Salesforce Global Risk & Compliance Lead

AVEVA is creating software trusted by over 90% of leading industrial companies.

Job Title: Salesforce Global Risk & Compliance Lead

Location: London or Cambridge

Employment Type: full-time

The job

We are seeking a highly experienced Global Risk & Compliance Lead to oversee risk management security and compliance for our Sales Enablement platforms primarily focused on Salesforce. This role is responsible for ensuring that Salesforce solutions meet global regulatory requirements align with enterprise risk frameworks and maintain the highest standards of data protection security and governance. Reporting to the Sales Enablement Domain Director with a dotted line to the Head of IT GRC this position collaborates closely with Sales Enablement teams to document control designs organize evidence collection manage dependencies (e.g. JML feeds from HR access reviews by Business Owners) and strengthen Role-Based Access Control (RBAC) structures. The key objective is to ensure compliance with Sarbanes-Oxley (SOX) requirements implement controls from the Crown Jewel Security Playbook (e.g. risk assessments access reviews patching backups) and satisfy the Crown Jewel Security Policy by protecting critical assets through governance identification protection detection response and recovery measures.

The ideal candidate will bring deep expertise in compliance risk management and Salesforce governance with the ability to work with globally distributed teams and collaborate across business legal and technology functions.

Responsibilities

Governance & Risk Management

• Define and maintain global compliance and risk frameworks for Salesforce implementation and operations.
• Documenting control designs for Sales Enablement processes ensuring alignment with Crown Jewel Playbook controls (e.g. critical stakeholder inventory supply chain risk management risk assessments data inventory user access reviews).
• Project managing dependencies on other teams such as timely Joiner-Mover-Leaver (JML) feeds from HR and access reviews by Business Owners.
• Conduct risk assessments to identify evaluate and mitigate risks related to Salesforce data processes and integrations.
• Develop controls to ensure compliance with internal policies and external regulations.

Regulatory & Compliance Oversight

• Ensure Salesforce configuration and operations comply with global and regional regulations (e.g. GDPR SOX).
• Tightening RBAC structures by reviewing and documenting roles permissions and access controls ensuring least privilege and periodic reviews.

Security & Controls

• Collaborate with IT Security to design and enforce secure Salesforce configurations (SSO MFA RBAC encryption).
• Ensure proper segregation of duties and implement internal controls within Salesforce.
• Oversee third-party application and integration risk assessments.
• Preparing for and responding to cybersecurity incidents within Sales Enablement scope driving internal innovation to define best practices for securing the domain.
• Mitigating cybersecurity risks generated by Sales Enablement activities ensuring policies are applied and critical assets (Crown Jewels) are protected.

Audit & Monitoring

• Define audit-ready processes and provide evidence of compliance for internal and external audits.
• Establish monitoring logging and reporting mechanisms for ongoing compliance validation.
• Ensuring SOX compliance by gathering timely evidence of control operation and proactively preparing audit responses.
• Measuring compliance with IT policies setting KPIs and initiating activities to close gaps preparing submissions for audits and the Executive Risk Committee.
• Implement continuous improvement to address findings from audits and risk reviews.

Stakeholder Management & Enablement

• Act as a key liaison between compliance security business and Salesforce program leadership.
• Provide guidance and training to Salesforce admins developers and business stakeholders on compliance best practices.
• Acting as the Digital Risk representative for the Domain interacting with other relevant GRC teams as required.
• Keep up-to-date with Salesforce releases platform changes and emerging technologies to ensure our performance strategy remains cutting-edge.

Skills & Qualifications

Ideal Skills

• ISACA (or equivalent) qualification: Certified Information Systems Auditor (CISA) or Certified Information System Manager (CISM) or Certified Governance of Enterprise IT (CGEIT).
• 5 years of experience in risk compliance or governance roles with at least 3 years focused on Salesforce or large-scale SaaS implementations.
• Strong knowledge of global data protection regulations (GDPR) and industry compliance frameworks (SOX ISO 27001).
• Salesforce certifications (e.g. Salesforce Administrator Security & Privacy Specialist).
• Proven track record in implementing risk and compliance programs across multiple geographies.
• Experience with Salesforce security and compliance features including Shield encryption access controls and audit logging.
• Experience estimating costs of remediation activities / projects split by one-off vs recurring costs.
• Proficiency in documenting risk and control mappings for review by external auditors with appreciation of impacts on financial statements.
• Ability to document and coach others on business process and system mapping including RBAC structures.
• MS Office especially MS Outlook Excel PowerPoint and SharePoint; analytics skills an advantage.
• Knowledge of Crown Jewel Playbook controls (e.g. patching MFA data encryption incident response) and Policy directives (e.g. govern protect detect).
• Excellent communication stakeholder management and leadership skills.

Desired skills

• Experience leading compliance efforts in multi-cloud Salesforce environments (Sales Cloud Service Cloud Marketing Cloud etc.).

IT at AVEVA

Our global team of 300 IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company we help keep the business healthy and productivity high. We also provide key support for the transformation and modernisation efforts globally.

We pride ourselves on a collaborative inclusive and authentic culture that provides a framework allowing for autonomy whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members you will feel part of something special from the first day you join.

Find out more: Benefits include:

Flexible benefits fund emergency leave days adoption leave 28 days annual leave (plus bank holidays) pension life cover private medical insurance parental leave education assistance program.

Its possible were hiring for this position in multiple countries in which case the above benefits apply to the primary location. Specific benefits vary by country but our packages are similarly comprehensive.

Find out more: working

By default employees are expected to be in their local AVEVA office three days a week but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

Find out more: AVEVA

AVEVA is a global leader in industrial software with more than 6500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life such as energy infrastructure chemicals and minerals safely efficiently and more sustainably.

We are committed to embedding sustainability and inclusion into our operations our culture and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: out more: requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may subject to those laws include proof of educational attainment employment history verification proof of work authorization criminal records identity verification credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.