Director, Supply Chain Security

An Amazing Career Opportunity foraDirector Supply Chain Security!!

Location: Remote (US & Europe)

Job ID: 47557

As part of the Product Security and Privacy team you will own and lead the corporate-wide Product Supply Chain Security program.

You will lead a team that will establish and operationalize the standards policies and technical capabilities required to ensure the integrity security and trustworthiness of software from development through build distribution and deployment across a diverse portfolio of products and environments.

Accountable for the consistency scalability and defensibility of supply chain security practices you will ensure that controls are not only defined but effectively implemented and enforced in partnership with IT and Information Security teams.

You will operate at a strategic level building and leading a team responsible for securing source code build systems third-party components and deployment environments while enabling product teams to adopt secure-by-design practices through standardized architectures and processes.

Who are we

HID powers the trusted identities of the worlds people places and things allowing people to transact safely work productively and travel freely.

We are a high-tech software company headquartered in Austin TX with over 4500 worldwide employees.Check us out here:and ourDirector Supply Chain Security youll support HIDs successby:

• Defining and maintaining the enterprise Supply Chain Security framework including policies standards and processes governing source code building systems artifacts and deployment environments.
• Establishing and enforcing standards for secure storage accessing and transferring of source code including repository protections branching controls and access governance.
• Defining and maintaining the enterprise Supply Chain Security framework including policies standards and processes governing source code build systems artifacts and deployment environments.
• Establishing and enforcing standards for secure storage accessing and transferring of source code including repository protections branching controls and access governance.
• Defining security requirements for CI/CD pipelines and building environments including isolation hardening least-privilege access and protection against tampering.
• Defining and operationalizing software provenance and traceability requirements to ensure the authenticity and integrity of software throughout the lifecycle.
• Establishing processes and standards for evaluating and managing third-party vendors suppliers and open source components including security assessment and ongoing risk monitoring.
• Defining and enforcing SBOM requirements including generation storage and usage in vulnerability and compliance processes.
• Coordinating with operations and manufacturing teams establishing security standards and validation processes for manufacturing factory and deployment environments where software is integrated into products.
• Defining and governing the secure management of secrets keys and cryptographic material used in development and build systems in coordination with enterprise security teams.
• Partnering with IT and Information Security teams to ensure supply chain security controls are implemented monitored and enforced across development and build environments.
• Collaborating with Product Security and Privacy Architects to embed secure coding and security controls into building environments and CI/CD pipelines through standardized paved road solutions.
• Establishing mechanisms to validate control effectiveness and detect non-compliance or drift across pipelines build systems and artifact repositories.
• Developing metrics reporting and dashboards to measure supply chain security posture control coverage and adherence across the organization.
• Providing executive-level reporting and insights on software supply chain risk and control effectiveness.
• Leading audit and assessment readiness for supply chain security controls and ensure alignment with regulatory requirements including the EU Cyber Resilience Act (CRA).
• Building and leading a team responsible for supply chain security architecture tooling governance and operational coordination.
• Acting as the central authority for software supply chain security across the organization.
• Establishing a scalable federated operating model enabling product teams to securely develop build and deploy software while adhering to centralized standards.
• Partnering with Engineering DevOps Product Security Legal Procurement and Compliance teams to ensure consistent adoption and execution of supply chain security practices.
• Ensuring consistent implementation of supply chain security controls across a large and diverse product portfolio and multiple technology domains.
• Providing strategic direction for continuous improvement of supply chain security capabilities including tooling processes and organizational practices.
• Supporting regulatory audits customer inquiries and internal assessments related to software supply chain security.

YourExperienceand Background include:

• Experience designing building or leading software supply chain security DevSecOps security or related programs within a product security or application security context.
• Strong understanding of software development lifecycles CI/CD pipelines and build systems.
• Experience defining and implementing security controls for source code management build environments and software artifact handling.
• Working knowledge of software supply chain security frameworks and concepts (e.g. SLSA SBOM software provenance).
• Experience with code signing cryptographic principles and secure key management practices.
• Experience collaborating with IT and Information Security teams to implement and enforce security controls.
• Familiarity with regulatory requirements related to product and supply chain security such as the EU Cyber Resilience Act (CRA).
• Strong ability to define scalable policies standards and governance models across large organizations.
• Excellent communication skills with the ability to translate complex technical risks into business impact.
• Experience operating in large-scale multi-product environments with distributed engineering and DevOps teams.
• Experience implementing or managing SBOM programs and third-party/open source risk management processes is preferred.
• Experience securing cloud-native and containerized development environments is preferred.
• Experience with manufacturing embedded systems or factory deployment environments is preferred.
• Experience with Agile/SAFe methodologies is preferred.
• Experience building and leading high-performing security teams is preferred.

What we can offer you:

• Competitive salary and rewards package

• Competitive benefits and annual leave offering allowing for work-life balance

• A vibrant welcoming & inclusive culture
• Extensive career development opportunities and resources to maximize your potential
• To be a part of a global organization that is pioneering the hardware software and services that allow people to confidently navigate the physical and digital worlds

Why apply

• Empowerment: Youll work as part of a global team in a flexible workenvironment learning and enhancing your expertise. We welcome an opportunity to meet you and learn about your unique talents skills and experiences. You dont need to check all the you have most of the skills and experience we want you to apply.
• Innovation: You embrace challenges and want to drive change. We are open to ideas including flexible work arrangements job sharing or part-time job seekers.
• Integrity: You are results-orientated reliable and straightforward and value being treated accordingly. We want all our employees to be themselves to feel appreciated and accepted.

The wage range for this role considers a broad scope of factors that are considered when making compensation decisions including but not limited to: skill sets experience and training licensure and certifications and other business and organizational needs. The disclosed range does not account for geographic differentials based on the location where the position may be filled. At HID it is uncommon for individuals to be hired at or near the top of the range. Final compensation decisions depend on the specific facts and circumstances of each case.

The base salary in the United States is $230000 to $250000.

This opportunity may be open to flexible working arrangements.

HID does not accept unsolicited resumes from headhunters recruitment agencies or fee-based recruitment services. We are not responsible for any fees related to unsolicited resumes.

HID is committed to building a diverse equitable and inclusive workforce that reflects the global communities we serve. As an equal opportunity employer we welcome applications from individuals of all backgrounds experiences and perspectives. We evaluate applicants without regard to race color religion gender gender identity or expression sexual orientation national origin disability age veteran status or any other legally protected characteristic. Our goal is to create a workplace that empowers everyone to thrive and be their authentic selves fostering an environment of mutual respect and inclusivity. If you have a disability and require assistance or accommodation to participate in the application process or to perform essential job functions please contact .

Please be aware that our recruitment process may include the use of AI-powered tools to assist in screening applicant resumes. These tools help us efficiently identify candidates whose qualifications and skills align with the job description. We use AI in a responsible manner and in accordance with applicable data privacy laws and regulations. Importantly all applicants are reviewed by our Talent Acquisition team. AI is used to support not replace human judgment in the evaluation process.

We make it easier for people to get where they want to go!
On an average day think of how many times you tap twist tag push or swipe to get access find information connect with others or track something. HID technology is behind billions of interactions in more than 100 countries. We help you create a verified trusted identity that can get you where you need to go without having to think about it.

When you join our HID team youll also be part of the ASSA ABLOY Group the global leader in access solutions. Youll have 63000 colleagues in more than 70 different countries. We empower our people to build their career around their aspirations and our ambitions supporting them with regular feedback training and development opportunities. Our colleagues think broadly about where they can make the most impact and we encourage them to grow their role locally regionally or even internationally. As we welcome new people on board its important to us to have diverse inclusive teams and we value different perspectives and experiences.

#LI-HIDGlobal