Open-Source Software Compliance Consultant

Job Description:

Ability collaborate with cross-functional teams, and communicate concepts effectively.
Experience with managing risks related to use of third-party software, both OSS and COTS. 
Ability to deal with heterogeneous environments, legacy technology, and ambiguity in processes, and resistance to change, as environment and processes are developed and matured.
Quick learner, logical thinker, can see patterns, and then adapt this thinking to ways of working.
Can work with in-house developed tools and processes.
Good communication skills.

Preferred

Experience working across different cultures and time-zones.
Experience working with project managers and development teams.
Awareness of security, especially in relation to using 3rd party components, including OSS, COTS, and code snippets.
Experience with work with procurement teams.

Third Party Software Clearing Approvals

Pre-evaluation Approval – Check the manual clearing requests to verify that they are in a fit state to be submitted to the clearing team. Also warn requestor of known security / licensing issues. Note: This is not required if the clearing is submitted automatically.
PROR Response Review – Review the development team’s responses to the Permissions, Restrictions. Obligations and Risks (PRORs). Challenge and verify as necessary.
Final Approval – Provide the final approval of the application. If it is being delivered internally then I create the re-usable component. Note: We have an agreed enhancement specification to automate this task, but coding has not yet begun.
Review and approve contributions to the OSS community.

Liaise with the Legal Clearing Team

Negotiate with the Legal Clearing Team to expedite requests as an when necessary.
Monitor and report on the performance of the Clearing Team requests.
Discuss matters of law and negotiate improvements (e.g. recently Apache v2 was treated as a permissive license for the first time).

Provide Support on Third Party Software Clearing Issues

Respond to queries made by development teams and legal counsel.
Maintain training documentation and the FAQ page.
Provide awareness training for new acquisitions.
Provide 1-2-1 training for employees who are new to the clearing process.
Manage the MS Teams page for Third Party Software Clearing stakeholders.
Report on various metrics regarding the clearing process in order to drive change.
Provide Supply Chain Management support to the Product Security community

Tooling and Process Development

Meet with my counterpart in the ‘Factory Automation’ business unit, IT and Legal, on a weekly basis, to drive enhancements to the tooling and the process.
Represent the organization on the ‘Clearing Platform Architecture Board’ together with representatives from all the business units.
Represent the organization on the ‘Open Source Task-Force’ together with representatives from all the business units.
Responsible for educating the stakeholders on enhancements in tools and processes.
Manage enhancement requests.