Jobs · Education

Principal - Secure Procurement Leader

GE Vernova · Roanoke, VA · 1 wk ago
RemoteRemoteEducation$147k–$245k/yrFull-time

About the role

This high-visibility, cross-functional role involves defining supplier cybersecurity requirements, leading third-party assessments and audits, embedding security obligations into procurement contracts, and driving SBOM adoption across the supplier base.

Responsibilities

  • Own and manage GE Vernova’s Secure Procurement Program end-to-end.
  • Develop supplier security requirements, policies, and contractual cybersecurity obligations aligned with ISA/IEC 62443-2-4 and 62443-2-1.
  • Conduct supplier cybersecurity assessments and audits, including questionnaires, remote reviews, and on-site evaluations.
  • Track supplier cybersecurity risks, remediation actions, and compliance status.
  • Embed cybersecurity requirements into RFPs, contracts, and supplier qualification processes.
  • Maintain a cybersecurity-focused Approved Supplier List and reassessment process.
  • Drive SBOM adoption and manage open-source software risk.
  • Coordinate vulnerability response for supplier-provided components in the field.
  • Deliver supplier risk reporting and executive metrics.
  • Monitor supply chain threats and relevant regulations.
  • Represent GE Vernova in industry forums and standards groups.
  • Mentor team members on secure procurement and IEC 62443 practices.

Requirements

  • Bachelor’s degree or equivalent experience.
  • 8+ years of experience in cybersecurity, supply chain security, product security, or third-party risk management in an OT/ICS environment.
  • Strong knowledge of ISA/IEC 62443, especially 62443-2-4 and 62443-2-1.
  • Experience running supplier security assessment programs and managing remediation.
  • Familiarity with SBOMs, SCA tools, and OSS risk management.
  • Experience integrating cybersecurity into procurement, sourcing, and contract processes.
  • Knowledge of relevant regulations and standards, including NERC CIP-013, CMMC, NIS2, EU Cyber Resilience Act, and NDAA Section 889.
  • Strong communication and stakeholder management skills.

Qualifications

  • Direct experience with IEC 62443-2-4 in OT/ICS manufacturing.
  • Experience using AI/ML for supplier risk, monitoring, or SBOM analysis.
  • Knowledge of GE Vernova or similar industrial product ecosystems.
  • Experience with firmware security, counterfeit component detection, and hardware supply chain integrity.
  • Global supplier management experience.
  • Relevant certifications such as CISSP, CISM, GICSP, CSSLP, or ISA/IEC 62443 certification.

Benefits

  • Medical, dental, vision, and prescription drug coverage.
  • Access to Health Coach from GE Vernova, a 24/7 nurse-based resource.
  • Access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services.
  • Retirement benefits including the GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants.
  • Tuition assistance, adoption assistance, paid parental leave, disability benefits, life insurance, 12 paid holidays, and permissive time off.

Pay

The pay range for this position is between $147,000.00 and $245,000.00. The Company pays a geographic differential of 110%, 120% or 130% of salary in certain areas.

Schedule

This is a remote position.

Similar jobs