Director, Supply Chain Security

About The Position

Requirements

• Experience designing, building, or leading software supply chain security, DevSecOps security, or related programs within a product security or application security context.
• Strong understanding of software development lifecycles, CI/CD pipelines, and build systems.
• Experience defining and implementing security controls for source code management, build environments, and software artifact handling.
• Working knowledge of software supply chain security frameworks and concepts (e.g., SLSA, SBOM, software provenance).
• Experience with code signing, cryptographic principles, and secure key management practices.
• Experience collaborating with IT and Information Security teams to implement and enforce security controls.
• Familiarity with regulatory requirements related to product and supply chain security, such as the EU Cyber Resilience Act (CRA).
• Strong ability to define scalable policies, standards, and governance models across large organizations.
• Excellent communication skills with the ability to translate complex technical risks into business impact.
• Experience operating in large-scale, multi-product environments with distributed engineering and DevOps teams.

Nice To Haves

• Experience implementing or managing SBOM programs and third-party/open source risk management processes is preferred.
• Experience securing cloud-native and containerized development environments is preferred.
• Experience with manufacturing, embedded systems, or factory deployment environments is preferred.
• Experience with Agile/SAFe methodologies is preferred.
• Experience building and leading high-performing security teams is preferred.

Responsibilities

• Defining and maintaining the enterprise Supply Chain Security framework, including policies, standards, and processes governing source code, building systems, artifacts, and deployment environments.
• Establishing and enforcing standards for secure storage, accessing, and transferring of source code, including repository protections, branching controls, and access governance.
• Defining security requirements for CI/CD pipelines and building environments, including isolation, hardening, least-privilege access, and protection against tampering.
• Defining and operationalizing software provenance and traceability requirements to ensure the authenticity and integrity of software throughout the lifecycle.
• Establishing processes and standards for evaluating and managing third-party vendors, suppliers, and open source components, including security assessment and ongoing risk monitoring.
• Defining and enforcing SBOM requirements, including generation, storage, and usage in vulnerability and compliance processes.
• Coordinating with operations and manufacturing teams, establishing security standards and validation processes for manufacturing, factory, and deployment environments where software is integrated into products.
• Defining and governing the secure management of secrets, keys, and cryptographic material used in development and build systems, in coordination with enterprise security teams.
• Partnering with IT and Information Security teams to ensure supply chain security controls are implemented, monitored, and enforced across development and build environments.
• Collaborating with Product Security and Privacy Architects to embed secure coding and security controls into building environments and CI/CD pipelines through standardized “paved road” solutions.
• Establishing mechanisms to validate control effectiveness and detect non-compliance or drift across pipelines, build systems, and artifact repositories.
• Developing metrics, reporting, and dashboards to measure supply chain security posture, control coverage, and adherence across the organization.
• Providing executive-level reporting and insights on software supply chain risk and control effectiveness.
• Leading audit and assessment readiness for supply chain security controls and ensure alignment with regulatory requirements, including the EU Cyber Resilience Act (CRA).
• Building and leading a team responsible for supply chain security architecture, tooling, governance, and operational coordination.
• Acting as the central authority for software supply chain security across the organization.
• Establishing a scalable, federated operating model enabling product teams to securely develop, build, and deploy software while adhering to centralized standards.
• Partnering with Engineering, DevOps, Product Security, Legal, Procurement, and Compliance teams to ensure consistent adoption and execution of supply chain security practices.
• Ensuring consistent implementation of supply chain security controls across a large and diverse product portfolio and multiple technology domains.
• Providing strategic direction for continuous improvement of supply chain security capabilities, including tooling, processes, and organizational practices.
• Supporting regulatory audits, customer inquiries, and internal assessments related to software supply chain security.

Benefits

• Competitive salary and rewards package
• Competitive benefits and annual leave offering, allowing for work-life balance
• A vibrant, welcoming & inclusive culture
• Extensive career development opportunities and resources to maximize your potential
• To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds