Supply Chain Security Program Manager 5-ProdDev
Company: Oracle
Location: Tallahassee
Posted on: May 4, 2024
|
|
Job Description:
Job Description
The Supply Chain Security role will lead the analysis to identify
hardware supply chain security risk as well as develop and
implement mitigation strategies to address each risk. Supply Chain
Security Risk Management (SCRM) plans are developed, maintained,
and continuously improved over time collaborating with key
stakeholders: external manufacturing Tier 1 suppliers, sub tier
suppliers (tier 2 & 3), logistics, and transportation providers at
a minimum. The role will partner with internal operations teams and
design and development team members for the Oracle hardware.
This position requires the development knowledge and application of
Oracle Corporate security assurance best practices and processes.
These define how to make smart choices that build security into our
products and services. These Oracle Software Security Assurance
Standards (OSSA) and Oracle Hardware Security Assurance (OHWSA)
standards provide guidance across the entire lifecycle of
third-party component selection / in-take, product design,
development, testing, release, and deployment. Ensuring the
delivery of these corporate standards and ensuring they are part of
the Supply Chain movement in all the modes (Sea, Transportation,
and Air) with the principal theme on the essentials of a robust
SCRM will be key. This includes systematically intaking, escalating
and triaging problems with relevant owners and teams while ensuring
follow-through on resolutions to deliver findings to key
partners.
The SCRM activity requires responsibility to collect and analyze
data to identify hardware manufacturing, shipping, and delivery
security flaws and vulnerabilities in Oracle's supply chain
operations, and to provide advice and guidance to help reduce these
supply chain risks to Oracle's management team.
This role is a key member of the Supply Chain Organization (SCO)
responsible to manufacturing and operations delivering the hardware
and firmware to Oracle Cloud Infrastructure (OCI) and Oracle
Engineered Systems including Oracle Exadata.
Responsibilities
Working with Security Leads, Security Point of Contacts (SPOCs),
Directors and Managers across Oracle Hardware Supply Chain to
ensure that Oracle Hardware teams are using the industry's best
security practices as detailed in OSSA and OHWSA. This applies to
the components that Oracle engineers itself and the third-party
hardware components we leverage from industry partners.
This role spans hardware and includes working with Oracle internal
teams and external partners. The job extends from Oracle team
education and security process support, to performing security
technical and process reviews, through to ensuring that Oracle's
partners understand Oracle's security requirements for the
future.
Key objectives include:
Identify Hardware Supply Chain risk at the External Manufacturing
(tier 1)
Identify Hardware Supply Chain risk at the Sub tier Suppliers
multiple layers deep (tier 1 and tier 2)
Author Supply Chain Risk Mitigation Plans (SCRM)
Mitigating security risks associated with supply chain
operations.
Safeguard business interests amidst evolving security requirements
from existing customers.
Facilitating compliance with security prerequisites for strategic
growth plans.
Establish SCRM working with internal and external
cross-functions.
Role Details:
Assess, manage, and mitigate diverse risks across Oracle Supply
Chain Operations, bolstering resilience and business continuity
through strategic and operational initiatives.
Partner with Oracle Security Oversight Committee (OSOC) to
implement controls and measures to drive overall Supply Chain
Hardware protection strategies.
Collaborate with cross-functional stakeholders to yield high-impact
insights and recommendations, thereby steering strategy and
scalable implementation plans.
Lead supply chain security teams overseeing physical and site
security, information security, supplier risk management, product
security, logistics, and supply chain resiliency programs.
Stay abreast of supply chain security trends, assessing impact on
operational practices and programs.
Establish and sustain a comprehensive Supply Chain Risk Management
(SCRM) and Governance, Risk, and Compliance process in alignment
with OSOC programs.
Instill proactive security controls and policies spanning
information assets, product development, and the broader supply
chain ecosystem.
Contribute to the formulation and execution of third-party
assessments and supply chain security best practices.
Collaborate with cross-functional security teams to standardize
global site policies and security awareness initiatives.
Develop a robust security training program for supply chain
personnel across global operations.
Collaborate with the OSOC to articulate Supply Chain Security
messaging for customers, business partners, and external
parties.
Conduct periodic security audits alongside relevant teams to ensure
compliance across in-house sites, External Manufacturers and
Suppliers.
Develop and maintain a communication framework to update GSC
leadership, business and design engineering stakeholders.
Cultivate a relationship of trust with global supply chain
leadership to predict, perceive, mitigate, and manage supply chain
risks on a global scale.
Co-create supply chain risk strategy and vision in alignment with
global supply chain leadership.
Translate strategy into actionable initiatives, incorporating risk
management and business resiliency practices.
Assume overall accountability for the supply chain risk management
program, collaborating with cross-functional teams to meet industry
and regulatory standards.
Develop robust business policies, processes and tools for
continuous risk assessment, business continuity planning, event
anticipation, and recovery management.
Facilitating and performing supply chain hardware security
reviews
Tracking the progress of supply chain hardware security reviews and
producing reports
Identifying and driving improvements to the security review
processes
Collaborate with Security, Enterprise Risk Management, and
Compliance teams to foster cross-functional synergy.
Required Qualifications:
B.S. in Supply Chain Management
7+ years in the field of Supply Chain Management (Hardware) with
security expertise
Experience in security analysis/assessments and the ability to
audit security or forensic reports.
Expertise across secure development lifecycle e.g., component
security reviews, static and dynamic analysis tools
Highly motivated, with a sense of urgency and ability to deliver
multiple tasks under timeframe pressure.
Analytical person, who can be both strategic and able to dive into
details as needed.
Capable of working independently
Experience with understanding, analyzing, and communicating
hardware security vulnerabilities, attacks, and research to Supply
Chain Team.
Excellent written and oral communication skills.
Preferred Qualifications:
Experience with implementation of modern server platform
hardware
Experience with Cloud security and architecture concepts
Comfortable dealing with ambiguity and ability to adapt to changing
environment and needs.
Experience with server platform level security technologies,
including but not limited to secure boot, firmware signing,
platform firmware security architectures, roots of trust.
Experience with hardware interfaces, including, but not limited to
BMCs, PCIe, SAS, NVMe, NAND Flash, NOR Flash, SPI, I2C (incl.
SMBus, PMBus), LPC, eSPI, etc.
Skills/Accreditations/Certifications:
Strong/Expert Communication - thrive in an email, online meetings,
and presentation atmosphere, as well be able to speak with large
groups of people on Supply Chain Security practices.
C.S.C.S.S Certification
Experience with implementing various industry certifications such
as ISO 9001, 28001 and NIST.
Proficiency in project management and metrics design.
Direct experience in global supply chain operations.
Experience particularly within manufacturing environments,
including Supply Chain Risk Management (SCRM) and/or Business
Continuity (BC).
Experience in executive counseling, influencing, advisory, and
communication.
Track record of effective stakeholder management.
Demonstrated success in steering complex, multidimensional
initiatives from vision through implementation.
Aptitude for driving agile decision-making and transformative
change across organizational tiers.
Strong problem-solving capabilities, coupled with sound business
acumen.
Disclaimer:
Certain US customer or client-facing roles may be required to
comply with applicable requirements, such as immunization and
occupational health mandates.
Range and benefit information provided in this posting are specific
to the stated locations only
US: Hiring Range: from $104,000 to $223,500 per annum. May be
eligible for bonus and equity.
Oracle maintains broad salary ranges for its roles in order to
account for variations in knowledge, skills, experience, market
conditions and locations, as well as reflect Oracle's differing
products, industries and lines of business.
Candidates are typically placed into the range based on the
preceding factors as well as internal peer equity.
Oracle US offers a comprehensive benefits package which includes
the following:
Medical, dental, and vision insurance, including expert medical
opinion
Short term disability and long term disability
Life insurance and AD&D
Supplemental life insurance (Employee/Spouse/Child)
Health care and dependent care Flexible Spending Accounts
Pre-tax commuter and parking benefits
401(k) Savings and Investment Plan with company match
Paid time off: Flexible Vacation is provided to all eligible
employees assigned to a salaried (non-overtime eligible) position.
Accrued Vacation is provided to all other employees eligible for
vacation benefits. For employees working at least 35 hours per
week, the vacation accrual rate is 13 days annually for the first
three years of employment and 18 days annually for subsequent years
of employment. Vacation accrual is prorated for employees working
between 20 and 34 hours per week. Employees working fewer than 20
hours per week are not eligible for vacation.
11 paid holidays
Paid sick leave: 72 hours of paid sick leave upon date of hire.
Refreshes each calendar year. Unused balance will carry over each
year up to a maximum cap of 112 hours.
Paid parental leave
Adoption assistance
Employee Stock Purchase Plan
Financial planning and group legal
Voluntary benefits including auto, homeowner and pet insurance
About Us
As a world leader in cloud solutions, Oracle uses tomorrow's
technology to tackle today's problems. True innovation starts with
diverse perspectives and various abilities and backgrounds.
When everyone's voice is heard, we're inspired to go beyond what's
been done before. It's why we're committed to expanding our
inclusive workforce that promotes diverse insights and
perspectives.
We've partnered with industry-leaders in almost every sector-and
continue to thrive after 40+ years of change by operating with
integrity.
Oracle careers open the door to global opportunities where
work-life balance flourishes. We offer a highly competitive suite
of employee benefits designed on the principles of parity and
consistency. We put our people first with flexible medical, life
insurance and retirement options. We also encourage employees to
give back to their communities through our volunteer programs.
We're committed to including people with disabilities at all stages
of the employment process. If you require accessibility assistance
or accommodation for a disability at any point, let us know by
calling +1 888 404 2494, option one.
Disclaimer:
Oracle is an Equal Employment Opportunity Employer*. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, national origin, sexual orientation,
gender identity, disability and protected veterans' status, or any
other characteristic protected by law. Oracle will consider for
employment qualified applicants with arrest and conviction records
pursuant to applicable law.
* Which includes being a United States Affirmative Action
Employer
Keywords: Oracle, Tallahassee , Supply Chain Security Program Manager 5-ProdDev, Accounting, Auditing , Tallahassee, Florida
Click
here to apply!
|