Cyber Risk Intern - Supply Chain Risk Management

Description

Overview:

The Cyber Risk Intern - Supply Chain Risk Management position at Leidos is open to current undergraduate or graduate students who have completed at least their junior year in a bachelor's degree program. The internship offers the opportunity to engage in meaningful work with Leidos' Cyber Supply Chain Risk Management (C-SCRM) team. The intern will assist with assessing cybersecurity risks posed by third-party suppliers who store, process, or otherwise handle key information assets. The role involves collaborating with staff across the organization and suppliers to ensure established procedures are met and to drive process improvements.

Key Opportunities:

• Gain practical experience in identifying and managing cyber risks posed by third-party suppliers.
• Assess and manage AI-related risks in the supply chain.
• Leverage critical thinking to identify and deliver opportunities for process improvement.
• Develop expertise in streamlining procedures and implementing automation.

• Assist with the supplier cyber risk assessment process, including evaluating risk levels, recommending risk mitigations, and tracking supplier risk remediation plans.
• Prepare comprehensive supplier risk assessment reports and work instructions.
• Contribute to supplier risk management processes and communicate risk-related information to stakeholders effectively.
• Collaborate with cross-functional teams in assessing and communicating risks.

• Currently pursuing a bachelor's or master's degree in information technology, cybersecurity, or a related field, maintaining a minimum 3.5 GPA.
• Must have completed junior year in a bachelor's degree program.
• U.S. Citizenship.
• Ability to work effectively in a remote setting while ensuring timely completion of projects and assignments.
• Self-motivated with a strong ability to independently analyze technical issues and develop effective solutions.
• Excellent written and verbal communication skills.
• Strong passion for cybersecurity, demonstrated through academic projects, coursework, or relevant certifications.
• Obtained at least one relevant cybersecurity certification such as CompTIA Security+, Certified Ethical Hacker (CEH), Cisco Certified CyberOps Associate, etc.
• Proficient in computer networking and network security, including understanding of ports, protocols, encryption, and ability to analyze network security diagrams and data flow charts.

• Additional relevant security certifications (e.g., from ISC2, ISACA, SANS, AWS, Microsoft).
• Knowledge of federal standards like NIST SP 800-53. 800-171, CMMC, NIST CSF, etc.
• Understanding of cloud deployment models (SaaS, IaaS, PaaS).
• Experience with cybersecurity tools and technologies.
• Knowledge of operating systems from a security perspective.
• Experience in incident response and threat resolution.
• Strong communication skills, capable of explaining technical concepts to varied audiences.
• Familiarity with programming languages for cybersecurity (Python, Java, PowerShell) is a plus.