Supply Chain Security
Role overview
The role of Supply Chain Security is to support the organisation to effectively identify, analyse, and mitigate the risks that arise while working with other entities as part of its supply chain. This includes onboarding and monitoring security performance of suppliers in a consistent and risk-driven way.
Role level
Typical role expectations
- Collate, manage, and track information relating to the organisation’s suppliers to provide full oversight of the supply chain.
- Provide security support and input to lower risk supplier pre-contract engagements.
- Responsible for data and reporting relating to supplier security performance and assurance.
Typical role expectations
- Be the security expert working with Commercial Teams and Business Groups to manage security considerations at all stages of the procurement process.
- Work with suppliers to gather information for reviews across the supply chain.
- Work with operational contract managers and other stakeholders to highlight any gaps or concerns and assist them to develop plans of remediation.
- Provide escalation route technical queries, risks and issues.
Typical role expectations
- Be the organisational authority on the security status of suppliers and being responsible for meeting Supplier Security Standards set for Government.
- Ensure resources are sufficiently aligned to support operational supplier security demands both pre and post award of the contract.
- Drive continuous improvement in supplier security risk analysis, planning and assurance policies and procedures, ensuring they meet and influence best practice across government.
- Ensure all supplier security activities adhere to quality standards and comply with government regulations and industry best practice.
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Applied security capability | Awareness | Working | Working |
| Security Risk Management | Awareness | Awareness | Working |
| Protective security | Awareness | Awareness | Working |
| Secure operations management | Awareness | Awareness | Awareness |
| Secure supply chain management | Awareness | Awareness | Practitioner |
| Risk understanding and mitigation | Awareness | Working | Practitioner |
Core learning
Associate
Risk Management for Non-Risk Professionals
SEC568: Product Security Penetration Testing – Safeguarding Supply Chains and Managing Third-Party Risk
Lead
SEC568: Product Security Penetration Testing – Safeguarding Supply Chains and Managing Third-Party Risk
Principal
SEC568: Product Security Penetration Testing – Safeguarding Supply Chains and Managing Third-Party Risk
QACSRM (Certified Security Risk Manager)