Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO)
Information Security (IS) Auditor
Security Architect
Security Automation Engineer
Secure Software Assessor
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst
Cybersecurity Operations Analyst
Vulnerability Assessment Analyst
Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder
Penetration Tester
Data Scientist (AI)
Systems Analyst
User Interface Designer
Data Scientist (Tech)
Architectural Designer
Project Manager
Legal Compliance Officer
IT Auditor
Automation Process Engineer
IT Author / Technical Writer
Clinical Researcher / Coordinator
Machine Learning Engineer
Social Media Manager
Systems Engineer
Computer Vision Engineer
IT Service Manager
Data Analyst
Product Manager
Policy Analyst
Learning and Development Specialist
Cognitive Copywriter
Front End Developer
Technical Recruiter
Business Analyst
User Experience Designer
Full Stack Developer
Data Engineer
Software Engineer
Deep Learning Engineer
Medical Coder/Programmer
Human Resources Analyst
Robotics Process Analyst
Online/Digital Learning Developer
Network and Systems Administrator
Systems Architect
Tech Sales and Customer Service
Graphic and Animation Designer
IT Program Manager
Web Developer
Business Intelligence Analyst
IT Procurement Officer
Digital Marketing / Communications

Supply Chain Security Analyst



Job Description

Other Titles Include

  • Cybersecurity analyst
  • Supply chain integrity analyst

Note: This role is most commonly found in large or medium-sized organizations.

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Has the primary responsibility to collect and analyze data to identify cyber security flaws and vulnerabilities in an organization’s supply chain operations, and to provide advice and guidance to help reduce these supply chain risks.

Duties and responsibilities

  • Collaborate with key stakeholders to establish an effective cybersecurity risk management program
  • Ensure compliance with the changing laws and applicable regulations
  • Develop and implement plans that are aligned to the organizational objectives and security requirements
  • Collect and analyze supply chain relevant information to identify and mitigate flaws and vulnerabilities, including component integrity, in an organization’s computer networks or systems
  • Analyze system hardware and software configurations
  • Recommend hardware, software, and countermeasures to install or update based on cyber threats and security vulnerabilities
  • Coordinate with colleagues to implement changes and new systems
  • Track and report on cyber threats and security vulnerabilities that impact supply chain performance
  • Define, develop, implement, and maintain cyber security plans, policies and procedures
  • Ensure compliance with cyber security policies, regulations, and procedures of the organization
  • Ensure compliance with security requirements of organization networks and systems
  • Develop and maintain risk assessments and related reports on vendors, products and services
  • Define and maintain tool sets and procedures that support supply chain integrity
  • Prepare technical reports
  • Develop, deliver, and oversee related cybersecurity training material and educational efforts related to cybersecurity and supply chain integrity

Tools and Technology

  • Strategic and business plans
  • Threat and risk assessments
  • Vulnerability management processes and vulnerability assessment tools and applications
  • Incident management processes and procedures
  • Organizational security infrastructure and reporting systems Security event and incident management systems and/or incident reporting systems and networks,
  • Cybersecurity risk management processes & policies across the supply chain
  • Third party and service level agreements and contracts


Basic application of the following KSAs:

  • Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel) 
  • Preventative technical, operational and management controls available and organizational responsibilities for those controls
  • Sector/context relevant threats, business needs and technical infrastructure
  • Project management and security requirements throughout the project life-cycle
  • Procurement processes and security requirements

Advanced application of the following KSAs:

  • Organizational security infrastructure including protective and defensive systems across the supply chain
  • Cybersecurity threat landscape and threat intelligence sources for supply chain threats.
  • Legal and compliance requirements as they extend to organizational third-party arrangements
  • Vulnerability analysis and tools
  • Advanced security information and data security analysis and techniques;
  • Functional and technical design of networks and system, and cyber security solutions;
  • Risk management processes, responsibilities and authorities within the organization and across the supply chain;
  • Third party risk management and liability
  • System life cycle management principles, including software security and usability;
  • Current national supply chain processes

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate


Education. Post-secondary education in a cyber or IT related field (e.g.; Computer engineering, Computer Science, Information Technology, Business Technology Management – Digital Security or equivalent training and experience)

In addition to formal training in cybersecurity analysis, specialized training and skills in vulnerability analysis and supply chain threats required.


To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate


Individuals employed in this role can have diverse levels of cyber security expertise. Requested experience will depend on the organizational need and complexity of systems to be analyzed.

Typically drawn from cybersecurity analysis roles (e.g. Cybersecurity operations analyst, vulnerability analyst, etc.) this role can nonetheless be assumed by a broad cross-section of professionals who can assess and provide insights on the potential supply chain threats. This includes those who may specialize in human factors aspects of supply chain (e.g. close access, insider threat).

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.