At Dispel, we secure the systems that keep the world running.
We enable safe, reliable access to critical infrastructure by applying a zero trust model to industrial and operational technology (OT) environments—where traditional security approaches fall short. Our platform delivers secure remote access and data connectivity without exposing networks, allowing teams to operate, maintain, and scale essential systems with confidence.
What You’ll Do:1. Own Procurement End-to-End (Top Priority)- Run the full lifecycle of vendor procurement from intake through onboarding, contract execution, and activation.
- Push stakeholders to define clear requirements, business justification, and budget alignment—not just intake requests.
- Evaluate vendors across cost, capability, risk, and strategic fit, and guide teams toward the right decisions (not just process them).
- Maintain and evolve the Approved Vendor List, driving consolidation and better commercial outcomes where possible.
- Lead vendor onboarding and risk assessment end-to-end, with clear ownership and accountability.
- Evaluate vendor security posture (SOC 2 Type II, ISO 27001, etc.) and map controls to NIST 800-53 requirements.
- Prepare and present vendor packages for approval, including risk, compliance, and cost analysis.
- Make and document vendor approval/rejection recommendations with clear rationale.
- Act as the procurement lead during vendor security incidents, ensuring vendors meet contractual obligations and remediation timelines.
- Own and improve procurement workflows, SLAs, and tooling—this role is expected to fix broken processes, not just run them.
- Maintain visibility across all active vendors with clear owners, timelines, and escalation paths.
- Reduce cycle time, eliminate back-and-forth, and make procurement a fast, predictable function.
- Collaborate with Finance to resolve invoice discrepancies, payment issues, and reconciliation gaps across vendors
- Support accurate and timely financial operations tied to vendor contracts, ensuring clean handoffs between procurement, AP, and AR functions
- Assist with Finance to complete accounts payable and receivable processes, including billing, invoicing, and payment workflows including vendor invoice payments and customer billings when needed
- Own contract execution—draft, redline, and negotiate NDAs, MSAs, DPAs, and security addenda with minimal oversight.
- Drive negotiations directly with vendors, balancing risk, speed, and business priorities.
- Ensure all contracts meet FedRAMP and security requirements, including required clauses and control alignment.
- Partner with Legal and Security on complex issues, but don’t rely on them to drive the process.
- Build and refine contract templates and negotiation playbooks to scale the function.
RequirementsQualifications
- 5–8+ years of experience in procurement, strategic sourcing, contracting, or vendor management.
- Proven track record of owning contract negotiations and execution independently.
- Experience working with security, compliance, and legal stakeholders in a regulated or security-conscious environment.
- Comfortable operating with ambiguity and minimal structure—and improving it.
- Experience in FedRAMP or similarly regulated environments.
- Strong familiarity with NIST 800-53 and third-party risk frameworks.
- Experience supporting cybersecurity, SaaS, or infrastructure vendors.
- Experience building or scaling procurement/contracting functions in a startup or high-growth company.
- Experience supporting or owning contract review and legal workflows (redlining, negotiation exposure); J.D. degree is a bonus.
- Strong contract negotiation and redlining capability.
- Ability to push back and influence stakeholders when needed.
- Highly organized, able to manage multiple complex workstreams simultaneously.
- Clear, direct communicator—keeps things moving.
- Comfortable with tools like Excel, Word, and platforms such as Drata, Box, Brex.
Benefits
- Base salary up to 115K
- Performance bonus eligible
- Equity eligible
- Generous PTO
- Fully remote
- Medical, vision, dental insurance
- 401K company match
Top Skills
What We Do
Dispel's flagship product, the Dispel Zero Trust Engine (ZTE), simplifies secure remote access, data streaming, micro-segmentation, and ongoing threat detection for industrial control systems and cyber-physical environments. An award-winning platform, Dispel has also received industry recognition as a Gartner Cool Vendor and Forrester New Wave Leader. Founded in 2015, Dispel pioneered the first network-level moving target defense SD-WANs and holds over 42 patents across networking, access control, managed attribution, and zero trust. Today Dispel has grown to enable the every day; protecting over 50% of the baby formula made in the U.S., 1 in 5 non-alcoholic beverages in America, utilities for over 54 million people, and over $500 billion in annual manufacturing globally. We work with industrials, utilities, manufacturing, military and government markets around the world through partner channels. Over the past nine years, Dispel has developed a mature and well-tested zero trust platform for cyber physical system (CPS) with over 2 million hours of successful operations. Dispel’s all-in-one platform supports clients aligning their processes with cybersecurity frameworks including IEC 62443; NIST 800-53, 800-82, 800-160 Volume 2; NERC-CIP; and CMMC. Available in SaaS, customer cloud, or fully on-premises deployments, Dispel includes simple, robust, and secure features including: multi-factor authentication, zero trust architecture, moving target defense, time-based access, end-to-end encryption, granular access controls, real time monitoring and alerts, session recording & dual sessions, and password vaulting. Clients receive support through our U.S. operations team. At the [Dispel Enterprise Academy](https://dispel.com/training) users, administrators, and partners earn Dispel Certifications and receive comprehensive training. For more details on our platform, please visit: https://dispel.com/products/zero-trust-access
Why Work With Us
If you're passionate about critical infrastructure, this is the place to be. Dispel simplifies secure remote access, OT DMZ unification, and threat detection for industrial control systems and cyber-physical environments. Since 2015 we've grown to enable the every day for millions worldwide.
Gallery
.png){kind=logo}
