Digital Security - Principal Specialist, Security Risk & Assurance

AVEVA is creating software trusted by over 90% of leading industrial companies.

Position: Digital Security - Principal Specialist, Security Risk & Assurance

Previous experience: Preferable 5+ years relevant work experience in security governance, risk, and compliance with at least 1 year of working as a senior specialist within a significant department. Experience of fulfilling similar role in a software publishing or internet business is preferable.

Location: London/Cambridge, United Kingdom (3 days at the office)

Employment type: Full-time regular (flexible working options available)

Benefits: Competitive salary; flexible benefits fund which can be utilised against over 20 benefits; pension scheme with up to 9% employer contribution; life insurance; income protection insurance; 28 days annual leave (plus bank holidays); 3 days paid volunteering.

The job

The Risk & Assurance Principal Specialist for Security GRC (Governance, Risk and Compliance) is a senior member of the global security team whose primary role is to lead the development and continual improvement of the risk and assurance services provided by the Digital Security Team.

This role will be responsible for contributing to the development, implementation, operation, and optimisation of security risk management and assurance services into the AVEVA business. The post holder will be a member of the GRC Risk Management and Assurance Team responsible for establishing clear risk appetites and enabling business owners to manage their respective security risks including, supply chain, in-line with regulatory needs and board level appetite. Experience of operating and optimising these services and fulfilling a second line of defence risk management and assurance role, is essential. Experience in designing these services is preferable.

Key responsibilities

The role is expected to provide deep and specialised subject matter expert (SME) knowledge and thought leadership on the follow matters:

• Policy and Oversight: Performance of policy, standards, and exemption services to enable controls and supporting control practices to be embedded and optimised across the organisation
• Risk Management and Assurance: Build, operate, and optimise security risk management and risk assurance services that enable effective, and data driven risk management and reporting across operations
• Risk Assessment: Enable business stakeholders to identify and evaluate security risk effectively. Where complex group wide risk assessments are required, lead the assessment and document lessons learned to enable continued optimisation of procedures
• Control Systems Management: Provide knowledge to business stakeholders to enable adoption, adaption, and optimisation of security controls across the organisation
• Supply Chain Security Risk Management: Build, operate, and optimise the supply chain security risk management service to enable effective management of supplier security risks across the organisation

Ideal experience

• Experience: Preferable 5+ years relevant work experience in security governance, risk, and compliance with at least 1 year of working as a senior specialist within a significant department. Experience of fulfilling similar role in a software publishing or internet business is preferable
• Analytics: Ability to dig into details as well as analyse data from a high-level view to identify patterns and continual improvements to risk and control position as well as continued improvement of security services
• Cybersecurity Frameworks: Proven experience of building risk management service and providing risk assurance services against industry governance frameworks across global enterprise, including 3rd Party Supply Chain
• Communication: Proven experience of translating complex digital and technical cybersecurity risks using language and terms that resonate with the recipient so they can easily consume the message and understand what it means for their respective business area
• Ways of Working: Cross-functional partnership skills with a confirmed ability to lead multiple stakeholders with conflicting priorities in a fast and constantly changing environment

Great skills to have

• Customer Focussed: Skilled in developing strong trusted customer relationships built on understanding their needs over time and delivering what’s promised
• Critical Thinking: Ability to think critically about risk procedures and take necessary actions to enhance their adoption and effective use across the organisation
• Creativity: Capable of tackling risk management challenges with innovative solutions and a fresh perspective
• People Skills: Proven influencing skills that enable effective engagement with a diverse range of stakeholders to enable win/win situations. Experienced in managing conflicting priorities, multiple tasks, and working within a matrix manged environment to achieve successful outcomes
• Knowledge of Business Technology and Digital Products: Stays current on regulations and understanding the impact of technology on the Digital Security services and the organisations security risk control positions
• Qualifications: A professional certification in governance or compliance, such as CRISC, CISM, CISSP, or equivalent
• Education: A degree in a relevant field such as cyber security, risk management, information technology or related technical field

Digital Security at AVEVA

Our Digital Security team is responsible for protecting AVEVA’s digital assets and keeping the company’s data and IP secure. We’re also playing a critical role in AVEVA’s move to the cloud.

As cyber threats grow and more and more data moves into the cloud, the importance of our role is only going to grow. If you’re a collaborative problem solver that’s passionate about cybersecurity, you’ll find fulfilment and opportunity in our team.

UK Benefits include:  

Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.

It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Find out more: aveva.com/en/about/careers/benefits/

Hybrid working

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

Find out more: aveva.com/en/about/careers/hiring-process

About AVEVA

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.

We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/

Find out more: aveva.com/en/about/careers/

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.  AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.