboration with government stakeholders, requiring analysts to maintain high-level security clearances and a strong grasp of agency-specific risk frameworks.
Supply Chain Risk Analysts in Reston, VA generally earn between $95,000 and $130,000 annually, influenced by federal contracting experience and security clearance status. Competitive compensation reflects the high demand for professionals adept at navigating complex supply chain vulnerabilities and cybersecurity compliance.
Reston’s proximity to federal agencies and defense contractors creates a robust demand for risk analysts skilled in cybersecurity and supply chain resilience. The region’s emphasis on secure procurement and compliance standards means employers actively seek candidates with relevant government experience and clearance.
Candidates who combine a strong grasp of NIST standards, hands-on vulnerability assessments, and policy development experience tend to stand out. Additionally, professional writing skills and prior federal or law enforcement exposure significantly enhance prospects in the Reston supply chain risk domain.
Daily tasks often involve balancing detailed vulnerability scanning with strategic risk communication to senior management. Analysts must navigate complex supplier ecosystems, ensuring compliance with federal standards while adapting to emerging cyber threats impacting mission-critical operations.
Federal frameworks like RMF and NIST guidelines continuously shape the analyst’s responsibilities, requiring constant updates to policies and risk profiles. Base-One Inc expects its analysts to proactively integrate new standards into supply chain risk assessments to maintain agency security and compliance.
Richmond, VAPopular Searches for Supply Chain Risk Analyst