Director, security resilience

Director, Security Resilience

Location: Cambridge, UK

Employment type: Full-time regular

Job Overview

The Director of Security Resilience leads AVEVA's newly established Security Resilience function within the central Digital Security organization. This strategic leadership role is responsible for building and advancing AVEVA's capability in crisis management, business continuity, and enterprise-wide resilience. The successful candidate will establish the function from the ground up, defining frameworks, tooling, and operating cadence to make AVEVA genuinely resilient at scale.

Key Responsibilities

• Maintain and continuously develop AVEVA's crisis management framework – including playbooks, escalation protocols, and decision-making structures.
• Lead crisis management exercises and simulations, and serve as the central coordinator during live crisis events, ensuring a structured and controlled response across the organisation.
• Drive Business Impact Analysis (BIA) and Business Continuity and Disaster Recovery (BCDR) planning across AVEVA, identifying critical systems, processes, and dependencies, and ensuring recovery objectives are clearly defined and achievable.
• Plan and facilitate regular tabletop exercises to validate plans under realistic conditions and track improvement actions to closure.
• Provide security assessments, advisories, and operational support for staff travel and AVEVA-hosted events; maintain a travel risk programme to support safe operations.
• Ensure resilience requirements are built into new systems, platforms, and products at the design stage; work with IT Security, R&D Security, and technology teams to define and validate recovery objectives.
• Build the Security Resilience function from its foundation, establishing operating processes, tooling, and metrics that enable the programme to scale; drive automation and develop a maturity roadmap.
• Report programme progress to the CISO and AVEVA leadership; ensure resilience risk is surfaced clearly in the GRC risk register.
• Build and develop a high-performing Security Resilience team; set objectives, invest in professional development, and act as a visible advocate for the Resilience function across AVEVA and Schneider Electric.
• Navigate ambiguity and make tough decisions while maintaining team morale and a people-first culture in accordance with AVEVA's values.

Skills and Experience

• 10+ years in information security or enterprise risk management, with at least 5 years in a senior role focused on building resilience capability.
• Expertise in crisis management, business continuity, and disaster recovery frameworks and methodologies such as ISO 22301, NIST SP 800-34, BS 11200.
• Strong understanding of resilience in relation to broader security model, incident response, and enterprise risk governance.
• Experience designing and building crisis management and BCDR programmes in complex, multi-stakeholder environments.
• Proven track record as a people and/or department leader, preferably having led managers or a significant team.
• Experience serving as an operational coordinator during live crisis or major incident events.
• Reporting resilience risk and programme maturity to executive leadership and parent-company governance structures.
• Driving automation and tooling improvements in resilience workflows.
• Experience in regulated markets with awareness of resilience-related regulatory obligations such as NIS2, DORA, ISO 22301.
• Execution bias – ability to build programmes from the ground up while managing day-to-day operations.
• Data-literate, automation-biased, operationally fluent, able to design scalable, tooling-driven resilience programmes.
• Excellent communication skills – able to present complex resilience scenarios and recovery plans to executive and board audiences.

Desired / Preferred

• Industrial software, OT/ICS environments, or technology companies serving critical infrastructure.
• Experience working within a large enterprise group resilience or security governance structure as a subsidiary leader.
• Experience with AI and machine learning applications in resilience, e.g., predictive risk modelling or automated scenario planning.
• Professional certifications such as CBCP, ISO 22301 Lead Implementer, CISSP, or equivalent.
• Commercial acumen and working knowledge of cloud-native resilience patterns, DevSecOps, and modern software delivery practices.

Competencies

• Adaptable and resilient – thrives in dynamic environments while maintaining strategic focus.
• Practical and logical – structured thinking with a bias toward pragmatic, implementable solutions.
• Self-motivated and decisive – comfortable owning decisions in ambiguous situations.
• Collaborative and influential – builds trusted relationships across federated teams and leadership.
• Transparent and courageous – surfaces difficult resilience gaps and crisis findings to leadership.
• Curious and growth-oriented – continuously learns about emerging threats and resilience practices.

Hybrid Working

The role will work in a hybrid manner with an expectation of being on-site 50% of working hours to support collaboration and connection.

Benefits

• Flexible benefits fund
• Emergency leave days
• Adoption leave
• 28 days annual leave (plus bank holidays)
• Pension
• Life cover
• Private medical insurance
• Parental leave
• Education assistance program

Equal Opportunity

AVEVA is an Equal Opportunity Employer. We are committed to recruiting and retaining people with disabilities and to providing reasonable accommodation for applicants with disabilities where appropriate.

All employment decisions are based on qualifications, skills, and experience.