Jobs · Education

Principal - Secure Procurement Leader

GE Vernova · Salem, VA · 1 wk ago
RemoteRemoteEducation$147k–$245k/yrFull-time

About the role

This high-visibility, cross-functional role involves defining supplier cybersecurity requirements, leading third-party assessments and audits, embedding security obligations into procurement contracts, and driving SBOM adoption across the supplier base. You will partner with product engineering, sourcing, legal, and Vulnerability Operations teams to strengthen supply chain security and protect GE Vernova customers and critical energy infrastructure.

Responsibilities

  • Own and manage GE Vernova’s Secure Procurement Program end-to-end.
  • Develop supplier security requirements, policies, and contractual cybersecurity obligations aligned with ISA/IEC 62443-2-4 and 62443-2-1.
  • Conduct supplier cybersecurity assessments and audits, including questionnaires, remote reviews, and on-site evaluations.
  • Track supplier cybersecurity risks, remediation actions, and compliance status.
  • Embed cybersecurity requirements into RFPs, contracts, and supplier qualification processes.
  • Maintain a cybersecurity-focused Approved Supplier List and reassessment process.
  • Drive SBOM adoption and manage open-source software risk.
  • Coordinate vulnerability response for supplier-provided components in the field.
  • Deliver supplier risk reporting and executive metrics.
  • Monitor supply chain threats and relevant regulations.
  • Represent GE Vernova in industry forums and standards groups.
  • Mentor team members on secure procurement and IEC 62443 practices.

Requirements

  • Bachelor’s degree or equivalent experience.
  • 8+ years of experience in cybersecurity, supply chain security, product security, or third-party risk management in an OT/ICS environment.
  • Strong knowledge of ISA/IEC 62443, especially 62443-2-4 and 62443-2-1.
  • Experience running supplier security assessment programs and managing remediation.
  • Familiarity with SBOMs, SCA tools, and OSS risk management.
  • Experience integrating cybersecurity into procurement, sourcing, and contract processes.
  • Knowledge of relevant regulations and standards, including NERC CIP-013, CMMC, NIS2, EU Cyber Resilience Act, and NDAA Section 889.
  • Strong communication and stakeholder management skills.

Desired

  • Direct experience with IEC 62443-2-4 in OT/ICS manufacturing.
  • Experience using AI/ML for supplier risk, monitoring, or SBOM analysis.
  • Knowledge of GE Vernova or similar industrial product ecosystems.
  • Experience with firmware security, counterfeit component detection, and hardware supply chain integrity.
  • Global supplier management experience.
  • Relevant certifications such as CISSP, CISM, GICSP, CSSLP, or ISA/IEC 62443 certification.

Benefits

  • Medical, dental, vision, and prescription drug coverage.
  • Access to Health Coach from GE Vernova, a 24/7 nurse-based resource.
  • Access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services.
  • Retirement benefits including the GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial planning consultants.
  • Tuition assistance, adoption assistance, paid parental leave, disability benefits, life insurance, 12 paid holidays, and permissive time off.

Similar jobs