Jobloria
Supply Chain Risk Analyst
Base-One Inc
Location : Sterling, VA, 20165
Job Type : Contractor
Date Posted : 2 December 2025
Primary Responsibilities:
The position of Supply Chain Risk Analyst will provide risk and opportunity planning, analysis and reporting to include:
· Vulnerability due diligence assessments, Cybersecurity Maturity Model Certification, PMO and source code analysis. To also develop policies and procedures that support customer office and align to risk management framework.
· This team will be responsible for developing the foundational policies and processes to stand up the Cyber Risk Management Team within Agency SOC.
· The position will lead the development of supplier threat and vulnerability assessments related to risk and support change management efforts across the corporation. In addition, individual may support category managers in developing risk assessments across various categories.
· May be required to draft and support all-source intelligence production in compliance with Tradecraft Standards
· Candidate will provide methods to properly communicate the risks applicable to Agency stakeholders and senior management.
· Candidate will create a holistic risk picture for the communications branch and will also provide briefings for senior management on the on the cyber risk posture of Agency.
· Attend and participate in meetings, conferences, and working groups in support of Agency.
· Conduct risk, vulnerability, criticality assessments to prioritize supply chain vendors and their potential impact on Agency’s mission.
· Candidate will assist the Government in conducting reviews and recommendations to aid the government in approving of risk acceptance memorandums, assist with the prioritization of POA&Ms, create risk profiles for all Agency information systems, identify common gaps in the information system compliance to focus holistic funding in support of remediating security findings for multiple systems.
Basic Qualifications:
· Clearance: All Agency SOC employees are required to successfully complete a Agency Background Investigation to support this program
· A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
· Professional writing, editing, and sourcing skills are mandatory in order to be successful in the position
· Ability to apply extensive knowledge of grammar, punctuation, and corporate writing standards in order to edit reports
· Ability to handle multiple tasks and adjust to changing priorities as needed
· Strong attention to details is required
· Past history developing policies and procedures for compliant procurement in an services environment
· Fundamental understanding of supplier quality management processes
· Strong understanding of Risk Management Framework (RMF)
· Strong understanding of NIST 800-161, NIST 800-30, NIST 800-37 or equivalent DoD policies/standards
Required Education/Experience
A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
Preferred Qualifications:
o Experience in cyber government, and/or federal law enforcement. Experience in Vulnerability scanning and analysis. Experience in financial, CSP and FISMA audits.
o Prior Agency Experience
Freqently Asked Questions
In Sterling, VA, certifications like CISSP, CISA, and CRISC are highly valued for Supply Chain Risk Analysts. These designations demonstrate expertise in cybersecurity and risk management frameworks, aligning well with federal agencies and companies like Base-One Inc that emphasize compliance and supplier threat assessments.
Sterling, VA hosts a growing cluster of defense and government contractors, increasing demand for skilled Supply Chain Risk Analysts. The presence of agencies requiring high security clearances means competition is moderate but favors candidates with strong cybersecurity and risk management experience.
A Supply Chain Risk Analyst specializes in identifying vulnerabilities and mitigating risks in supplier networks, often focusing on cybersecurity and compliance standards like NIST 800-161. Unlike general supply chain analysts, this role requires deep knowledge of risk frameworks and threat intelligence integration.
Professionals in this role can advance into senior risk management positions or specialize further in cyber risk consulting. Opportunities often expand into program management or strategic roles within government agencies or defense contractors, leveraging their experience in supply chain threat assessments.
Daily tasks include conducting vulnerability assessments, analyzing supplier risk data, developing risk communication reports, and coordinating with category managers. Interaction with stakeholders and supporting policy creation ensures the company’s supply chain resilience aligns with organizational risk frameworks.
At Base-One Inc, the Supply Chain Risk Analyst is pivotal in shaping cybersecurity risk policies and supporting agency SOC teams. The role involves leading supplier threat assessments and providing intelligence briefings critical to maintaining compliance and securing supply chain operations.
Analysts must manage complex cybersecurity risks within federal frameworks, balancing compliance with dynamic threat landscapes. Base-One Inc values expertise in risk acceptance documentation and remediating security gaps across multiple agency information systems, which demands meticulous attention to detail.
Supply Chain Risk Analysts in Sterling, VA typically earn between $90,000 and $130,000 annually, depending on experience and clearance level. Given the specialized nature of the role and government contracting environment, salaries often factor in premium pay for cybersecurity and risk management expertise.
Sterling’s proximity to Washington D.C. offers multiple transit options, but peak traffic can extend commutes. Analysts often balance onsite attendance with occasional remote work, making location and flexible scheduling important considerations for maintaining productivity and personal time.
While Risk Operations Analysts might focus broadly on operational risks, Supply Chain Risk Analysts concentrate on supplier-specific vulnerabilities, cybersecurity threats, and compliance within supply networks. Their role often necessitates specialized knowledge of federal standards and vendor risk prioritization.
Richmond, VAPopular Searches for Supply Chain Risk Analyst