Principal - Secure Procurement Leader
About The Position
GE Vernova is seeking an experienced Secure Procurement Leader to own and operate the enterprise Secure Procurement Program within the Product Cybersecurity organization. This senior role ensures that all third-party hardware, software, firmware, and services integrated into GE Vernova commercial products meet security requirements aligned with ISA/IEC 62443 supply chain standards. In this high-visibility, cross-functional role, you will define supplier cybersecurity requirements, lead third-party assessments and audits, embed security obligations into procurement contracts, and drive SBOM adoption across the supplier base. You will partner with product engineering, sourcing, legal, and Vulnerability Operations teams to strengthen supply chain security and protect GE Vernova customers and critical energy infrastructure.
Requirements
- Bachelor’s degree or equivalent experience.
- 8+ years of experience in cybersecurity, supply chain security, product security, or third-party risk management in an OT/ICS environment.
- Strong knowledge of ISA/IEC 62443, especially 62443-2-4 and 62443-2-1.
- Experience running supplier security assessment programs and managing remediation.
- Familiarity with SBOMs, SCA tools, and OSS risk management.
- Experience integrating cybersecurity into procurement, sourcing, and contract processes.
- Knowledge of relevant regulations and standards, including NERC CIP-013, CMMC, NIS2, EU Cyber Resilience Act, and NDAA Section 889.
- Strong communication and stakeholder management skills.
Nice To Haves
- Direct experience with IEC 62443-2-4 in OT/ICS manufacturing.
- Experience using AI/ML for supplier risk, monitoring, or SBOM analysis.
- Knowledge of GE Vernova or similar industrial product ecosystems.
- Experience with firmware security, counterfeit component detection, and hardware supply chain integrity.
- Global supplier management experience.
- Relevant certifications such as CISSP, CISM, GICSP, CSSLP, or ISA/IEC 62443 certification.
Responsibilities
- Own and manage GE Vernova’s Secure Procurement Program end-to-end.
- Develop supplier security requirements, policies, and contractual cybersecurity obligations aligned with ISA/IEC 62443-2-4 and 62443-2-1.
- Conduct supplier cybersecurity assessments and audits, including questionnaires, remote reviews, and on-site evaluations.
- Track supplier cybersecurity risks, remediation actions, and compliance status.
- Embed cybersecurity requirements into RFPs, contracts, and supplier qualification processes.
- Maintain a cybersecurity-focused Approved Supplier List and reassessment process.
- Drive SBOM adoption and manage open-source software risk.
- Coordinate vulnerability response for supplier-provided components in the field.
- Deliver supplier risk reporting and executive metrics.
- Monitor supply chain threats and relevant regulations.
- Represent GE Vernova in industry forums and standards groups.
- Mentor team members on secure procurement and IEC 62443 practices.
Benefits
- Medical, dental, vision, and prescription drug coverage
- Access to Health Coach from GE Vernova, a 24/7 nurse-based resource
- Access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services
- GE Vernova Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions
- Access to Fidelity resources and financial planning consultants
- Tuition assistance
- Adoption assistance
- Paid parental leave
- Disability benefits
- Life insurance
- 12 paid holidays
- Permissive time off
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
