Principal - Secure Procurement Leader

GE VernovaGE Vernova·Remote(Flexible / Remote)
Other

WFA Digital Insight

The demand for cybersecurity experts grew 25% in 2025, driven by increasing supply chain threats. As a Principal Secure Procurement Leader at GE Vernova, you'll play a critical role in protecting the company's commercial products and customers. With the rise of remote work, digital skills are more essential than ever. This role stands out for its focus on secure procurement and supplier risk management, making it an attractive opportunity for those with a strong background in cybersecurity and supply chain security. Before applying, candidates should be prepared to demonstrate their knowledge of ISA/IEC 62443 standards and experience with SBOM adoption.

Job Description

About the Role

The Principal Secure Procurement Leader will own and manage GE Vernova's Secure Procurement Program, ensuring that all third-party hardware, software, firmware, and services integrated into commercial products meet security requirements aligned with ISA/IEC 62443 supply chain standards. This senior role will partner with product engineering, sourcing, legal, and Vulnerability Operations teams to strengthen supply chain security and protect GE Vernova customers and critical energy infrastructure.

As a key member of the Product Cybersecurity organization, the Principal Secure Procurement Leader will define supplier cybersecurity requirements, lead third-party assessments and audits, embed security obligations into procurement contracts, and drive SBOM adoption across the supplier base. This is a high-visibility, cross-functional role that requires strong communication and stakeholder management skills.

The successful candidate will have a deep understanding of cybersecurity, supply chain security, and third-party risk management in an OT/ICS environment. They will be responsible for tracking supplier cybersecurity risks, remediation actions, and compliance status, as well as maintaining a cybersecurity-focused Approved Supplier List and reassessment process.

What You Will Do

  • Own and manage GE Vernova's Secure Procurement Program end-to-end
  • Develop supplier security requirements, policies, and contractual cybersecurity obligations aligned with ISA/IEC 62443-2-4 and 62443-2-1
  • Conduct supplier cybersecurity assessments and audits, including questionnaires, remote reviews, and on-site evaluations
  • Track supplier cybersecurity risks, remediation actions, and compliance status
  • Embed cybersecurity requirements into RFPs, contracts, and supplier qualification processes
  • Maintain a cybersecurity-focused Approved Supplier List and reassessment process
  • Drive SBOM adoption and manage open-source software risk
  • Coordinate vulnerability response for supplier-provided components in the field
  • Deliver supplier risk reporting and executive metrics
  • Monitor supply chain threats and relevant regulations
  • Represent GE Vernova in industry forums and standards groups
  • Mentor team members on secure procurement and IEC 62443 practices

What We Are Looking For

  • Bachelor's degree or equivalent experience
  • 8+ years of experience in cybersecurity, supply chain security, product security, or third-party risk management in an OT/ICS environment
  • Strong knowledge of ISA/IEC 62443, especially 62443-2-4 and 62443-2-1
  • Experience running supplier security assessment programs and managing remediation
  • Familiarity with SBOMs, SCA tools, and OSS risk management
  • Experience integrating cybersecurity into procurement, sourcing, and contract processes
  • Knowledge of relevant regulations and standards, including NERC CIP-013, CMMC, NIS2, EU Cyber Resilience Act, and NDAA Section 889
  • Strong communication and stakeholder management skills

Nice to Have

  • Direct experience with IEC 62443-2-4 in OT/ICS manufacturing
  • Experience using AI/ML for supplier risk, monitoring, or SBOM analysis
  • Knowledge of GE Vernova or similar industrial product ecosystems
  • Experience with firmware security, counterfeit component detection, and hardware supply chain integrity
  • Global supplier management experience
  • Relevant certifications such as CISSP, CISM, GICSP, CSSLP, or ISA/IEC 62443 certification

Benefits and Perks

  • Competitive compensation
  • Professional development opportunities
  • Challenging careers in a dynamic industry
  • Flexible and remote work arrangements
  • Access to cutting-edge technology and tools
  • Collaborative and supportive team environment
  • Comprehensive benefits package, including health, dental, and vision insurance
  • 401(k) matching and retirement savings plan
  • Paid time off and holidays
  • Remote work stipend and home office setup support

How to Stand Out

  • To stand out in the application process, be prepared to provide specific examples of your experience with supplier security assessments and SBOM adoption.
  • Make sure your resume and cover letter are tailored to the role, highlighting your relevant skills and experience in cybersecurity and supply chain security.
  • Research GE Vernova's products and services to demonstrate your understanding of the company's cybersecurity needs and challenges.
  • Be prepared to discuss your knowledge of ISA/IEC 62443 standards and how you have applied them in previous roles.
  • Don't be afraid to ask questions during the interview process, such as what a typical day looks like in the role or what opportunities there are for professional development.
  • Consider obtaining relevant certifications, such as CISSP or ISA/IEC 62443 certification, to demonstrate your expertise and commitment to the field.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.