Job Title
Director, Information Security - Assurance
Location & Employment
Cambridge, UK – Full‑time regular
About the Role
The Director of Security Assurance leads AVEVA’s Security Assurance function within the central Digital Security organization. This critical second‑line leadership role is responsible for independently testing whether AVEVA’s security controls are operating as designed, providing objective evidence that underpins risk assurances given to AVEVA leadership and Schneider Electric, and connecting assurance findings directly to the risk register and governance process.
Key Responsibilities
- Design, lead and continuously improve a controls assurance programme that tests the effectiveness of security controls across all federated teams.
- Drive automation to shift from periodic reviews to ongoing, evidence‑based control monitoring.
- Commission and oversee in‑depth technical assurance activities including penetration testing, configuration reviews, and control effectiveness assessments across IT, cloud, product, and R&D environments.
- Own the security evidence library and coordinate external audit and certification processes (ISO 27001, SOC2).
- Identify control weaknesses and coverage gaps, drive remediation tracking through the GRC risk register and report progress to the CISO and leadership.
- Provide high‑quality assurance reporting to the CISO, AVEVA Executive Team, and Schneider Electric Group Security, translating technical findings into clear, actionable risk insights.
- Build and develop a high‑performing Assurance team, setting clear objectives, investing in professional development, and advocating for the Assurance function across AVEVA and Schneider Electric.
- Act as a member of the Digital Security Senior Leadership Team, providing consultation to business leaders and counsel to the CISO and peers.
Qualifications & Experience
- 10+ years in information security, with at least 5 years in a senior role focused on building audit/assurance capability.
- Deep expertise in control testing methodologies, assurance frameworks, and security audit practices across ISO27001, SOC2, NISTCSF, NIS2, and IEC62443.
- Strong technical breadth across IT security, cloud security, and application security.
- Proven track record of building and leading assurance or audit teams in complex, international, and multi‑stakeholder environments.
- Experience owning or leading external audit and certification processes, including evidence gathering, auditor management, and remediation tracking.
- Demonstrated ability to drive automation in assurance testing and evidence‑gathering workflows to improve programme scalability.
- Experience operating in regulated markets with exposure to compliance frameworks such as ISO27001, NIS2, IEC62443, and SOC2.
- Professional certifications such as CISSP, CISA, CISM, or ISO27001 Lead Auditor are desirable.
- Commercial acumen and knowledge of cloud security, DevSecOps, and Agile delivery practices.
Skills & Competencies
- Adaptable, resilient, and able to thrive in dynamic environments.
- Pragmatic, structured thinker with a bias toward implementable solutions.
- Self‑motivated, decisive, and comfortable making decisions in ambiguous situations.
- Collaborative and influential, building trusted relationships across federated teams and leadership.
- Transparent and courageous, surfacing difficult assurance findings clearly and honestly.
- Growth‑oriented, continuously learning about emerging threats, control landscapes, and automation tools.
Benefits
- Flexible benefits fund
- Emergency leave days, adoption leave
- 28 days annual leave (plus bank holidays)
- Pension, life cover, private medical insurance
- Parental leave, education assistance programme
Legal & Diversity Statements
AVEVA is an Equal Opportunity Employer. We are committed to recruiting and retaining people with disabilities and providing reasonable accommodation. All successful applicants will undergo background checks in accordance with local laws.
