Skip to main content
Back to jobs

Director, Information Security - GRC

External
aveva logoAveva · Cambridge, UK
Full-timeRemoteToday
ComplianceInformation SecurityLeadershipRisk ManagementSOC 2
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Operating as the central second-line function, the Director sets the standards all federated teams execute against, retains independent oversight and audit rights, and provides joined-up risk governance reporting to the CISO, AVEVA ELT, and Schneider Electric.
  • Security Policy & Standards
  • Define and maintain AVEVA's security policy framework aligned to ISO 27001, NIS2, IEC 62443, and contractual obligations.
  • Set centralised standards for control design and assurance testing across all federated teams; manage the full policy lifecycle in response to evolving threats, regulation, and business context.
  • Risk Assessment & Governance
  • Own the enterprise security risk register and operate governance processes, including regular reporting to the AVEVA Executive Team and Schneider Electric Group Security.
  • Engage business owners in risk treatment decisions and deliver transparent, defensible risk reporting that enables leadership to make informed decisions.
  • Third Party Risk Management
  • Lead the TPRM programme - assessing the security posture of suppliers, SaaS platforms, and technology partners.
  • Integrate risk gates into procurement decisions and drive automation to scale the programme efficiently.
  • Programme Management & Maturity
  • Lead the Security PMO, coordinating investment and improvement initiatives to advance programme maturity.
  • Maintain a transparent security roadmap and actively identify opportunities to automate GRC workflows to increase team capacity and strategic value.
  • Compliance & Certification
  • Own AVEVA's compliance posture across applicable regulatory frameworks.
  • Manage external audits and certifications (ISO 27001, SOC 2).
  • Monitor and anticipate regulatory change including NIS2, CRA, and IEC 62443.
  • People and Functional Leadership
  • Build and develop a high-performing GRC team with a culture of intellectual curiosity and continuous improvement.
  • Set clear objectives, invest in professional development, and act as a visible advocate for the GRC function across AVEVA and Schneider Electric.
  • An assured leader of both direct reports and in-directs to drive strategic alignment and output, setting and maintaining high standards as a

Benefits

Health insurancePaid time offPerformance bonus

Additional Information

AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: Director, Information Security GRC Location: Cambridge | UK Employment type: Full-time regular Benefits: Competitive package with an attractive bonus incentive plan, regionally specific benefits ranging from above the norm paid vacation, contributions to retirement investment plans or pensions, insurances and a many other memberships and perks designed to enhance the workplace experience, your health, and wellbeing. Previous Experience: 10+ years in information security with at least 5 years in a senior role biased towards building capability not just running it. Proven track record of building and leading teams in complex, international and multi-stakeholder environments, with experience reporting security risk to executive leadership and parent company governance structures. Demonstrated ability to drive automation and tooling improvements in GRC workflows to improve program scalability. The job The Director, Information Security GRC leads AVEVA's Governance, Risk and Compliance function within the central Digital Security organization, a key second-line leadership role in AVEVA's federated security model. This position is accountable for the policies, standards, and governance frameworks that protect AVEVA's digital estate and products, and for the risk assurances that AVEVA leadership and Schneider Electric require to make informed business decisions. AVEVA is a fast-growing software company operating in highly regulated markets and is an independent subsidiary of Schneider Electric. The GRC function must be a genuine enabler of business agility, continuously modernizing through automation and innovation. We are building a highly integrated security practice, where all security disciplines share and act in coordination on risk signal. The successful candidate must combine broad security experience with GRC expertise and deeply understand how they interact to deliver the trust promise of AVEVA. They will possess a collaborative mindset, with a passion for data-driven, scalable approaches to security and risk management. Operating at a senior level within this specialised field, and as a member of the functional Senior Leadership team, the Director of Security GRC will often be called on to provide consultation to leaders, and counsel to the CISO. They are responsible for generating new theories, concepts, principles, and methodologies and will contribute significantly to the development of policy for the Digital Security function. As a leader of leaders, and with a global team, this individual must establish a culture of performance excellence, ensuring the team deliver on the demands and expectations of the Security practice, in accordance with our values.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at aveva? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect