Your Role and Responsibilities- Facilitate Supplier risk management activities leveraging internal IBM policies, procedures, tools, and resources as a management lifecycle
- Ensure Technical Leadership for driving Supplier Management mission, Automations and provide guidance to the team
- Work on Supplier Management controls implementation for BUILD, RENEW and EXPAND Compliance Programs such as DORA, FedRAMP Gov, FS Cloud, C5, ISMAP, ENS High, HITRUST, HIPPA, MeitY, Unified Controls Framework.
- Ensure Technical Architecture, Designs and Implementation of Supplier Management Automations
- Responsible for overseeing and leading a team of employees. Manage the day-to-day operations and activities of team, including assigning tasks, provide direction, coaching and guidance as required
- Encourage employee engagement and contentment while building a positive atmosphere at work. Foster a culture of collaboration, teamwork, and communication within their team
- Be the Audit and Certifications Focal for success of ongoing audits
- Ensure IBM Cloud stakeholders and Suppliers complete required self-assessments & questionnaires
- Conduct risk assessments, Supplier risk analysis, Supplier criticality, and understanding of Supplier security posture
- Identify potential attack vectors in the IBM Cloud supply chain and develop risk mitigation strategies to reduce the risk exposure to the IBM enterprise
- Track and report Supplier criticality and risks through assessment and ongoing (continuous monitoring) activities
- Represent IBM Cloud in discussions with Cloud stakeholders, Clients and Suppliers
- Develop and implement policies and procedures to improve supplier risk management capabilities of the Supplier Management Office
- Support IBM Cloud Stakeholders and Suppliers in meeting regulatory requirements as determined by operating environments, contractual obligations, governmental organizations, and regulatory bodies globally
- Ensure applicable requirements and regulatory compliance are documented and managed for IBM Cloud Suppliers
- Educate and advise IBM Cloud stakeholders, Clients and Suppliers on risk management strategies and promote process efficiencies through automation and tool integration
- Act in compliance with all relevant IBM business conduct guidelines and client driven processes
- Assist in the creation of solutions that balance business requirements with IBM Cloud security requirements
- Communicate, interact and negotiate with IBM stakeholders, Clients and Suppliers through all levels of the organization globally
Required Technical and Professional Expertise
- At least 10 years of experience in performing Cybersecurity or IT Security risk assessments of 3rd party organizations
- Proficiency in understanding IT environments, to include cloud, hosting, co-location, and enterprise
- Proven ability to lead and organize multi-disciplinary projects and initiatives in a fast-paced and deadline-oriented business environment with broad impact.
- Proven ability to pivot with agility and flexibility.
- Proven ability to define project scope, identify dependencies and resource requirements, analyze risks and define milestones and activities.
- Exceptional attentional to detail.
- Proven analytical skills to normalize supplier management requirements from numerous sources and provide guidance on tools and process to implement to maintain compliance while focused on efficiency and automation.
Preferred Technical and Professional Expertise
- Working knowledge of Cloud offerings and Services
- Bachelor’s Degree in relevant field
- Maintain relevant industry certification(s) in cybersecurity and/or risk management (such as CISA, CISSP, CISM, CRSC)
- Excellent English written and verbal communication
- Basic knowledge and experience in procurement and supply chain