Who We Are
Vigor, a Titan Company, is a values-driven, diversified industrial business operating in six locations with approximately 1,800 people in Oregon, Washington and Alaska. Built around a collection of powerful, unique assets and differentiated capabilities, Vigor excels at specialized shipbuilding, ship repair and handling important, complex projects in support of energy generation, our nation’s infrastructure and national defense.
With deep respect for people and the planet, Vigor strives to be a positive, regenerative force for good – environmentally, in the lives of our employees and in the community. We have built a positive culture that honors the work we do, the workers who do it, and the world we live in.
POSITION SUMMARY:
As a Cybersecurity Supply Chain Risk Management (C-SCRM) Analyst, you will be a key member of the Information Security team, reporting directly to the Information Security Director. Your primary responsibility will be to coordinate and conduct evaluations of Supply Chain vendor cyber risk management through the review of vendor cybersecurity questionnaire responses and interaction with Supply Chain vendors. You will work at the enterprise level, overseeing Supply Chain contractual and regulatory flow-downs across our multiple companies. Additionally, you will be building out a program to support our vendors that may need assistance with becoming compliant with NIST 800-171/CMMC and will provide them industry best practices. You will also monitor their cyber compliance posture under a centralized Supply Chain Risk Management Plan that you will develop, implement, and manage. You will operate within general parameters but must exercise sound judgment and independent decision-making. This role includes the responsibility to oversee the implementation of Information Security measures in line with established government and contract mandates.
ESSENTIAL FUNCTIONS AND MAJOR RESPONSIBILITIES:
(This list is not intended to detail all aspects of the assigned work but is representative of the job’s overall responsibilities.)
Coordinate the review of vendor cybersecurity questionnaire responses.Conduct vendor interviews to identify posture and progress in relation to NIST SP 800-171 / CMMC compliance, document responses in the ERP system, and provide risk recommendations related to the sharing of Controlled Unclassified Information (CUI).Develop and implement the program to support supply chain vendors needing assistance with compliance.Develop and manage the Supply Chain Risk Management Plan in accordance with NIST SP 800-171r3 regulatory requirements.
CORE COMPETENCIES:
Understand the requirements of, and have worked with, NIST SP 800-171 / CMMC and able to articulate requirements and evaluate vendor postures.Identify cybersecurity deficiencies, develop compliant risk mitigation strategies and effectively convey them to vendors.Evaluate, contribute to and technically write IT and Information Security governance.Stay informed on the latest security threats and recommend improvements to enterprise and vendor posturesCollaborate with colleagues, manage projects independently, and prioritize risk reduction efforts.
KNOWLEDGE, SKILLS, AND ABILITIES:
Familiarity with modern adversary tactics, cyber threat mitigation strategies and emerging security technologies. Understand and deliver best practice procedures and appropriate mitigating or remediating controls.Ability to perform technical security assessments of large, complex systems.Self-motivated with ability to operate independently and to adapt to a dynamic operating environment.Strong interpersonal skills for effective collaboration with customers, employees, and management.
EDUCATION AND/OR EXPERIENCE:
S. CitizenshipExperience with implementing, evaluating and/or auditing NIST 800-171/CMMC required.Role is hybrid in the greater Portland, Oregon area. Candidate must reside in Oregon or Washington. Travel may occur up to 10%.5 years of experience with a bachelor’s degree in computer science, Engineering, Information Technology, Cybersecurity or equivalent, or 10 years of related technical experience (required)3+ years of experience in Information SecurityExperience contributing to Information Security solutions, scope, and architectureSignificant experience with Information Security technologies, including vulnerability scanning tools, SIEMs, endpoint protection tools, DLP, and IDS/IPS tools
CERTIFICATES, LICENSES AND REGISTRATIONS:
In accordance with DoDD 8140.01, candidate must possess at least one active qualifying professional certification for compliance with IAT Level III at time of hire.
Vigor Values
Vigor expects all employees to enhance the atmosphere in which they work by living the Vigor Values every day.
Truth: We seek the truth, and we speak the truth
Responsibility: We act on what we know is right
Evolution: We seek mastery, and adapt to a changing world
Love: We care about the people we work with, and the world we live in
At Vigor we offer a generous benefits package that includes:
Medical
RX
Dental
Vision
Life
AD&D
LTD
STD
EAP
Discretionary bonus
Tuition Reimbursement
FSA (Medical, Childcare, Transportation)
10 paid holidays
PTO
401(k)
Vigor and its wholly owned subsidiaries provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veterans, age, disability or genetics. In addition to federal law requirements, Vigor complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, benefits, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.