Principal - Secure Procurement Leader

GE VernovaGE Vernova·Remote(Flexible / Remote)
Other

WFA Digital Insight

The demand for cybersecurity specialists in the energy sector has grown significantly, with a 25% increase in job openings over the past year. As companies like GE Vernova prioritize the security of their supply chains, professionals with expertise in secure procurement are in high demand. With the rise of remote work, this role offers the flexibility to work from anywhere while making a critical impact on the security of GE Vernova's commercial products. Before applying, candidates should be aware of the importance of ISA/IEC 62443 standards and the need for strong stakeholder management skills in this cross-functional role.

Job Description

About the Role

The Principal - Secure Procurement Leader will play a pivotal role in ensuring the security of GE Vernova's commercial products by overseeing the Secure Procurement Program. This program is designed to guarantee that all third-party hardware, software, firmware, and services meet the required security standards aligned with ISA/IEC 62443 supply chain standards. The successful candidate will be responsible for defining supplier cybersecurity requirements, leading assessments and audits, and embedding security obligations into procurement contracts.

The role involves close collaboration with various teams, including product engineering, sourcing, legal, and Vulnerability Operations, to enhance supply chain security and protect GE Vernova's customers and critical energy infrastructure. Given the high-visibility and cross-functional nature of this position, strong communication and stakeholder management skills are essential.

The Principal - Secure Procurement Leader will also be expected to stay abreast of supply chain threats and relevant regulations, representing GE Vernova in industry forums and standards groups. This role offers a unique opportunity for a seasoned cybersecurity professional to make a significant impact on the security of commercial products and contribute to the development of industry standards.

What You Will Do

  • Develop and manage supplier security requirements, policies, and contractual cybersecurity obligations aligned with ISA/IEC 62443-2-4 and 62443-2-1.
  • Conduct comprehensive supplier cybersecurity assessments and audits, including questionnaires, remote reviews, and on-site evaluations.
  • Track and manage supplier cybersecurity risks, remediation actions, and compliance status.
  • Embed cybersecurity requirements into RFPs, contracts, and supplier qualification processes.
  • Maintain a cybersecurity-focused Approved Supplier List and reassessment process.
  • Drive SBOM (Software Bill of Materials) adoption and manage open-source software risk.
  • Coordinate vulnerability response for supplier-provided components in the field.
  • Deliver regular supplier risk reporting and executive metrics.
  • Monitor supply chain threats and relevant regulations, ensuring compliance and readiness.
  • Represent GE Vernova in industry forums and standards groups related to cybersecurity and supply chain security.
  • Mentor team members on secure procurement and IEC 62443 practices.

What We Are Looking For

  • Bachelor's degree or equivalent experience in a relevant field such as cybersecurity, supply chain security, or a related discipline.
  • At least 8 years of experience in cybersecurity, supply chain security, product security, or third-party risk management in an OT/ICS environment.
  • Strong knowledge of ISA/IEC 62443 standards, especially 62443-2-4 and 62443-2-1.
  • Experience in running supplier security assessment programs and managing remediation actions.
  • Familiarity with SBOMs, SCA tools, and OSS risk management.
  • Experience integrating cybersecurity into procurement, sourcing, and contract processes.
  • Knowledge of relevant regulations and standards, including NERC CIP-013, CMMC, NIS2, EU Cyber Resilience Act, and NDAA Section 889.
  • Strong communication and stakeholder management skills.

Nice to Have

  • Direct experience with IEC 62443-2-4 in OT/ICS manufacturing.
  • Experience using AI/ML for supplier risk, monitoring, or SBOM analysis.
  • Knowledge of GE Vernova or similar industrial product ecosystems.
  • Experience with firmware security, counterfeit component detection, and hardware supply chain integrity.
  • Global supplier management experience.
  • Relevant certifications such as CISSP, CISM, GICSP, CSSLP, or ISA/IEC 62443 certification.

Benefits and Perks

  • Competitive compensation package, with a pay range between
    47,000.00 and $245,000.00.
  • Geographic differential of 110%, 120%, or 130% of salary in certain areas.
  • Professional development opportunities.
  • Challenging careers with opportunities for growth.
  • Remote work flexibility.
  • Access to cutting-edge technology and tools.
  • Comprehensive health benefits.
  • Generous PTO policy.
  • Relocation assistance provided for eligible candidates.

How to Stand Out

  • Ensure your resume highlights specific experience with secure procurement and supply chain security, especially in OT/ICS environments.
  • Familiarize yourself with ISA/IEC 62443 standards and their application in real-world scenarios to stand out in interviews.
  • Be prepared to discuss your experience with SBOMs, SCA tools, and OSS risk management, and how you've managed these aspects in previous roles.
  • Develop a portfolio or examples of your work in secure procurement, such as successful audits or implementations of cybersecurity measures in supply chains.
  • In salary negotiations, emphasize your relevant experience and the value you bring to the role, considering the pay range provided.
  • Pay close attention to the company culture and values during the interview process, as fitting in with GE Vernova's approach to cybersecurity and innovation is crucial for success in this role.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.