Director, Information Security - Assurance

Responsibilities

• Controls Assurance Programme
• Design and lead a continuous controls assurance programme that independently tests whether security controls across all federated teams are operating effectively against policy objectives and centrally defined standards.
• Drive automation to shift from periodic point-in-time reviews to ongoing, evidence-based control monitoring.
• Independent Testing & Technical Review
• Commission and oversee in-depth technical assurance activities including penetration testing, configuration reviews, and control effectiveness assessments.
• Provide objective, evidence-based findings across the AVEVA digital estate - covering IT, cloud, product, and R&D environments.
• Audit & Compliance Readiness
• Own the security evidence library and lead coordination of external audit and certification processes (ISO 27001, SOC 2).
• Leverage proactive assurance activity to build continuous audit readiness rather than reactive preparation reusing assurance evidence to reduce duplication of effort.
• Control Weakness & Remediation
• Identify control weaknesses and coverage gaps across the AVEVA estate including areas where controls are under-deployed, misconfigured, or ineffective against the threat landscape.
• Drive remediation tracking through the GRC risk register and report progress to the CISO and leadership.
• Assurance Reporting
• Provide high-quality, evidence-based assurance reporting to the CISO, AVEVA Executive Team, and Schneider Electric Group Security.
• Translate technical findings into clear, actionable risk insight that directly informs governance decisions and the enterprise risk register.
• People and Functional Leadership
• Build and develop a high-performing Assurance team with a culture of rigour, intellectual curiosity, and continuous improvement.
• Set clear objectives, invest in professional developme

Additional Information

AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: Director, Information Security - Assurance Location: Cambridge | UK Employment type: Full-time regular Previous Experience: 10+ years in information security with at least 5 years in a senior role biased towards building audit/assurance capability, not just running it. Proven track record of building and leading assurance or audit teams in complex, international and multi-stakeholder environments. Experience designing and operating controls assurance programmes spanning IT, cloud, and product security domains, with direct exposure to external audit and certification processes (ISO 27001, SOC 2). The job The Director, Information Security - Assurance leads AVEVA's Security Assurance function within the central Digital Security organization a critical second-line leadership role in AVEVA's federated security model. This role is accountable for independently testing whether AVEVA's security controls are operating as designed, providing the objective evidence that underpins the risk assurances given to AVEVA leadership and Schneider Electric, and connecting assurance findings directly to the risk register and governance process. AVEVA is a fast-growing software company operating in highly regulated markets and is an independent subsidiary of Schneider Electric. The Assurance function must be a scalable, continuously improving capability; evolving beyond point-in-time testing towards automated, data-driven assurance that provides real-time visibility into control effectiveness across the AVEVA estate. We are building a highly integrated security practice, where all security disciplines share and act in coordination on risk signal. The successful candidate must combine deep technical assurance expertise with a collaborative mindset, working closely with the GRC function to close the loop between testing and governance, and with federated teams who own the controls being assessed. They will bring analytical rigour, a passion for automation, and the courage to surface findings clearly and honestly. As a senior leader, and member of the functional SLT, the Director of Security - Assurance will routinely be called on to provide consultation to business leaders, and counsel to the CISO and peers. They are responsible for generating new theories, concepts, principles and methodologies and will contribute significantly to the development of policy for the Digital Security function. As a leader of leaders, this individual must establish a culture of performance excellence, ensuring the team reflect the demands and expectations of the business, our internal and external stakeholders, in accordance with AVEVA's values.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at aveva? Share your experience