AVEVA is creating software trusted by over 90% of leading industrial companies.
Job Title: Salesforce Global Risk & Compliance Lead
Location: London or Cambridge
Employment Type: full-time
The job
We are seeking a highly experienced Global Risk & Compliance Lead to oversee risk management, security, and compliance for our Sales Enablement platforms, primarily focused on Salesforce. This role is responsible for ensuring that Salesforce solutions meet global regulatory requirements, align with enterprise risk frameworks, and maintain the highest standards of data protection, security, and governance. Reporting to the Sales Enablement Domain Director with a dotted line to the Head of IT GRC, this position collaborates closely with Sales Enablement teams to document control designs, organize evidence collection, manage dependencies (e.g., JML feeds from HR, access reviews by Business Owners), and strengthen Role-Based Access Control (RBAC) structures. The key objective is to ensure compliance with Sarbanes-Oxley (SOX) requirements, implement controls from the Crown Jewel Security Playbook (e.g., risk assessments, access reviews, patching, backups), and satisfy the Crown Jewel Security Policy by protecting critical assets through governance, identification, protection, detection, response, and recovery measures.
The ideal candidate will bring deep expertise in compliance, risk management, and Salesforce governance, with the ability to work with globally distributed teams and collaborate across business, legal, and technology functions.
Responsibilities
1. Define and maintain global compliance and risk frameworks for Salesforce implementation and operations.
2. Documenting control designs for Sales Enablement processes, ensuring alignment with Crown Jewel Playbook controls (e.g., critical stakeholder inventory, supply chain risk management, risk assessments, data inventory, user access reviews).
3. Project managing dependencies on other teams, such as timely Joiner-Mover-Leaver (JML) feeds from HR, and access reviews by Business Owners.
4. Conduct risk assessments to identify, evaluate, and mitigate risks related to Salesforce data, processes, and integrations.
5. Develop controls to ensure compliance with internal policies and external regulations.
6. Ensure Salesforce configuration and operations comply with global and regional regulations (e.g., GDPR, SOX).
7. Tightening RBAC structures by reviewing and documenting roles, permissions, and access controls, ensuring least privilege and periodic reviews.
8. Collaborate with IT Security to design and enforce secure Salesforce configurations (SSO, MFA, RBAC, encryption).
9. Ensure proper segregation of duties and implement internal controls within Salesforce.
10. Oversee third-party application and integration risk assessments.
11. Preparing for and responding to cybersecurity incidents within Sales Enablement scope, driving internal innovation to define best practices for securing the domain.
12. Mitigating cybersecurity risks generated by Sales Enablement activities, ensuring policies are applied and critical assets (Crown Jewels) are protected.
13. Define audit-ready processes and provide evidence of compliance for internal and external audits.
14. Establish monitoring, logging, and reporting mechanisms for ongoing compliance validation.
15. Ensuring SOX compliance by gathering timely evidence of control operation and proactively preparing audit responses.
16. Measuring compliance with IT policies, setting KPIs, and initiating activities to close gaps, preparing submissions for audits and the Executive Risk Committee.
17. Implement continuous improvement to address findings from audits and risk reviews.
18. Act as a key liaison between compliance, security, business, and Salesforce program leadership.
19. Provide guidance and training to Salesforce admins, developers, and business stakeholders on compliance best practices.
20. Acting as the Digital Risk representative for the Domain interacting with other relevant GRC teams as required.
21. Keep up-to-date with Salesforce releases, platform changes, and emerging technologies to ensure our performance strategy remains cutting-edge.
Skills & Qualifications
22. ISACA (or equivalent) qualification: Certified Information Systems Auditor (CISA), or Certified Information System Manager (CISM), or Certified Governance of Enterprise IT (CGEIT).
23. 5+ years of experience in risk, compliance, or governance roles, with at least 3 years focused on Salesforce or large-scale SaaS implementations.
24. Strong knowledge of global data protection regulations (GDPR) and industry compliance frameworks (SOX, ISO 27001).
25. Salesforce certifications (e.g., Salesforce Administrator, Security & Privacy Specialist).
26. Proven track record in implementing risk and compliance programs across multiple geographies.
27. Experience with Salesforce security and compliance features, including Shield, encryption, access controls, and audit logging.
28. Experience estimating costs of remediation activities / projects, split by one-off vs recurring costs.
29. Proficiency in documenting risk and control mappings for review by external auditors, with appreciation of impacts on financial statements.
30. Ability to document and coach others on business process and system mapping, including RBAC structures.
31. MS Office, especially MS Outlook, Excel, PowerPoint, and SharePoint; analytics skills an advantage.
32. Knowledge of Crown Jewel Playbook controls (e.g., patching, MFA, data encryption, incident response) and Policy directives (e.g., govern, protect, detect).
33. Excellent communication, stakeholder management, and leadership skills.
34. Experience leading compliance efforts in multi-cloud Salesforce environments (Sales Cloud, Service Cloud, Marketing Cloud, etc.).
IT at AVEVA
Our global team of 300+ IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company, we help keep the business healthy and productivity high. We also provide key support for the transformation and modernisation efforts globally.
We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join.
Find out more:
UK Benefits include:
Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.
It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
Find out more: aveva.com/en/about/careers/benefits/
Hybrid working
By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
Hiring process
Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.
Find out more: aveva.com/en/about/careers/hiring-process
About AVEVA
AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.
We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/
Find out more: aveva.com/en/about/careers/