Lead Security Cyber Engineer - Supply Chain / Vendor Audit

Location: Austin, TX, United States
Date Posted: 08-23-2018
Our client is currently experiencing incredible growth in order to meet the security needs of the one of the world’s largest technology companies. With team members located in over 15 countries, you will have an excellent opportunity to influence the security culture across the globe. 
The Supply Chain Security Cyber Lead will join will have the responsibility for leading cybersecurity across the entire supply chain, and to deliver strategic supply chain security programs across many business units. 
Key activities:
  • Perform as a supply chain security subject matter expert and generalist across all security and supply chain related functions
  • Drive strategic programs using superior organization and project management skills in a highly matrixed environment
  • Build strong relationship with Supply Chain and SRO leaders, with outstanding executive level communication skill and ability to package and market supply chain security concepts to non-technical stakeholders
  • Develop unified enterprise governance, framework, process and solutions that ensure all physical security and cybersecurity controls are effective and functioning as intended
  • Identify, prioritize, and lead SRO activities in alignment with supply chain risks and priorities
  • Collaborate with supply chain stakeholders to Identify key areas of security improvement
  • Understand supply chain operations including key objectives, macro strategy, and risk tolerance
Key characteristics:
  • Pragmatic, rational partner to Supply Chain Business and SRO Leadership
  • Delivers quality service to the supply chain business and strives for customer satisfaction
  • Balances appropriate security, supply chain business goals, and enterprise priorities to achieve collaborative outcomes

Key Responsibilities
  • Develop process and controls to audit 3rd party vendors/suppliers on IT security compliance such as external threats, network hardening, manufacturing quality checks, etc.
  • Develop process and technology solutions to ensure and verify BIO/firmware/software integrity through the entire supply chain
  • Develop process, solutions and controls to enable physical security compliance, such as capturing data points in
    • manufacturing
    • distribution and retail
    • GPS data, etc.
  • Consolidate all data, solutions, processes, and controls into a unified view that provides true end-to-end security assessment for entire supply chain
Business Focused Supply Chain Security Consulting and Program Management
  • Lead large, complex cross organizational supply chain security initiatives and must possess the ability to influence stakeholders and drive such effort to successful conclusion with little to no oversight or guidance
  • Provide consultative supply chain security governance, risk, and compliance advisory services based on business need focusing on adding value
  • Investigate complex, and sometimes historic practices/solutions to determine gaps and needed improvements and facilitate migration to a preferred state with a high degree of independence, often in high stress conditions and with Sr. Executives directly
  • Maintain awareness of shifts in supply chain operation structure and strategy and possess the ability to recognize the impacts potentially has to the SRO organization position
  • Work with Sr. Management and Executives as required to facilitate resolution to challenging supply chain business security problems/objectives
  • Escalation point for resolving conflicts between competing priorities among different business and SRO units and stakeholders
  • Manage key customer relationships and initiatives as point of contact for the SRO organization for supply chain security
  • Work with IT and supply chain partners to ensure collaborative IT/information security control design and implementation
  • Take macro view and present executive level dashboards and summaries that articulate supply chain security in a business context
Deliverables and Presentations
  • Produce tactical deliverables and achieve key project deadlines
  • Develop and present status updates to Supply Chain Security team, SRO leadership and Supply Chain Business leadership
  • Drive documentation and management of supply chain security issues and exceptions
  • Develop and deliver presentations tailored to different audiences to communicate the value of strong supply chain security practices embedded within IT and supply chain functions
  • Develop and document risk and position papers and presentation for consumption by executive leadership
  • Create, update, and deliver dashboards to business and SRO leadership summarizing the security posture of the supply chain
  • Review supply chain security findings, analyze the risks assign finding ownership and obtain agreement from finding owner on a remediation plan
  • Collaborate cross functionally with GRC and risk organizations to manage supply chain security risk
  • Consult with supply chain teams and provide Industry expert level guidance and leadership on:
    • Secure Development and Application Security
    • Access Control and User Access Review
    • Security Testing and Vulnerability Management
    • Infrastructure Architecture and Design Requirements
    • Dell Policies and Standards
    • Procedural guidance to facilitate project execution
    • Risk associated with initiatives and policy deviation requests
    • Vendor and Internal Customer Management Practices
    • Compliance implications of design decisions in application and infrastructure design

Essential Requirements
  • Bachelor’s degree in Information Technology, supply chain management, or related field
  • Information Security or IT Controls Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
  • Experience in cyber security, supply chain operation, information systems, risk management, IT Compliance, IT Audit,
  • Thorough understanding of supply chain security best practices and the ability to effectively apply those practices
  • Proven record of balancing supply chain need and benefit vs. security risk; Direct experience owning a customer or business relationship on behalf of an organization a major plus
  • Experience with applying IT governance frameworks into supply chain process including ISO 27002, COBIT, and O-TTPS
  • Experience with various compliance, privacy, and regulatory standards including Sarbanes-Oxley, SSAE 16, PCI-DSS, ISO 27001/2, HIPAA, GLBA, NIST800-53, and state privacy laws
  • Possess knowledge across various information security technologies/areas in a large enterprise including firewalls, intrusion detection, encryption, Linux O/S, Windows O/S, databases, antivirus, patch management, vulnerability scanning, backup, logging and monitoring, remote access, application development, network security, application security, and change management
  • Basic understanding of secure coding practices and standard code defect issues such as un-validated input, SQL injection, X-Site Scripting, hard coded credentials, etc. and their implications to system security state
  • 40% to 50% travel
Desirable Requirements
  • Experience working in a fast paced environment with competing and shifting priorities
  • Excellent communication, presentation skills, and writing skills with experience in creating and reviewing technical documentation
  • Outgoing personality with strong interpersonal skills
  • Modest ego with rational viewpoints for facilitating business decisions
  • Must work well with others as part of larger team and be able to collaborate on cross functional teams
  • Sense of urgency with attention to accuracy
  • Ability to multi-task and prioritize
  • Strong problem-solving skills
  • Takes initiative without continuous oversight
  • US Citizen
  • 8-10 years experience
 
this job portal is powered by CATS