Sr. Supply Chain Cybersecurity Engineer at Lamb Weston in EAGLE, Idaho

Job Description:

Job Description Summary

The Sr. Supply Chain Cybersecurity Engineer is responsible for defining, engineering, and governing a comprehensive end2end supply chain information security risk management program. The primary targeted result is the security solidification & risk mitigation of our supply chain that assures our product delivery to customers is not impacted by a security incident or breach incurred by a critical supply chain partner. Additionally, that a security breach of a supply chain partner does not cause a breach of our company.
You will be a hands-on technical leader that defines, drives, or influences technical risk mitigation controls that reduce risk to an acceptable appetite or tolerance. You will develop strategies and capabilities to protect our products and supply chain against advanced cybersecurity threats. In this role, you will develop supply chain recommendations and integrate risk management and supply chain processes across all of Lamb Weston's businesses and all global locations. You will work with our various supply chain partners, and internal stakeholders such as Legal and Procurement to ensure our Supply Chain Security Risk Management Policies, Standards, Control Objectives & Activities are technically and contractually fulfilled by our supply chain partners, and as appropriate internally to Lamb Weston.
Current operations are in countries such as the US, Canada, Mexico, China, Australia, Singapore, Argentina, and the list is growing. The position will also work closely with our joint venture partner Lamb Weston Meijer with operations in the UK, Netherlands, and Austria.



Job Description

• Lead and coordinate cross functional teams to develop and implement the supply chain information security Governance, Risk, and Compliance strategy, portfolio, programs and projects


• Research, analyze, communicate and drive related stakeholder, legal and regulatory requirements, standards, industry best practices and provide strategic guidance to internal & external stakeholders to ensure compliance with our requirements and regulations.


• Lead security assessments and evaluations for compliance with strong security policies, standards, practices & regulatory compliance while maintaining velocity.


• Influence third parties or vendors to improve security with superb communication of security requirements that reinforce strategic technology partnerships & goals.


• Partner with onboarded vendors to implement creative risk mitigation controls and maintain as per agreement.


• Partner with legal & procurement teams in negotiating security terms.


• Promote information security awareness of evolving industry supply chain & third-party risks and mitigation best practices.


• Work effectively across geographical and organizational boundaries and act as a change agent driving adoption of our supply chain cybersecurity program both internally and externally with our suppliers.


• Manage resources and tools to develop and deliver programs, materials and other related resources that supports the overall Supply Chain Security Risk Management sourcing strategy.


• Develop evaluation and assessment methods and manage assurance programs for end-to-end supply chain including understanding trends, threats, vulnerabilities, risks and opportunities for improvement / corrective action plans.


• Identify information security program gaps and associated risks at 3rd parties / vendors


• Ability to provide supply chain partners with strategic directions, technological evolutions, and sharing of best practices to build collaborative relationships that help them improve their security risk management results that improve their companies' security rigor and effectiveness. Thus, solidifying our supply chain.


• Must be familiar with the latest industry guidance on protecting and defending against software supply chain attacks, and their impacts to upstream and downstream components.


• Develop and drive program to operationalize and automate the supply chain security vision across the business with an emphasis on gaining measurable and actionable results.


• Build a strong security community across the company's functional, business and technology organizations.


• Develop and maintain a program that informs business unit and functional group leadership of the top supply chain security risks and overall security health of the program.

• Bachelor's degree in Information/Cyber Security, Information Assurance, or similar degree


• 7+ years of overall information/cyber security hands-on technical professional experience required


• 3 years of recent 3rd Party / Supply Chain security risk management, with emphasis on "mitigation" experience required. i.e. implementing risk mitigation, not just assessing it.


• 2 years of recent experience in Security Operations or similar hands-on experience with security tools is a significant plus. i.e. Hands-on vs theoretical book smart.


• Certifications: 2 or more of the following: CRISC, CISSP, CEH, AWS Cloud certifications, CISM, CISA or similar


• Ability for 25% travel

• Broad technical knowledge of security risk mitigation controls, cloud and SaaS computing, security standards / frameworks (ISO, CIS, NIST, etc.), identity and access management, service-oriented architectures, distributed systems, networking, modern application architectures; plus, a strong understanding of virtualization, storage systems, high availability and high scalability using modern techniques


• Expertise and thought leadership across all aspects of supply chain and 3rd party cybersecurity.


• Deep understanding of security vulnerabilities, their mitigations, and ability to communicate details appropriate to audience levels


• Strong communications skills with all levels of an organization, including executive and front-line employees


• Demonstrated experience dealing with security challenges and issues confronting a large, geographically distributed, departmentally diverse, global organization


• Understanding of security and privacy regulations and standards is desirable


• Proven success delivering large, complex global security programs


• Information Security hands-on skills that span all security domains, e.g. endpoint, network, SOC


• Excellent engineering and leadership abilities


• Demonstrated problem-solving and analytical skills