CRG is seeking a Senior Program Manager to lead Cybersecurity Supply Chain Risk Management (C-SCRM) Program, ensuring that risks associated with third-party information and communications technology (ICT) and operational technology (OT) suppliers are identified, assessed, and mitigated. This role requires strategic vision, expertise in cybersecurity and supply chain risk, and the ability to coordinate across multiple stakeholders including internal and external federal government partners, industry, and other federal agencies and interagency organizations.

• Work in close collaboration with the Department's C-SCRM Director under the auspices of the Office of the Enterprise Chief Information Security Officer (E-CISO).
• Establish/manage program goals, performance metrics, and reporting mechanisms to measure Program effectiveness in support of the State Department's C-SCRM Strategic Plan and Roadmap and in alignment with federal mandates/directives (eg, NIST SP 800-161, EO 14028).
• Provide executive-level briefings and recommendations to senior leadership.
• Identify, assess, prioritize, and mitigate C-SCRM Program risks to ensure the Program's overall success and progress.
• Collaborate with State Department bureaus, offices, and posts, other federal agencies, and external partner organizations to grow and strengthen the Department's C-SCRM Program.
• Represent and serve as a program leader in interagency cross-departmental and/or working groups efforts.
• Manage cross-functional teams, budgets, and schedules to deliver on-time, high-quality products and services in support of the Program's goals and objectives.
• Drive the adoption of best practices in project management, risk management, acquisition management, and supply chain risk management assessments.
• Develop project scopes and objectives, involving all relevant stakeholders and ensuring technical feasibility.
• Experience communicating clearly and effectively in both writing and verbally to audiences with differing levels of technical understanding.
• Excellent client-facing and internal communication skills
• Outstanding organizational skills including attention to detail, providing quality control, and multi-tasking skills.

On-site/Hybrid. Main office located in Washington, DC

• Active Secret Clearance required.
• Bachelor's Degree in Information Technology, Computer Science, or related field (Master's is preferred).
• Project Management Institute (PMI) Project Management Professional (PMP) Certification is preferred.
• 10+ years in program/project management. Some cybersecurity or supply chain risk management experience preferred.
• Experience leading strategic planning and process improvement initiatives.
• Technical experience with cloud platforms and cloud-based IT solutions and technologies.
• Excellent leadership, communication, customer services, and organizational skills.
• Technical certification related to business transformation technology is preferred (ie, Microsoft Power Platform).
• 5+ years of experience specifically leading projects for the (DOS) is preferred.
• Strong understanding of federal acquisition regulations, contract management, including acquisitions processes.
• Demonstrated self-starter with a high level of energy, proven record as a team player, outstanding communicator with demonstrated political savvy, unquestionable integrity, credibility, and character, strong leadership, team-building, critical thinking, and problem-solving skills.

Ongoing events continue to affect the global industrial base and compromise to federal networks have increased the urgency of C-SCRM in building and maintaining trust and assurance in the products, services and suppliers of information communications technology (ICT) and operational technology (OT) for the Department of State.

Cyber supply chain risks, associated with an organization's decreased visibility into and understanding of how information, communications, and ICT/OT are acquired, developed, integrated, and deployed; and how the services acquired are delivered. C-SCRM risks are also associated with processes, procedures and practices used to ensure the security, quality, integrity (authenticity) and resiliency of product, service or source of products and services.

C-SCRM risks may include, but are not limited to, the insertion of counterfeits, unauthorized production, malicious insider threats, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices in the cyber supply chain.

C-SCRM risks pose the potential for loss in confidentiality, integrity, or availability of information or information systems and reflect the potential for adverse impact on the Department and its mission.

Full-time employees are eligible for 401(k) and Roth retirement plans, Medical, Dental, and Vision Insurance (for employees and families), Supplemental Insurance, 11 Federal Holidays, and at least three weeks of Paid Time Off (PTO), including sick and personal leave.

CRG is an equal opportunity employer. We make employment decisions based on merit, qualifications, and business need. All qualified applicants receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other state or federally protected category.