Supply Chain Risk Management Analyst
Pueo Business Solutions · US
OVERVIEW: The SCRM Analyst, is responsible for assessing supply chain threats and vulnerabilities across hardware, software, services, and vendors, and for d...
Job description
OVERVIEW: The SCRM Analyst, is responsible for assessing supply chain threats and vulnerabilities across hardware, software, services, and vendors, and for driving technical and process controls that reduce risk. This role partners with security, procurement, engineering, and legal teams to ensure suppliers and components meet security, reliability, and compliance requirements throughout the lifecycle. GENERAL DUTIES: - Perform technical supply chain risk assessments on vendors, products, software, and services, including dependency and provenance analysis. - Analyze open source, threat intelligence, and internal data to identify and track supplier related cyber, geopolitical, and operational risks. - Evaluate hardware and software for potential vulnerabilities, malicious code, or untrusted components in coordination with security engineering and IT. - Maintain and refine SCRM risk models, scorecards, and watchlists to prioritize suppliers and technologies for deeper review and continuous monitoring. - Recommend technical and contractual mitigations (e.g., approved parts lists, alternative sources, additional testing, segmentation) and track implementation status. - Develop a...