Procurement Manager – Cybersecurity

Procurement Manager – Cybersecurity

Department: Information Security / Supply Chain / IT Procurement

**Contract**

Job Summary:

The Procurement Manager – Cybersecurity is responsible for sourcing, evaluating, and managing vendors that provide cybersecurity solutions, software, and services. This role ensures that all technology acquisitions align with the organization’s security strategy, budget, and compliance requirements. The manager collaborates with IT, legal, and finance teams to negotiate contracts, mitigate supply chain risks, and maintain strong vendor performance and security standards.

Key Responsibilities:

Strategic Sourcing & Vendor Management

• Develop and execute procurement strategies for cybersecurity tools, services, and infrastructure (e.g., firewalls, endpoint protection, SIEM, threat intelligence, cloud security, and managed security services).
• Identify, evaluate, and onboard cybersecurity vendors and technology providers.
• Negotiate pricing, licensing, and service level agreements (SLAs) with a focus on value, performance, and security compliance.
• Maintain a vendor risk management framework to assess supplier security posture and regulatory compliance.

Contracting & Compliance

• Collaborate with Legal and Information Security teams to draft and review cybersecurity-related contracts, NDAs, and data protection agreements.
• Ensure all procurements comply with cybersecurity standards such as NIST, ISO 27001, SOC 2, GDPR, HIPAA, or other relevant regulations.
• Monitor vendor performance, conduct periodic audits, and ensure adherence to contractual and cybersecurity obligations.

Budgeting & Cost Optimization

• Manage cybersecurity procurement budgets and forecasts.
• Evaluate cost-saving opportunities through volume licensing, contract consolidation, and supplier negotiation.
• Track total cost of ownership (TCO) for cybersecurity tools and subscriptions.

Collaboration & Leadership

• Partner with IT, Security Operations, Risk Management, and Finance to support organizational security initiatives.
• Lead and mentor procurement analysts or specialists within the IT or cybersecurity domain.
• Stay updated on emerging cybersecurity products, vendors, and market trends.

Qualifications:

• Education: Bachelor’s degree in Supply Chain Management, Information Technology, Cybersecurity, Business Administration, or related field.
• Experience: 5–8 years in procurement or supply chain management, with at least 3 years focused on technology or cybersecurity procurement.
• Certifications (Preferred):
  • Procurement: CPSM, CIPS, or CPM
  • Cybersecurity: CISSP, CISM, or Security+
  • Vendor Risk Management: ISO 27036 or similar

Skills & Competencies:

• Deep understanding of cybersecurity products, licensing models, and vendor ecosystems.
• Strong contract negotiation and vendor risk assessment skills.
• Knowledge of information security and data privacy regulations.
• Proficiency in ERP and procurement software (e.g., SAP Ariba, Coupa, ServiceNow).
• Excellent analytical, communication, and leadership abilities.