Lead Cyber-Supply Chain Risk Management Specialist

Lead Cyber-Supply Chain Risk Management Specialist

Company:

The Boeing Company

The Boeing Company is seeking a Senior Cyber-Supply Chain Risk Management Specialist (C-SCRM) professional to join our team in Arlington, VA; Berkeley, MO; Mesa, AZ; North Charleston, SC; Ridley Park, PA or Seattle, WA.

The Third Party Risk and Resilience team candidate will be a subject-matter expert in cyber supply chain risk management and emerging frameworks.

They will maintain and evolve the enterprise C-SCRM control framework, lead control implementation and evidence collection for audits and assessments, and create program governance artifacts that align our supply chain cyber risk posture to corporate risk strategy, regulatory requirements, and industry best practices.

Position Responsibilities:

• Maintain and evolve the enterprise C-SCRM control framework and requirements to ensure alignment with corporate risk strategy, regulatory requirements, and industry best practices (including emerging frameworks)

• Lead control implementation verification and evidence collection for internal and external audits, assessments, and certification efforts (customer Request For Information (RFIs), supplier attestations, and third-party assessments)

• Develop and maintain critical program governance documentation to operationalize the C-SCRM lifecycle across internal and external requirements

• Coordinate with procurement, legal, engineering, compliance, security, and supply chain teams to operationalize C-SCRM controls across the supplier lifecycle

• Support mapping and traceability of policies/controls to the organization’s control frameworks and to external standards and assessment frameworks

• Prepare and present evidence packages and narratives for audit, certification, and customer-facing activities; own remediation tracking and closure

• Participate in supplier risk assessments, continuous monitoring activities, and incident/issue management across the supplier ecosystem

• Drive integration of C-SCRM controls into Governance, Risk, and Compliance (GRC) processes and platforms—especially issue management and remediation workflows

• Provide subject-matter guidance on secure software supply chain practices (e.g., Software Bill of Materials (SBOMs) and build/release controls) and supplier software assurance expectations

Basic Qualifications (Required Skills/Experience):

• 5+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery

• 3+ years of experience with cybersecurity and regulatory frameworks including NIST 800-53, NIST 800-171, CMMC, ISO, GDPR, ITAR or similar frameworks

• 3+ years of experience with developing and managing governance and/or leading process improvement

• 3+ years of experience supporting internal and external audits, customer RFIs, certifications, and assessment programs; proven ability to prepare evidence packages and present to auditors/customers

• 1+ years of experience with Governance, Risk and Compliance (GRC), Information Technology (IT) Audit, Information Security, Vulnerability Management, and Compliance

Preferred Qualifications (Desired Skills/Experience):

• Experience with managing multiple concurrent activities and drive cross-functional coordination to closure

• Experience with emerging standards relevant to aerospace/airworthiness and supply chain (e.g., EASA Part IS) and the ability to interpret applicability to C-SCRM programs

• Experience with written and verbal communication skills; ability to translate technical control evidence into clear audit narratives and stakeholder briefings

• Experience with vendor/supplier risk management processes and tools; familiarity with continuous monitoring and threat intelligence feeds as applied to supply chain risk

• Experience with aerospace, defense, or other highly regulated industries

• Experience with automated evidence collection tools, GRC platforms, or supply chain risk monitoring tools

• Experience with securing software supply chain practices

• Experience with supplier security contract language and operationalizing contractual obligations into workstreams

• Certifications such as CISSP, CISM, CISA, or equivalent

Conflict of Interest:

Successful candidates for this job must satisfy the Company’s Conflict of Interest (COI) assessment process.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria are met as outlined in our policies. 

Pay & Benefits:

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.  

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations.

Summary pay range: $130,900 – $189,750

Language Requirements:

Not Applicable

Education:

Not Applicable

Relocation:

Relocation assistance is not a negotiable benefit for this position.

Export Control Requirement:

This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Safety Sensitive:

This is not a Safety Sensitive Position.

Security Clearance:

This position does not require a Security Clearance.

Visa Sponsorship:

Employer will not sponsor applicants for employment visa status.

Contingent Upon Award Program

This position is not contingent upon program award

Shift:

Shift 1 (United States of America)

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning