Supply Chain Security Program Manager 5-ProdDev

Job Description

The Supply Chain Security role will lead the analysis to identify hardware supply chain security risk as well as develop and implement mitigation strategies to address each risk. Supply Chain Security Risk Management (SCRM) plans are developed, maintained, and continuously improved over time collaborating with key stakeholders: external manufacturing Tier 1 suppliers, sub tier suppliers (tier 2 & 3), logistics, and transportation providers at a minimum. The role will partner with internal operations teams and design and development team members for the Oracle hardware.

This position requires the development knowledge and application of Oracle Corporate security assurance best practices and processes. These define how to make smart choices that build security into our products and services. These Oracle Software Security Assurance Standards (OSSA) and Oracle Hardware Security Assurance (OHWSA) standards provide guidance across the entire lifecycle of third-party component selection / in-take, product design, development, testing, release, and deployment. Ensuring the delivery of these corporate standards and ensuring they are part of the Supply Chain movement in all the modes (Sea, Transportation, and Air) with the principal theme on the essentials of a robust SCRM will be key. This includes systematically intaking, escalating and triaging problems with relevant owners and teams while ensuring follow-through on resolutions to deliver findings to key partners.

The SCRM activity requires responsibility to collect and analyze data to identify hardware manufacturing, shipping, and delivery security flaws and vulnerabilities in Oracle's supply chain operations, and to provide advice and guidance to help reduce these supply chain risks to Oracle's management team.

This role is a key member of the Supply Chain Organization (SCO) responsible to manufacturing and operations delivering the hardware and firmware to Oracle Cloud Infrastructure (OCI) and Oracle Engineered Systems including Oracle Exadata.

Responsibilities

Working with Security Leads, Security Point of Contacts (SPOCs), Directors and Managers across Oracle Hardware Supply Chain to ensure that Oracle Hardware teams are using the industry's best security practices as detailed in OSSA and OHWSA. This applies to the components that Oracle engineers itself and the third-party hardware components we leverage from industry partners.

This role spans hardware and includes working with Oracle internal teams and external partners. The job extends from Oracle team education and security process support, to performing security technical and process reviews, through to ensuring that Oracle's partners understand Oracle's security requirements for the future.

Key objectives include:

• Identify Hardware Supply Chain risk at the External Manufacturing (tier 1)

• Identify Hardware Supply Chain risk at the Sub tier Suppliers multiple layers deep (tier 1 and tier 2)

• Author Supply Chain Risk Mitigation Plans (SCRM)

• Mitigating security risks associated with supply chain operations.

• Safeguard business interests amidst evolving security requirements from existing customers.

• Facilitating compliance with security prerequisites for strategic growth plans.

• Establish SCRM working with internal and external cross-functions.

Role Details:

• Assess, manage, and mitigate diverse risks across Oracle Supply Chain Operations, bolstering resilience and business continuity through strategic and operational initiatives.

• Partner with Oracle Security Oversight Committee (OSOC) to implement controls and measures to drive overall Supply Chain Hardware protection strategies.

• Collaborate with cross-functional stakeholders to yield high-impact insights and recommendations, thereby steering strategy and scalable implementation plans.

• Lead supply chain security teams overseeing physical and site security, information security, supplier risk management, product security, logistics, and supply chain resiliency programs.

• Stay abreast of supply chain security trends, assessing impact on operational practices and programs.

• Establish and sustain a comprehensive Supply Chain Risk Management (SCRM) and Governance, Risk, and Compliance process in alignment with OSOC programs.

• Instill proactive security controls and policies spanning information assets, product development, and the broader supply chain ecosystem.

• Contribute to the formulation and execution of third-party assessments and supply chain security best practices.

• Collaborate with cross-functional security teams to standardize global site policies and security awareness initiatives.

• Develop a robust security training program for supply chain personnel across global operations.

• Collaborate with the OSOC to articulate Supply Chain Security messaging for customers, business partners, and external parties.

• Conduct periodic security audits alongside relevant teams to ensure compliance across in-house sites, External Manufacturers and Suppliers.

• Develop and maintain a communication framework to update GSC leadership, business and design engineering stakeholders.

• Cultivate a relationship of trust with global supply chain leadership to predict, perceive, mitigate, and manage supply chain risks on a global scale.

• Co-create supply chain risk strategy and vision in alignment with global supply chain leadership.

• Translate strategy into actionable initiatives, incorporating risk management and business resiliency practices.

• Assume overall accountability for the supply chain risk management program, collaborating with cross-functional teams to meet industry and regulatory standards.

• Develop robust business policies, processes and tools for continuous risk assessment, business continuity planning, event anticipation, and recovery management.

• Facilitating and performing supply chain hardware security reviews

• Tracking the progress of supply chain hardware security reviews and producing reports

• Identifying and driving improvements to the security review processes

• Collaborate with Security, Enterprise Risk Management, and Compliance teams to foster cross-functional synergy.

Required Qualifications:

B.S. in Supply Chain Management

7+ years in the field of Supply Chain Management (Hardware) with security expertise

Experience in security analysis/assessments and the ability to audit security or forensic reports.

Expertise across secure development lifecycle e.g., component security reviews, static and dynamic analysis tools

Highly motivated, with a sense of urgency and ability to deliver multiple tasks under timeframe pressure.

Analytical person, who can be both strategic and able to dive into details as needed.

Capable of working independently

Experience with understanding, analyzing, and communicating hardware security vulnerabilities, attacks, and research to Supply Chain Team.

Excellent written and oral communication skills.

Preferred Qualifications:

Experience with implementation of modern server platform hardware

Experience with Cloud security and architecture concepts

Comfortable dealing with ambiguity and ability to adapt to changing environment and needs.

Experience with server platform level security technologies, including but not limited to secure boot, firmware signing, platform firmware security architectures, roots of trust.

Experience with hardware interfaces, including, but not limited to BMCs, PCIe, SAS, NVMe, NAND Flash, NOR Flash, SPI, I2C (incl. SMBus, PMBus), LPC, eSPI, etc.

Skills/Accreditations/Certifications:

• Strong/Expert Communication - thrive in an email, online meetings, and presentation atmosphere, as well be able to speak with large groups of people on Supply Chain Security practices.

• C.S.C.S.S Certification

• Experience with implementing various industry certifications such as ISO 9001, 28001 and NIST.

• Proficiency in project management and metrics design.

• Direct experience in global supply chain operations.

• Experience particularly within manufacturing environments, including Supply Chain Risk Management (SCRM) and/or Business Continuity (BC).

• Experience in executive counseling, influencing, advisory, and communication.

• Track record of effective stakeholder management.

• Demonstrated success in steering complex, multidimensional initiatives from vision through implementation.

• Aptitude for driving agile decision-making and transformative change across organizational tiers.

• Strong problem-solving capabilities, coupled with sound business acumen.

Disclaimer

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range: from $104,000 to $223,500 per annum. May be eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following

1. Medical, dental, and vision insurance, including expert medical opinion

2. Short term disability and long term disability

3. Life insurance and AD&D

4. Supplemental life insurance (Employee/Spouse/Child)

5. Health care and dependent care Flexible Spending Accounts

6. Pre-tax commuter and parking benefits

7. 401(k) Savings and Investment Plan with company match

8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

9. 11 paid holidays

10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

11. Paid parental leave

12. Adoption assistance

13. Employee Stock Purchase Plan

14. Financial planning and group legal

15. Voluntary benefits including auto, homeowner and pet insurance

About Us

As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's problems. True innovation starts with diverse perspectives and various abilities and backgrounds.

When everyone's voice is heard, we're inspired to go beyond what's been done before. It's why we're committed to expanding our inclusive workforce that promotes diverse insights and perspectives.

We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +~~~, option one.

Disclaimer:

Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

*** Which includes being a United States Affirmative Action Employer**