Supply Chain Security
Role Overview
The role of Supply Chain Security is to support the organisation to effectively identify, analyse, and mitigate the risks that arise while working with other entities as part of its supply chain. This includes onboarding and monitoring security performance of suppliers in a consistent and risk-driven way.
Role level
Typical role level expectations
- Collate, manage, and track information relating to the organisation’s suppliers to provide full oversight of the supply chain.
- Provide security support and input to lower risk supplier pre-contract engagements.
- Responsible for data and reporting relating to supplier security performance and assurance.
Typical role level expectations
- Be the security expert working with Commercial Teams and Business Groups to manage security considerations at all stages of the procurement process.
- Work with suppliers to gather information for reviews across the supply chain.
- Work with operational contract managers and other stakeholders to highlight any gaps or concerns and assist them to develop plans of remediation.
- Provide escalation route technical queries, risks and issues.
Typical role level expectations
- Be the organisational authority on the security status of suppliers and being responsible for meeting Supplier Security Standards set for Government.
- Ensure resources are sufficiently aligned to support operational supplier security demands both pre and post award of the contract.
- Drive continuous improvement in supplier security risk analysis, planning and assurance policies and procedures, ensuring they meet and influence best practice across government.
- Ensure all supplier security activities adhere to quality standards and comply with government regulations and industry best practice.
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Applied security capability | Awareness | Working | Working |
| Security Risk Management | Awareness | Awareness | Working |
| Protective security | Awareness | Awareness | Working |
| Secure operations management | Awareness | Awareness | Awareness |
| Secure supply chain management | Awareness | Awareness | Practitioner |
| Risk understanding and mitigation | Awareness | Working | Practitioner |
Core learning
Associate
Risk Management for Non-Risk Professionals
ISO/IEC 27001 Foundation
SEC547: Defending Product Supply Chains
Lead
Supply Chain and Continuity Management Course
SEC547: Defending Product Supply Chains
ISO 28000 Lead Auditor
Principal
ISO 28000 Lead Implementer
Certified Security Risk Manager
NPSA – Leadership Guidance