FCC - SCRM/Emerging Technology Security Analyst

cFocus Software seeks a SCRM/Emerging Technology Security Analyst to join our program supporting the Federal Communications Commission (FCC). This position is remote. This position requires the ability a Public Trust clearance.Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.3–7+ years of experience in cybersecurity, risk management, or supply chain security.Experience supporting enterprise cybersecurity environments of similar scale and complexity.Knowledge of NIST frameworks (RMF, CSF), FISMA, and federal security standards.Experience with third-party risk management, vendor assessments, or SCRM programs.Familiarity with AI/ML security risks and emerging cybersecurity trendsStrong analytical and risk assessment capabilitiesKnowledge of supply chain threats and mitigation strategiesUnderstanding of AI/ML security risks and governanceExperience with security documentation and reportingExcellent communication and stakeholder coordination skillsRequired Certifications At least one relevant cybersecurity certification such as:CISSP, CISM, or Security+Certified in Risk and Information Systems Control (CRISC)Certified Supply Chain Professional (CSCP) or equivalent (preferred)Additional role-based certifications related to cloud, AI security, or risk management are desirable..Duties: Support Supply Chain Risk Management (SCRM) activities including analysis of third-party/vendor risks, documentation, and mitigation strategies.Assess risks associated with emerging technologies including AI, automation, and cloud-based services.Provide risk-informed recommendations for secure adoption of new technologies.Support development and maintenance of SCRM documentation, policies, and processes.Conduct security reviews of vendors, software, and emerging platforms.Analyze cybersecurity threats related to supply chain and emerging technologies.Collaborate with compliance, engineering, SOC/NOC, and risk teams.Support reporting activities including SCRM status reports, risk registers, and audit artifacts.Identify gaps in SCRM and emerging technology security practices and recommend improvements.Assist with governance and compliance activities aligned to NIST, FISMA, and federal cybersecurity frameworks.Powered by JazzHR