Senior Supply Chain Risk Analyst

Описание вакансии

About IonQ:

IonQ, Inc. [NYSE: IONQ] is the world’s leading quantum company delivering solutions to solve the world’s most complex problems. IonQ’s newest generation quantum computers, IonQ Tempo and IonQ Forte Enterprise, are the latest in cutting-edge systems that have been helping customers and partners such as Amazon Web Services, AstraZeneca, and NVIDIA achieve 20x performance results. The company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance in 2025.

The company is accelerating its technology roadmap and intends to deliver the world’s most powerful quantum computers with 2 million qubits by 2030 to accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. IonQ’s advancements in quantum networking position the company as a leader in building the quantum internet.

We are looking for a Senior Supply Chain Risk Analyst. As a Senior Supply Chain Risk Analyst, you’ll be part of a cross-functional team whose mission is to lead IonQ on its journey to build the world’s best quantum computers to solve the world’s most complex problems.

In this role, you will be responsible for identifying, assessing, and mitigating risks posed across the organization’s supply chain. You will be the frontline defender, proactively identifying and conquering risks across our third-party ecosystem. This isn't just compliance—it's about safeguarding the future of our innovation. You will play a critical role in protecting our organization from supply chain-related threats by evaluating third parties’ security posture, identifying control gaps, and ensuring compliance with regulatory and industry standards. Bring your powerful background in cybersecurity, supply chain mastery, and international compliance frameworks to make a monumental impact.

Responsibilities:

• Risk Assessment: Conduct comprehensive security risk assessments of new and existing third party third parties, including SaaS providers, cloud services, hardware s, and critical business partners.
• Due Diligence: Issue and evaluate security questionnaires, review external audit reports (e.g., SOC 2 Type 2, ISO 27001), and perform technical and physical security reviews (remote or on-site) for software, hardware, and services providers.
• AI Data Protection: Evaluate and ensure third parties adhere to organizational policies and best practices for the protective use and governance of data in AI systems and software, minimizing risk exposure.
• Supply Chain Risk Expertise: Maintain expertise in and actively address known supply chain risk types, including FOCI (Foreign Ownership, Control, or Influence), data theft & exposure, software and hardware backdoors/intrusion, counterfeit products, forced labor, geopolitical/trade disruptions, malware infection vectors and environmental.
• Risk Mitigation: Partner with supply chain, legal, procurement, and business teams to identify third party risks and recommend appropriate risk treatment and remediation action plans.
• Vetting: Assist in refining and maintaining a program to manage global supply chain risks, ensuring the integrity and security of hardware, software, and services from our third parties.
• Compliance Monitoring: Monitor third party relationships to ensure ongoing compliance with company policies, regulatory requirements (e.g., NIST, CMMC Level 2, GDPR, EAR, ITAR, UFLPA), and international government supply chain security programs such as CTPAT, AEO, and others.
• Incident Response: Serve as the first point of contact for third party security incidents, assisting with investigations and managing the response to minimize impact on the organization.
• Risk Metrics & AI Modeling: Develop, build, and continuously improve the supply chain security and TPRM function by streamlining and automating processes, maintaining a third party inventory, developing key performance and risk metrics, and supporting AI modeling initiatives for predictive risk analysis.
• Collaboration: Partner with internal stakeholders to raise awareness about third party integration risks and communicate the results of risk assessments to ensure appropriate implementation of controls.

You’d be a good fit with:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, Supply Chain Management, Criminal Justice, Business  or a related field.
• 6+ years of experience in a third party/supply chain risk management, supply chain security, cyber security, physical security, product security and/or information security role.
• Strong understanding of information security principles and controls, including data protection, access management, and application security.
• Proven experience conducting security reviews for software, hardware, and services providers in the third party supply chain.
• Experience in quantitative analysis, including metrics development, data visualization, and supporting AI/ML model development.
• Experience with understanding and addressing known supply chain risk types (e.g., FOCI, data theft & exposure, software and hardware backdoors/intrusion, counterfeit product, forced labor, geopolitical/trade disruptions, malware).
• Familiarity with key security frameworks and standards such as ISO 27001, NIST 800-53, NIST 800-171, SOC 2 Type 2, FedRamp.
• Exceptional verbal and written communication skills, with the ability to clearly articulate complex security concepts to diverse audiences.
• Excellent investigative skills.
• Strong analytical, problem solving, attention to detail and organizational skills.

You’d be a great fit with:

• Relevant security certifications (e.g., CISA, CISSP, CPP, PSP, PSC) are a plus.
• Direct experience with international government supply chain security programs such as CTPAT (Customs Trade Partnership Against Terrorism), AEO (Authorized Economic Operator), or similar initiatives.
• Familiarity with key security frameworks and standards such as CMMC Level 2.
• Direct work experience with trade compliance, business continuity planning and/or forced labor programs.
• Skilled in prompt engineering and leveraging Generative AI models for efficient and work improvement.
• Knowledge of supply chain operations, logistics, and third party management best practices.
• Experience with conducting architectural reviews, penetration tests, and hardware security analyses.
• Specific knowledge of data security requirements and governance models for AI/ML development and deployment.
• A proactive mindset and a passion for integrating new technologies into security based solutions.

Location: This position can work onsite or hybrid from one of our offices (College Park, MD, Bothell, WA) or fully remote in the US.

Travel: Up to 15-25%

Job ID: 1423

The approximate base salary range for this position is $110,336 - $144,459. The total compensation package includes base, bonus, and equity.

Compensation will vary based on individual factors such as education, qualifications, and experience of the final candidate(s), specific office location, and calibration against relevant market data and internal team equity.  Posted base salary figures are subject to change as new market data becomes available. Our benefits include comprehensive medical, dental, and vision plans, matching 401K, unlimited PTO and paid holidays, parental/adoption leave, legal insurance, and a home technology stipend.  Details of participation in these benefit plans will be provided when a candidate receives an offer of employment.

IonQ's HQ is located in College Park, Maryland, just outside of Washington DC. We are actively building out our recently opened manufacturing and production facility in Bothell, WA (near Seattle). Depending on the position, you may be required to be near one of our offices in College Park, Seattle, Toronto, Canada, and Basel, Switzerland. However, IonQ will expand into additional domestic and international geographies, so don’t let this stop you from applying!

At IonQ, we believe in fair treatment, access, opportunity, and advancement for all while striving to identify and eliminate barriers. We empower employees to thrive by fostering a culture of autonomy, productivity, and respect. We are dedicated to creating an environment where individuals can feel welcomed, respected, supported, and valued.

We are committed to equity and justice. We welcome different voices and viewpoints and do not discriminate on the basis of race, religion, ancestry, physical and/or mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, transgender status, age, sexual orientation, military or veteran status, or any other basis protected by law. We are proud to be an Equal Employment Opportunity employer.

US Technical Jobs.The position you are applying for will require access to technology that is subject to U.S. export control and government contract restrictions.  Employment with IonQ is contingent on either verifying “U.S. Person” (e.g., U.S. citizen, U.S. national, U.S. permanent resident, or lawfully admitted into the U.S. as a refugee or granted asylum) status for export controls and government contracts work, obtaining any necessary license, and/or confirming the availability of a license exception under U.S. export controls.  Please note that in the absence of confirming you are a U.S. Person for export control and government contracts work purposes, IonQ may choose not to apply for a license or decline to use a license exception (if available) for you to access export-controlled technology that may require authorization, and similarly, you may not qualify for government contracts work that requires U.S. Persons, and IonQ may decline to proceed with your application on those bases alone.  Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.

US Non-Technical Jobs.Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.

If you are interested in being a part of our team and mission, we encourage you to apply!