Jobloria
Supply Chain Risk Analyst
Base-One Inc
Location : Falls Church, VA, 22046
Job Type : Contractor
Date Posted : 2 December 2025
Primary Responsibilities:
The position of Supply Chain Risk Analyst will provide risk and opportunity planning, analysis and reporting to include:
· Vulnerability due diligence assessments, Cybersecurity Maturity Model Certification, PMO and source code analysis. To also develop policies and procedures that support customer office and align to risk management framework.
· This team will be responsible for developing the foundational policies and processes to stand up the Cyber Risk Management Team within Agency SOC.
· The position will lead the development of supplier threat and vulnerability assessments related to risk and support change management efforts across the corporation. In addition, individual may support category managers in developing risk assessments across various categories.
· May be required to draft and support all-source intelligence production in compliance with Tradecraft Standards
· Candidate will provide methods to properly communicate the risks applicable to Agency stakeholders and senior management.
· Candidate will create a holistic risk picture for the communications branch and will also provide briefings for senior management on the on the cyber risk posture of Agency.
· Attend and participate in meetings, conferences, and working groups in support of Agency.
· Conduct risk, vulnerability, criticality assessments to prioritize supply chain vendors and their potential impact on Agency’s mission.
· Candidate will assist the Government in conducting reviews and recommendations to aid the government in approving of risk acceptance memorandums, assist with the prioritization of POA&Ms, create risk profiles for all Agency information systems, identify common gaps in the information system compliance to focus holistic funding in support of remediating security findings for multiple systems.
Basic Qualifications:
· Clearance: All Agency SOC employees are required to successfully complete a Agency Background Investigation to support this program
· A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
· Professional writing, editing, and sourcing skills are mandatory in order to be successful in the position
· Ability to apply extensive knowledge of grammar, punctuation, and corporate writing standards in order to edit reports
· Ability to handle multiple tasks and adjust to changing priorities as needed
· Strong attention to details is required
· Past history developing policies and procedures for compliant procurement in an services environment
· Fundamental understanding of supplier quality management processes
· Strong understanding of Risk Management Framework (RMF)
· Strong understanding of NIST 800-161, NIST 800-30, NIST 800-37 or equivalent DoD policies/standards
Required Education/Experience
A Bachelor’s degree and 8 years of applicable experience is required, or a High School diploma + 9 years of applicable experience
Preferred Qualifications:
o Experience in cyber government, and/or federal law enforcement. Experience in Vulnerability scanning and analysis. Experience in financial, CSP and FISMA audits.
o Prior Agency Experience
Freqently Asked Questions
Professionals aiming for a Supply Chain Risk Analyst role in Falls Church often seek certifications like CISSP, CISA, or CRISC, aligning with local federal cybersecurity standards. These qualifications enhance understanding of risk frameworks such as NIST 800-161 and improve candidacy in this security-focused market.
Demand for supply chain risk analysts around Falls Church, VA, is robust due to proximity to federal agencies. However, competition is stiff, with many candidates holding advanced security clearances and specialized experience in cybersecurity risk management, making niche skills critical for standing out.
A Supply Chain Risk Analyst typically synthesizes vulnerability due diligence, risk reporting, and supplier threat assessment, juggling policy development with cross-departmental communications. Mastery in frameworks like RMF and NIST standards is essential to craft comprehensive risk profiles that safeguard mission-critical supply chains.
Advancement often hinges on demonstrated expertise in cyber risk frameworks, supplier quality management, and intelligence production. Analysts with 8+ years or specialized government or federal law enforcement background typically access senior roles, leading strategic risk operations and influencing corporate risk appetite.
Base-One Inc’s role emphasizes integrating cyber risk management within agency SOCs and involves direct engagement with intelligence standards and senior briefings. This blend of operational risk analysis with cybersecurity policy crafting offers a distinct career path compared to typical supply chain analyst positions.
Joining Base-One Inc offers exposure to cutting-edge cyber risk operations within a federal framework, combining vulnerability analysis with strategic policy development. The company's strong agency ties provide unique opportunities to influence national security-related supply chain risk mitigation efforts.
Market data suggests that Supply Chain Risk Analysts in Falls Church, VA, typically earn between $95,000 and $130,000 annually, depending on security clearance, experience, and expertise in federal risk frameworks. Specialized skills in NIST compliance often push compensation toward the higher end.
By identifying supplier vulnerabilities and cyber threats, risk and opportunity assessments enable organizations to prioritize mitigation strategies, allocate resources wisely, and maintain supply chain resilience. This proactive approach supports informed decisions that directly protect mission-critical operations.
Analysts must distill complex cyber risk data into concise, strategic insights, tailoring briefings to highlight potential impacts and recommended actions. Effective communication ensures leadership comprehends risk posture, facilitating timely decisions within fast-evolving security environments.
In Falls Church’s federal ecosystem, analysts apply frameworks like NIST 800-161 and RMF to evaluate vendor risks and inform cyber risk management strategies. This intersection demands a deep understanding of both supply chain logistics and stringent government cybersecurity mandates.
Richmond, VAPopular Searches for Supply Chain Risk Analyst