Cybersecurity IV&V and Supply Chain Security (C-SCRM) Lead

Valiant Solutions is seeking a Cybersecurity IV&V and Supply Chain Security (C-SCRM) Lead to join our rapidly growing and innovative cybersecurity team!

The Cybersecurity IV&V / C-SCRM Lead will serve as the senior technical and advisory lead supporting our government client’s Independent Verification and Validation (IV&V) and Third-Party Cyber Risk Management program. This position represents a unique hybrid of compliance oversight, risk analytics, and supply chain cybersecurity assurance, supporting the client’s enterprise objective of continuously assessing and mitigating risks across systems and services operated by external providers.

The successful candidate will provide expert guidance on evaluating third-party vendors, authorization packages, and control implementations, ensuring all security and privacy requirements are properly verified and validated. This individual will lead the technical team responsible for executing reviews under the IV&V methodology and playbooks, driving risk-based decision-making, and developing process and tooling enhancements to support automation and continuous monitoring. The Lead will engage closely with senior client stakeholders, ensuring transparency, accuracy, and defensibility of all findings and recommendations that support the client’s Authorization to Operate (ATO) and Continuous Monitoring processes.

Named one of the Best Places to Work in the Washington DC area for 11 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

This position allows for 100% remote work. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. 

Required Qualifications

• U.S. Citizenship and the ability to pass a federal background investigation.
• 8+ years of progressive cybersecurity experience, including at least 5 years in governance, risk, and compliance (GRC) roles performing system or vendor security assessments under NIST SP 800-53, SP 800-171, or equivalent frameworks.
• Advanced degree in a technical/cyber-related field. Direct experience or directly relevant certifications may substitute for the academic credentials
• 3+ years of direct Cyber Supply Chain Risk Management (C-SCRM) experience, including vendor due diligence, third-party risk assessments, and continuous monitoring.
• Proven experience leading or performing Independent Verification and Validation (IV&V) activities for federal information systems or third-party services.
• Demonstrated understanding of the NIST Risk Management Framework (RMF), FedRAMP authorization processes, and Zero Trust Architecture principles.
• Proficiency with risk-monitoring and external intelligence platforms (e.g., Bitsight, SecurityScorecard, UpGuard) and GRC systems (e.g., Archer, ServiceNow GRC, OneTrust, or similar).
• Exceptional written and verbal communication skills with experience preparing assessment reports, executive summaries, and policy documentation suitable for senior-level review.
• Strong analytical and organizational skills; ability to synthesize complex technical and compliance data into clear, actionable findings.

Required Certifications (Must have at least one of the following)

• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• CISA – Certified Information Systems Auditor
• CTPRP – Certified Third-Party Risk Professional
• CTPRA – Certified Third-Party Risk Assessor

Preferred Qualifications

• Experience developing or enhancing IV&V methodologies and C-SCRM playbooks aligned to NIST SP 800-161 Rev. 1 and NIST SP 800-53A.
• Familiarity with authorization and continuous monitoring processes, including POA&M validation, Secure Baseline Configuration Guide reviews, and third-party authorization workflows.
• Experience assessing cloud and SaaS environments against FedRAMP or ISO 27001 baselines.
• Demonstrated ability to integrate data from automated risk scoring, vulnerability management, and cyber threat intelligence tools to support risk correlation and prioritization.
• Experience developing policies, SOPs, and training materials to institutionalize supply-chain risk management practices across an enterprise.
• Strong presentation skills with the ability to brief executives on risk posture, trends, and mitigation recommendations.

Responsibilities:

• Serve as the lead technical advisor for the government client’s Third-Party Cyber Risk Management (TPCRM) and IV&V efforts, overseeing the quality, completeness, and accuracy of all deliverables, including Risk Assessments, Authorization Package Reviews, and IV&V Reports.
• Oversee and enhance the IV&V Methodology and associated playbooks (Third-Party Cyber Risk, POA&M Processing, Secure Baseline Configuration Guide Reviews), ensuring alignment with evolving NIST, OMB, and Executive Order directives, as well as client cybersecurity and privacy standards.
• Conduct and supervise reviews of third-party security authorization packages to confirm compliance with NIST SP 800-53 controls, FedRAMP baselines, and agency-specific standards; map and normalize non-NIST frameworks as needed.
• Lead continuous monitoring analysis and automation initiatives using platforms such as Bitsight and the client’s Enterprise GRC tool to maintain near real-time risk visibility into external service providers.
• Analyze and correlate data from external monitoring tools, vulnerability reports, and vendor attestations to develop consolidated third-party risk profiles and actionable remediation recommendations.
• Provide expert analytical and advisory support on risk quantification, residual risk determination, and control validation for systems outside the government’s operational control.
• Collaborate with policy and governance stakeholders to develop and refine C-SCRM policies, SOPs, and quality assurance frameworks that integrate seamlessly into the broader cybersecurity governance model.
• Produce and present executive-level briefings, quarterly lessons-learned summaries, and trend analyses highlighting risk themes, control maturity, and opportunities for process improvement.
• Mentor junior assessors and analysts to ensure consistent analytical rigor and adherence to the client’s IV&V and TPCRM standards.
• Support program management functions, including review scheduling, maintaining master review schedules, and ensuring all deliverables are complete, correct, clear, concise, and compliant.

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but is not limited to)
Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees
Valiant contributes 25% towards Health Coverage for Family and Dependents
100% Paid Short-term Disability and Life Insurance Policy for Full-time Employees
100% Paid Certifications
401K Matching up to 4%
Paid Time Off
Paid Federal Holidays
Paid Time On – 40 hours to pursue innovation
Wellness & Fitness Program
Valiant University – Online Education and Training Portal
Reimbursement for Public Transit and Parking
FSA programs for: Medical Costs, Dependent Care, Transit, and Parking
Referral Bonuses

The salary range for this position is a general guideline and not a guarantee of compensation. It has been benchmarked against the scope of the role, market rates, and internal equity. The salary for this role is expected to be in the $130,000 - $145,000 range. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role includes the benefits described below. Valiant reserves the right to adjust the salary range, experience requirements, and position responsibilities at any time without prior notice. 

Remote Work Policy 

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that aligns with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and may be required during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current outside employment or other professional activities, and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistently operating a computer. Frequent communication and exchange of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

#LI-LH1