Senior Supply Chain Risk Analyst

We are looking for a Senior Supply Chain Risk Analyst. As a Senior Supply Chain Risk Analyst, you’ll be part of a cross-functional team whose mission is to lead IonQ on its journey to build the world’s best quantum computers to solve the world’s most complex problems.

In this role, you will be responsible for identifying, assessing, and mitigating risks posed across the organization’s supply chain. You will be the frontline defender, proactively identifying and conquering risks across our third-party ecosystem. This isn't just compliance—it's about safeguarding the future of our innovation. You will play a critical role in protecting our organization from supply chain-related threats by evaluating third parties’ security posture, identifying control gaps, and ensuring compliance with regulatory and industry standards. Bring your powerful background in cybersecurity, supply chain mastery, and international compliance frameworks to make a monumental impact.

Responsibilities:

• Risk Assessment: Conduct comprehensive security risk assessments of new and existing third party third parties, including SaaS providers, cloud services, hardware s, and critical business partners.
• Due Diligence: Issue and evaluate security questionnaires, review external audit reports (e.g., SOC 2 Type 2, ISO 27001), and perform technical and physical security reviews (remote or on-site) for software, hardware, and services providers.
• AI Data Protection: Evaluate and ensure third parties adhere to organizational policies and best practices for the protective use and governance of data in AI systems and software, minimizing risk exposure.
• Supply Chain Risk Expertise: Maintain expertise in and actively address known supply chain risk types, including FOCI (Foreign Ownership, Control, or Influence), data theft & exposure, software and hardware backdoors/intrusion, counterfeit products, forced labor, geopolitical/trade disruptions, malware infection vectors and environmental.
• Risk Mitigation: Partner with supply chain, legal, procurement, and business teams to identify third party risks and recommend appropriate risk treatment and remediation action plans.
• Vetting: Assist in refining and maintaining a program to manage global supply chain risks, ensuring the integrity and security of hardware, software, and services from our third parties.
• Compliance Monitoring: Monitor third party relationships to ensure ongoing compliance with company policies, regulatory requirements (e.g., NIST, CMMC Level 2, GDPR, EAR, ITAR, UFLPA), and international government supply chain security programs such as CTPAT, AEO, and others.
• Incident Response: Serve as the first point of contact for third party security incidents, assisting with investigations and managing the response to minimize impact on the organization.
• Risk Metrics & AI Modeling: Develop, build, and continuously improve the supply chain security and TPRM function by streamlining and automating processes, maintaining a third party inventory, developing key performance and risk metrics, and supporting AI modeling initiatives for predictive risk analysis.
• Collaboration: Partner with internal stakeholders to raise awareness about third party integration risks and communicate the results of risk assessments to ensure appropriate implementation of controls.

You’d be a good fit with:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, Supply Chain Management, Criminal Justice, Business or a related field.
• 4+ years of experience in a third party/supply chain risk management, supply chain security, cyber security, physical security, product security and/or information security role.
• Strong understanding of information security principles and controls, including data protection, access management, and application security.
• Proven experience conducting security reviews for software, hardware, and services providers in the third party supply chain.
• Experience in quantitative analysis, including metrics development, data visualization, and supporting AI/ML model development.
• Experience with understanding and addressing known supply chain risk types (e.g., FOCI, data theft & exposure, software and hardware backdoors/intrusion, counterfeit product, forced labor, geopolitical/trade disruptions, malware).
• Familiarity with key security frameworks and standards such as ISO 27001, NIST 800-53, NIST 800-171, SOC 2 Type 2, FedRamp.
• Exceptional verbal and written communication skills, with the ability to clearly articulate complex security concepts to diverse audiences.
• Excellent investigative skills.
• Strong analytical, problem solving, attention to detail and organizational skills.

You’d be a great fit with:

• Relevant security certifications (e.g., CISA, CISSP, CPP, PSP, PSC) are a plus.
• Direct experience with international government supply chain security programs such as CTPAT (Customs Trade Partnership Against Terrorism), AEO (Authorized Economic Operator), or similar initiatives.
• Familiarity with key security frameworks and standards such as CMMC Level 2.
• Direct work experience with trade compliance, business continuity planning and/or forced labor programs.
• Skilled in prompt engineering and leveraging Generative AI models for efficient and work improvement.
• Knowledge of supply chain operations, logistics, and third party management best practices.
• Experience with conducting architectural reviews, penetration tests, and hardware security analyses.
• Specific knowledge of data security requirements and governance models for AI/ML development and deployment.
• A proactive mindset and a passion for integrating new technologies into security based solutions.

Location: This position can work onsite or hybrid from one of our offices (College Park, MD, Bothell, WA) or fully remote in the US.
Travel: Up to 15-25%
Job ID: 1423

The approximate base salary range for this position is $110,336 - $144,459. The total compensation package includes base, bonus, and equity.