Job Title:Principal Specialist, Security GRC Location:Cambridge, London, Derry/Londonderry,United Kingdom Employment Type: Full-time, 1-year Fixed Term The job AVEVA is a global leader in industrial software, driving digital transformation and sustainability. By connecting the power of information and artificial intelligence with human insight, AVEVA enables teams to use their data to unlock new value. We call this Performance Intelligence. AVEVAs comprehensive portfolio enables more than 20,000 industrial enterprises to engineer smarter, operate better and drive sustainable efficiency. AVEVA supports customers through a trusted ecosystem that includes 5,500 partners and 5,700 certified developers around the world. The company is headquartered in Cambridge, UK, with over 6,500 employees and ninety offices in over forty countries. Learn more at. We take pride in our core values and the diversity of our people, valuing the unique experience and expertise that people from diverse backgrounds bring to our business. At AVEVA, we are all about Limitless possibilities. Are you? The Principal Specialist, Security GRC is a 1-year fixed-term employee position, critical role in shaping and standing-up AVEVAs 2nd Line of Defence Security Governance, Risk and Compliance capabilities and services. This role will be responsible for providing insightful knowledge and actionable recommendations to achieve AVEVAs target operating model for security GRC and increase the maturity of existing processes and systems. The post holder will be expected to quickly integrate into the team, proactively engage with stakeholders across the business, from technical SMEs to business leadership. They will need to work independently and able to prioritise their time across multiple projects and engagements. Key responsibilities Implementation of Security Policy & Standards. Provide subject matter expert knowledge and support on the developing policy, standards, and exemption services to enable controls and supporting control practices to be embedded and optimised across the organisation. Includes optimisation of underpinning risk and control indicators. Implementation of Security Risk Management & Assurance. Provide subject matter expert knowledge on developing security risk management and risk assurance services that enable effective, and data driven risk management and reporting across operations. This includes the capability to monitor and report effectiveness of risk management within the product development lifecycle and supply chain. Implementation of Supply Chain Security Risk Management.Provide subject matter expert knowledge to build and optimise the supply chain security risk management service to enable effective management of supplier security risks across the organisation. Collaborate with supply chain partners to provide deep knowledge to shape procurement, legal, digital, and other business functions practices so they identify and mitigate supply chain security risks. Stakeholder Engagement. Build and maintain trusted relationships with stakeholders to embed security risk practices into operational activities. This includes providing guidance and thought leadership on risk best practice and assurance to technical and non-technical stakeholders. Essential requirements Experience. Preferable 7+ years relevant work experience in security governance, risk, and compliance with at least 3 years of working as a senior expert or manager of a significant department. Experience of fulfilling similar role in a software publishing or internet business is preferrable. Governance. Significant experience in developing, implementing, and optimising security policies, standards, and control-sets to enable effective adaption and adoption across organisational departments and teams. Risk Management and Assurance. Extensive experience of understanding of using threat, security control performance and business operations to independently assess residual security risk position to the end customer based on business processes and practices including product development lifecycle and supply chain. Regulatory Compliance. Significant experience of working within a regulated environment and advising others on the principal requirements of major legislation and regulations relevant to security, and the legal and regulatory instruments relevant to the role. Experience of responding to new regulations e.g. NIS2. Knowledge of cross-border regulations, such as GDPR and EU Data Privacy rules. Desired skills Organisational Skills. Highly skilled in managing multiple tasks within set deadlines whilst managing expectations of invested parties Communication Skills. Excellent verbal and written communication skills, with the ability to convey complex information clearly and concisely to diverse audiences. Decision making.Highly skilled in tactical decision-making with organisational impact. Problem-solving. Able to address day-to-day challenges quickly with a focus on operational solutions. Highly skilled at deconstructing large complex problems into solutions that can be easily understood and executed by business and digital teams Digital Security at AVEVA Our Digital Security team is responsible for protecting AVEVAs digital assets and keeping the companys data and IP secure. Were also playing a critical role in AVEVAs move to the cloud. As cyber threats grow and more and more data moves into the cloud, the importance of our role is only going to grow. If youre a collaborative problem solver thats passionate about cybersecurity, youll find fulfilment and opportunity in our team.