Job Requirements
Fairfax, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description
Everforth ECS is seeking a Supply Chain Risk Management Audit Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Supply Chain Risk Management Audit Analyst supports WDP's enterprise SCRM program by conducting structured, evidence-based security assessments of third-party vendor documentation and audit artifacts across classified and unclassified environments. This role directly strengthens WDP's mission assurance posture by evaluating vendor compliance, surfacing supply chain risk conditions, and maintaining audit-ready evidence packages that support RMF authorization decisions and government oversight requirements across the full WDP software and services portfolio.
• Performs detailed supply chain security review activities supporting DoW information systems across unclassified and classified environments.
• Conducts structured analysis of third-party vendor security documentation, evaluating cybersecurity controls, governance practices, and risk management approaches against DoW and federal requirements.
• Reviews independent audit artifacts including SOC reports, ISO certifications, penetration test summaries, and vendor attestations to assess adequacy of security safeguards and control implementation.
• Validates vendor responses to security questionnaires, due diligence requests, and contractual security clauses, identifying gaps, inconsistencies, and residual risk conditions.
• Coordinates with Supply Chain Risk Management leadership, contracting personnel, system owners, and cybersecurity teams to document findings and support remediation planning.
• Tracks vendor security deficiencies, corrective actions, and closure status within risk registers, assessment repositories, and continuous monitoring dashboards.
• Prepares assessment summaries, deficiency reports, and supporting documentation for Risk Management Framework activities, authorization decisions, and leadership briefings.
• Maintains organized evidence packages within SharePoint and approved document management systems to support audits and inspections.
• Monitors emerging supply chain threats, government advisories, and policy updates to inform assessment criteria and review focus areas.
• Contributes to improved third-party risk visibility, stronger vendor accountability, and sustained mission assurance while reinforcing program values of diligence, transparency, consistency, and disciplined risk oversight.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance.
• A minimum of 3 years of experience in supply chain risk management, third-party security assessment, cybersecurity compliance, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated ability to evaluate vendor security documentation and produce audit-ready assessment artifacts in support of RMF authorization activities.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Familiarity with Software Bill of Materials (SBOM) development, maintenance, and analysis, including experience tracking transitive software dependencies across the full system development lifecycle in support of enterprise SCRM governance requirements.
• Hands-on experience using eMASS or comparable RMF authorization management platforms to document supply chain risk findings, maintain Plans of Action and Milestones, and support continuous monitoring and authorization portfolio management activities.
• Experience reviewing and interpreting third-party independent audit artifacts - including SOC 2 Type II reports, ISO 27001 certifications, and penetration test summaries - within the context of DoW or federal security compliance frameworks, including NIST SP 800-161 and DoDI 5200.44.
• Familiarity with Attribute-Based Access Control (ABAC), Zero Trust architecture principles, and AI/ML software supply chain risk considerations, with the ability to apply these concepts to vendor assessments involving commercial, government, and open-source technology components integrated into mission-critical data and AI platforms.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
Everforth ECS is seeking a Supply Chain Risk Management Audit Analyst to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Supply Chain Risk Management Audit Analyst supports WDP's enterprise SCRM program by conducting structured, evidence-based security assessments of third-party vendor documentation and audit artifacts across classified and unclassified environments. This role directly strengthens WDP's mission assurance posture by evaluating vendor compliance, surfacing supply chain risk conditions, and maintaining audit-ready evidence packages that support RMF authorization decisions and government oversight requirements across the full WDP software and services portfolio.
• Performs detailed supply chain security review activities supporting DoW information systems across unclassified and classified environments.
• Conducts structured analysis of third-party vendor security documentation, evaluating cybersecurity controls, governance practices, and risk management approaches against DoW and federal requirements.
• Reviews independent audit artifacts including SOC reports, ISO certifications, penetration test summaries, and vendor attestations to assess adequacy of security safeguards and control implementation.
• Validates vendor responses to security questionnaires, due diligence requests, and contractual security clauses, identifying gaps, inconsistencies, and residual risk conditions.
• Coordinates with Supply Chain Risk Management leadership, contracting personnel, system owners, and cybersecurity teams to document findings and support remediation planning.
• Tracks vendor security deficiencies, corrective actions, and closure status within risk registers, assessment repositories, and continuous monitoring dashboards.
• Prepares assessment summaries, deficiency reports, and supporting documentation for Risk Management Framework activities, authorization decisions, and leadership briefings.
• Maintains organized evidence packages within SharePoint and approved document management systems to support audits and inspections.
• Monitors emerging supply chain threats, government advisories, and policy updates to inform assessment criteria and review focus areas.
• Contributes to improved third-party risk visibility, stronger vendor accountability, and sustained mission assurance while reinforcing program values of diligence, transparency, consistency, and disciplined risk oversight.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance.
• A minimum of 3 years of experience in supply chain risk management, third-party security assessment, cybersecurity compliance, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated ability to evaluate vendor security documentation and produce audit-ready assessment artifacts in support of RMF authorization activities.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Familiarity with Software Bill of Materials (SBOM) development, maintenance, and analysis, including experience tracking transitive software dependencies across the full system development lifecycle in support of enterprise SCRM governance requirements.
• Hands-on experience using eMASS or comparable RMF authorization management platforms to document supply chain risk findings, maintain Plans of Action and Milestones, and support continuous monitoring and authorization portfolio management activities.
• Experience reviewing and interpreting third-party independent audit artifacts - including SOC 2 Type II reports, ISO 27001 certifications, and penetration test summaries - within the context of DoW or federal security compliance frameworks, including NIST SP 800-161 and DoDI 5200.44.
• Familiarity with Attribute-Based Access Control (ABAC), Zero Trust architecture principles, and AI/ML software supply chain risk considerations, with the ability to apply these concepts to vendor assessments involving commercial, government, and open-source technology components integrated into mission-critical data and AI platforms.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A