Director, Information Security GRC

AVEVA


Job Location:

Cambridge - UK

Monthly Salary: Not Disclosed
Posted on: 3 days ago
Vacancies: 1 Vacancy

Job Summary

AVEVA is creating software trusted by over 90% of leading industrial companies.

Job Title: Director Information Security GRC

Location: Cambridge UK

Employment type: Full-time regular

Benefits: Competitive package with an attractive bonus incentive plan regionally specific benefits ranging from above the norm paid vacation contributions to retirement investment plans or pensions insurances and a many other memberships and perks designed to enhance the workplace experience your health and wellbeing.

Previous Experience: 10 years in information security with at least 5 years in a senior role biased towards building capability not just running it. Proven track record of building and leading teams in complex international and multi-stakeholder environments with experience reporting security risk to executive leadership and parent company governance structures. Demonstrated ability to drive automation and tooling improvements in GRC workflows to improve program scalability.

The job

The Director Information Security GRC leads AVEVAs Governance Risk and Compliance function within the central Digital Security organization a key second-line leadership role in AVEVAs federated security model. This position is accountable for the policies standards and governance frameworks that protect AVEVAs digital estate and products and for the risk assurances that AVEVA leadership and Schneider Electric require to make informed business decisions.

AVEVA is a fast-growing software company operating in highly regulated markets and is an independent subsidiary of Schneider Electric. The GRC function must be a genuine enabler of business agility continuously modernizing through automation and innovation.

We are building a highly integrated security practice where all security disciplines share and act in coordination on risk signal. The successful candidate must combine broad security experience with GRC expertise and deeply understand how they interact to deliver the trust promise of AVEVA. They will possess a collaborative mindset with a passion for data-driven scalable approaches to security and risk management.

Operating at a senior level within this specialised field and as a member of the functional Senior Leadership team the Director of Security GRC will often be called on to provide consultation to leaders and counsel to the CISO. They are responsible for generating new theories concepts principles and methodologies and will contribute significantly to the development of policy for the Digital Security function.

As a leader of leaders and with a global team this individual must establish a culture of performance excellence ensuring the team deliver on the demands and expectations of the Security practice in accordance with our values.

Key Responsibilities

Operating as the central second-line function the Director sets the standards all federated teams execute against retains independent oversight and audit rights and provides joined-up risk governance reporting to the CISO AVEVA ELT and Schneider Electric.

Security Policy & Standards

  • Define and maintain AVEVAs security policy framework aligned to ISO 27001 NIS2 IEC 62443 and contractual obligations.
  • Set centralised standards for control design and assurance testing across all federated teams; manage the full policy lifecycle in response to evolving threats regulation and business context.

Risk Assessment & Governance

  • Own the enterprise security risk register and operate governance processes including regular reporting to the AVEVA Executive Team and Schneider Electric Group Security.
  • Engage business owners in risk treatment decisions and deliver transparent defensible risk reporting that enables leadership to make informed decisions.

Third Party Risk Management

  • Lead the TPRM programme assessing the security posture of suppliers SaaS platforms and technology partners.
  • Integrate risk gates into procurement decisions and drive automation to scale the programme efficiently.

Programme Management & Maturity

  • Lead the Security PMO coordinating investment and improvement initiatives to advance programme maturity.
  • Maintain a transparent security roadmap and actively identify opportunities to automate GRC workflows to increase team capacity and strategic value.

Compliance & Certification

  • Own AVEVAs compliance posture across applicable regulatory frameworks.
  • Manage external audits and certifications (ISO 27001 SOC 2).
  • Monitor and anticipate regulatory change including NIS2 CRA and IEC 62443.

People and Functional Leadership

  • Build and develop a high-performing GRC team with a culture of intellectual curiosity and continuous improvement.
  • Set clear objectives invest in professional development and act as a visible advocate for the GRC function across AVEVA and Schneider Electric.
  • An assured leader of both direct reports and in-directs to drive strategic alignment and output setting and maintaining high standards as a member of the Digital Security Senior Leadership Team.
  • Possesses a demonstrated ability to navigate ambiguity and make tough decisionsranging from structural re-organizations and budgetary choices to talent optimizationwhile maintaining team morale transparency and a people-first culture in accordance with AVEVAs values.

Skills and Experience

  • 10 years in information security with at least 5 years in a senior role biased towards building capability not just running it.
  • Deep expertise in GRC frameworks: ISO 27001 NIST CSF NIS2 IEC 62443 SOC 2.
  • Strong understanding of security policy lifecycle management control framework design and risk register governance.
  • Experience in operating in regulated markets (ISO 27001 SOC 2 NIS2 IEC 62443).
  • Proven track record of building and leading teams in complex international and multi-stakeholder environments. Experience of leading leaders is advantageous.
  • Reporting security risk to executive leadership and parent company governance structures.
  • Driving automation and tooling improvements in GRC workflows to improve program scalability.
  • Execution bias; demonstrated ability to act tactically while innovating next generation solutions.
  • Rational empathy; demonstrated experience in aligning security imperatives with the goals and values of the organization.
  • Natural collaborator; demonstrated experience delivering joined up solutions.
  • Data literate automation biased operationally fluent.
  • Excellent risk communication skills.
  • Commercial acumen and working knowledge of cloud security DevSecOps and Agile delivery practices.

Desired/Preferred

  • Industrial software OT/ICS security or technology companies serving critical infrastructure or highly regulated industries.
  • Working within a large enterprise group security governance structure as a subsidiary security leader.
  • Working with AI and machine learning applications in security.
  • Professional certifications: CISSP CISM CRISC or ISO 27001 Lead Implementer / Lead Auditor.
  • Experience in a federated matrixed or multi-subsidiary structure driving standards across organizational boundaries.

Competencies

  • Adaptable and resilient: Thrives in dynamic environments; maintains strategic focus through regulatory change and organisational evolution.
  • Practical and logical: Structured thinking with a bias toward pragmatic implementable solutions.
  • Self-motivated and decisive: Comfortable making and owning decisions in ambiguous situations.
  • Collaborative and influential: Earns influence through credibility and expertise; builds trusted relationships across federated teams and leadership.
  • Transparent and courageous: Surfaces difficult risk findings and brings problems to leadership.
  • Curious and growth-oriented: Continuously learning about emerging threats regulatory change and improvements in automation and tooling.

#LI-DY1


UK Benefits include:

Flexible benefits fund emergency leave days adoption leave 28 days annual leave (plus bank holidays) pension life cover private medical insurance parental leave education assistance program.


Its possible were hiring for this position in multiple countries in which case the above benefits apply to the primary location. Specific benefits vary by country but our packages are similarly comprehensive.


Find out more: working

We work in a hybrid way at AVEVA. Most roles are based at a local AVEVA office with an expectation of being on-site 50% of your working hours to support collaboration and connection. Some positions are fully office-based depending on the nature of the work and certain roles that support specific customers or markets may be remote. The working arrangement for this position will be confirmed during the hiring process.


Hiring process

Interested Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.


Find out more: AVEVA

AVEVA is a global leader in industrial software with more than 6500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life such as energy infrastructure chemicals and minerals safely efficiently and more sustainably.


We are committed to embedding sustainability and inclusion into our operations our culture and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: out more: requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may subject to those laws include proof of educational attainment employment history verification proof of work authorization criminal records identity verification credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.


AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.


Required Experience:

Director

AVEVA is creating software trusted by over 90% of leading industrial companies.Job Title: Director Information Security GRCLocation: Cambridge UKEmployment type: Full-time regularBenefits: Competitive package with an attractive bonus incentive plan regionally specific benefits ranging from above ...

About Company

Company Logo

At AVEVA, we work with you and harness the power of our ecosystem, to deliver solutions and expertise to optimize engineering, operations and performance.

View Profile View Profile