Cybersecurity Supply Chain Risk Management (C-SCRM) Analyst
Location: Portland, OR (Hybrid)
LHH is partnering with a leading industrial business in Portland, Oregon, to find an exceptional Cybersecurity Supply Chain Risk Management (C-SCRM) Analyst . Our client operates across multiple locations, providing vital support for infrastructure, defense, and energy projects. They are committed to building a values-driven culture that prioritizes sustainability, employee well-being, and community engagement.
As a C-SCRM Analyst , you’ll be a key member of the Information Security team, helping ensure the security and compliance of the supply chain. This is a fantastic opportunity for a cybersecurity professional with experience in supply chain risk management and expertise in NIST 800-171 and CMMC compliance .
Key Responsibilities:
- Engage with suppliers to educate them on new cybersecurity requirements and ensure they meet federal contract compliance standards.
- Coordinate the review of vendor cybersecurity questionnaire responses and conduct interviews to assess compliance with NIST SP 800-171 / CMMC requirements.
- Develop and manage the Supply Chain Risk Management Plan, overseeing supplier compliance and implementing corrective actions as needed.
Top Responsibilities:
- Supplier Engagement & Education (40%): Communicate with suppliers, educating them on cybersecurity requirements and ensuring they are compliant with regulations.
- Vetting & Monitoring Compliance (40%): Perform recurring supplier vetting to ensure ongoing compliance with federal contracts and NIST 800-171 standards.
- Program Development & Management (20%): Build and maintain a program to support suppliers in achieving compliance and managing cybersecurity risks.
About the Role:
This is a hybrid role, based in the Portland, OR area, with occasional travel (up to 10%) to various locations. You will work closely with cross-functional teams, providing expert guidance on cybersecurity compliance and managing risk across the supply chain. You’ll be instrumental in implementing technical solutions to protect the company’s operations and ensuring vendors remain compliant with national cybersecurity standards.
Qualifications:
- 5+ years of experience with a Bachelor’s degree in Computer Science, Engineering, IT, Cybersecurity, or a related field, or 10+ years of related technical experience.
- 3+ years of experience in Information Security , contributing to security solutions, scope, and architecture.
- Experience with NIST SP 800-171/CMMC and conducting technical security assessments of large, complex systems.
- Familiarity with cybersecurity technologies, including vulnerability scanning tools, SIEMs, endpoint protection tools, DLP, and IDS/IPS tools .
- U.S. Citizenship required .
- Active IAT Level III certification (DoDD 8140.01) and CISSP
Core Competencies:
- In-depth understanding of NIST SP 800-171/CMMC compliance standards.
- Ability to identify and mitigate cybersecurity risks, providing expert guidance to vendors.
- Excellent communication and interpersonal skills to collaborate with suppliers, internal teams, and leadership.
- Strong project management skills to oversee program development and supplier compliance.
Why Work for Our Client?
Our client offers a flexible schedule and a strong, collaborative team environment. They are committed to being a regenerative force for good , and you will have the chance to be part of an organization that values sustainability, innovation, and positive impacts on the community and environment.
Benefits: Benefit offerings include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and 401K plan. Our program provides employees the flexibility to choose the type of coverage that meets their individual needs. Available paid leave may include Paid Sick Leave, where required by law; any other paid leave required by Federal, State, or local law; and Holiday pay upon meeting eligibility criteria.
Applicants must be authorized to work for any employer in the U.S. and sit stateside. Our client is unable to sponsor or take over sponsorship of an employment Visa at this time.
**Please no C2C applicants*
To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit
How to Apply:
If you're passionate about cybersecurity and have experience working with NIST 800-171 and CMMC compliance , we encourage you to apply today. This is an opportunity to be part of an organization that values truth, responsibility, and continuous improvement.