Cyber Supply Chain Analyst | Brisbane

Cyber Supply Chain Analyst

Posted on 21-Apr-2026

Application Close Date: 05-May-2026

Location:	Brisbane
Category:	Business Support
Position Type:	Permanent
Job Reference:	BOE/1919310
Attachments:	No File Attached
Share This:

Boeing Defence Australia is shaping the future of aerospace and delivering some of the nation's most important programs for the Australian Defence Force.

Joining us is a chance to make your mark, working with a diverse team that is united in pushing the boundaries of imagination and excellence.

We currently employ more than 3,000 people across 14 sites in Australia and three international locations and have a range of opportunities available as we plan for future growth.

The opportunity

Boeing Defence Australia is recruiting a Cyber Supply Chain Risk Analyst to manage our third‑party supply chain risk function. In this role you will mature the C‑SCRM program across advanced aerospace, autonomous systems and sustainment portfolios to meet Australian Government and Defence security frameworks. You will develop methodologies to identify critical suppliers and supply chain dependencies, perform Foreign Ownership control and Influence and Software Bill of Materials based risk assessments, and translate technical findings into actionable remediation and contractual controls.

Working closely with Procurement, Legal, Engineering and program leadership, you will mature vendor monitoring and incident response processes, deliver governance reporting and metrics for Senior Leadership, and lead training to elevate organisational supply chain security. The ideal candidate is an Australian citizen eligible for NV1 clearance with at least five years' experience in cyber risk and supply chain security, demonstrable application of PSPF/DSPF/ISM, cloud security awareness, and a track record of managing high‑value sovereign vendors.

Responsibilities:

Work with all levels of the business to enhance cyber-related vendor management processes
Mature methodologies for identifying critical suppliers, manufacturers and distributors and for identifying and mitigating cyber supply chain risks including risk emerging from Foreign Ownership Control and Influence (FOCI)
Incorporate critical regulatory controls into processes including PSPF, DSPF and ISM.
Report to various councils and governance committees, including against a set of defined metrics,
Recommend enhanced processes for handling vendor cybersecurity incident monitoring and response
Contribute to training in cyber supply chain risk reduction.

Experience/Qualifications

An Australian Citizen with the ability to hold and maintain NV1 security clearance.
Minimum of 5 years of experience in information security, with a focus on Cyber Risk and Supply Chain
A bachelor's degree in cyber security, Information Technology, Risk Management, or equivalent industry experience.
Demonstrated experience applying the Protective Security Policy Framework (PSPF), Defence Security Principles Framework (DSPF) and the Australian Government Information Security Manual (ISM).
Proven ability to conduct technical and non-technical risk assessments, including Foreign Ownership, Control, or Influence (FOCI) and Software Bill of Materials (SBOM) analysis.
Familiarity with cloud security principles and technologies and how they impact supply chain integrity in a hybrid environment.
Experience managing and auditing high-value external vendors to ensure they meet rigorous sovereign security obligations.
Demonstrated ability to partner with Procurement, Legal, and Engineering teams to embed security requirements into commercial contracts and statements of work.
Strong communication skills, both verbal and written, with the ability to convey complex security concepts to non-technical stakeholders.

Culture

We are committed to building a diverse and inclusive workplace. Female applicants, people of Aboriginal or Torres Strait Island descent and ex-defence personnel are encouraged to apply.

Benefits