Senior Supply Chain Risk Analyst

We are looking for a Senior Supply Chain Risk Analyst. As a Senior Supply Chain Risk Analyst, you’ll be part of a cross-functional team whose mission is to lead IonQ on its journey to build the world’s best quantum computers to solve the world’s most complex problems. 

In this role, you will be responsible for identifying, assessing, and mitigating risks posed across the organization’s supply chain. You will be the frontline defender, proactively identifying and conquering risks across our third-party ecosystem. This isn't just compliance—it's about safeguarding the future of our innovation. You will play a critical role in protecting our organization from supply chain-related threats by evaluating third parties’ security posture, identifying control gaps, and ensuring compliance with regulatory and industry standards. Bring your powerful background in cybersecurity, supply chain mastery, and international compliance frameworks to make a monumental impact.

Responsibilities: 

• Risk Assessment: Conduct comprehensive security risk assessments of new and existing third party third parties, including SaaS providers, cloud services, hardware s, and critical business partners.
• Due Diligence: Issue and evaluate security questionnaires, review external audit reports (e.g., SOC 2 Type 2, ISO 27001), and perform technical and physical security reviews (remote or on-site) for software, hardware, and services providers.
• AI Data Protection: Evaluate and ensure third parties adhere to organizational policies and best practices for the protective use and governance of data in AI systems and software, minimizing risk exposure.
• Supply Chain Risk Expertise: Maintain expertise in and actively address known supply chain risk types, including FOCI (Foreign Ownership, Control, or Influence), data theft & exposure, software and hardware backdoors/intrusion, counterfeit products, forced labor, geopolitical/trade disruptions, malware infection vectors and environmental.
• Risk Mitigation: Partner with supply chain, legal, procurement, and business teams to identify third party risks and recommend appropriate risk treatment and remediation action plans.
•  Vetting: Assist in refining and maintaining a program to manage global supply chain risks, ensuring the integrity and security of hardware, software, and services from our third parties.
• Compliance Monitoring: Monitor third party relationships to ensure ongoing compliance with company policies, regulatory requirements (e.g., NIST, CMMC Level 2, GDPR, EAR, ITAR, UFLPA), and international government supply chain security programs such as CTPAT, AEO, and others.
• Incident Response: Serve as the first point of contact for third party security incidents, assisting with investigations and managing the response to minimize impact on the organization.
• Risk Metrics & AI Modeling: Develop, build, and continuously improve the supply chain security and TPRM function by streamlining and automating processes, maintaining a third party inventory, developing key performance and risk metrics, and supporting AI modeling initiatives for predictive risk analysis.
• Collaboration: Partner with internal stakeholders to raise awareness about third party integration risks and communicate the results of risk assessments to ensure appropriate implementation of controls.

You’d be a good fit with: 

• Bachelor'