Jobs · Engineering · Texas

Director, Supply Chain Security

HID · Austin, TX · 5 days ago
Engineering$230k–$250k/yrFull-time

About the role

As part of the Product Security and Privacy team, you will own and lead the corporate-wide Product Supply Chain Security program. You will lead a team that will establish and operationalize the standards, policies, and technical capabilities required to ensure the integrity, security, and trustworthiness of software from development through build, distribution, and deployment across a diverse portfolio of products and environments.

Responsibilities

  • Define and maintain the enterprise Supply Chain Security framework, including policies, standards, and processes governing source code, build systems, artifacts, and deployment environments.
  • Establish and enforce standards for secure storage, accessing, and transferring of source code, including repository protections, branching controls, and access governance.
  • Define and maintain the enterprise Supply Chain Security framework, including policies, standards, and processes governing source code, build systems, artifacts, and deployment environments.
  • Establish and enforce standards for secure storage, accessing, and transferring of source code, including repository protections, branching controls, and access governance.
  • Define security requirements for CI/CD pipelines and building environments, including isolation, hardening, least-privilege access, and protection against tampering.
  • Define and operationalize software provenance and traceability requirements to ensure the authenticity and integrity of software throughout the lifecycle.
  • Establish processes and standards for evaluating and managing third-party vendors, suppliers, and open source components, including security assessment and ongoing risk monitoring.
  • Define and enforce SBOM requirements, including generation, storage, and usage in vulnerability and compliance processes.
  • Coordinate with operations and manufacturing teams, establishing security standards and validation processes for manufacturing, factory, and deployment environments where software is integrated into products.
  • Define and govern the secure management of secrets, keys, and cryptographic material used in development and build systems, in coordination with enterprise security teams.
  • Partner with IT and Information Security teams to ensure supply chain security controls are implemented, monitored, and enforced across development and build environments.
  • Collaborate with Product Security and Privacy Architects to embed secure coding and security controls into building environments and CI/CD pipelines through standardized “paved road” solutions.
  • Establish mechanisms to validate control effectiveness and detect non-compliance or drift across pipelines, build systems, and artifact repositories.
  • Develop metrics, reporting, and dashboards to measure supply chain security posture, control coverage, and adherence across the organization.
  • Provide executive-level reporting and insights on software supply chain risk and control effectiveness.
  • Lead audit and assessment readiness for supply chain security controls and ensure alignment with regulatory requirements, including the EU Cyber Resilience Act (CRA).
  • Build and lead a team responsible for supply chain security architecture, tooling, governance, and operational coordination.
  • Act as the central authority for software supply chain security across the organization.
  • Establish a scalable, federated operating model enabling product teams to securely develop, build, and deploy software while adhering to centralized standards.
  • Partner with Engineering, DevOps, Product Security, Legal, Procurement, and Compliance teams to ensure consistent adoption and execution of supply chain security practices.
  • Ensure consistent implementation of supply chain security controls across a large and diverse product portfolio and multiple technology domains.
  • Provide strategic direction for continuous improvement of supply chain security capabilities, including tooling, processes, and organizational practices.
  • Support regulatory audits, customer inquiries, and internal assessments related to software supply chain security.

Requirements

Experience designing, building, or leading software supply chain security, DevSecOps security, or related programs within a product security or application security context.

Strong understanding of software development lifecycles, CI/CD pipelines, and build systems.

Experience defining and implementing security controls for source code management, build environments, and software artifact handling.

Working knowledge of software supply chain security frameworks and concepts (e.g., SLSA, SBOM, software provenance).

Experience with code signing, cryptographic principles, and secure key management practices.

Experience collaborating with IT and Information Security teams to implement and enforce security controls.

Familiarity with regulatory requirements related to product and supply chain security, such as the EU Cyber Resilience Act (CRA).

Strong ability to define scalable policies, standards, and governance models across large organizations.

Excellent communication skills with the ability to translate complex technical risks into business impact.

Experience operating in large-scale, multi-product environments with distributed engineering and DevOps teams.

Experience implementing or managing SBOM programs and third-party/open source risk management processes is preferred.

Experience securing cloud-native and containerized development environments is preferred.

Experience with manufacturing, embedded systems, or factory deployment environments is preferred.

Experience with Agile/SAFe methodologies is preferred.

Experience building and leading high-performing security teams is preferred.

Qualifications

Master's degree in Computer Science, Information Systems, or a related field.

Minimum of 10 years of relevant experience in software supply chain security, DevSecOps security, or related fields.

Proven leadership experience in managing teams and driving initiatives.

Experience in a similar role within a multinational corporation is highly desirable.

Skills

Experience with software supply chain security frameworks and concepts (e.g., SLSA, SBOM, software provenance).

Experience with code signing, cryptographic principles, and secure key management practices.

Experience with Agile/SAFe methodologies.

Experience with manufacturing, embedded systems, or factory deployment environments.

Experience with third-party/open source risk management processes.

Experience with cloud-native and containerized development environments.

Benefits

Competitive salary and rewards package

Competitive benefits and annual leave offering

A vibrant, welcoming & inclusive culture

Extensive career development opportunities and resources

Pay

The base salary in the United States is $230,000 to $250,000.

Schedule

Remote (US & Europe)

Similar jobs

Director, Supply Chain

Overhead Door CorporationLewisville, TX· 2 wk ago
Managementapply on hcas.fa.us1.oraclecloud.com