Principal Security Consultant (1-year Fixed Term)

AVEVA is creating software trusted by over 90% of leading industrial companies. The job AVEVA is a global leader in industrial software, driving digital transformation and sustainability. By connecting the power of information and artificial intelligence with human insight, AVEVA enables teams to use their data to unlock new value. We call this Performance Intelligence. AVEVA’s comprehensive portfolio enables more than 20,000 industrial enterprises to engineer smarter, operate better and drive sustainable efficiency.

The Principal Security Consultant is a 1-year fixed-term employee position, critical role in shaping and standing-up AVEVA’s 2nd Line of Defence Security consultancy capabilities and services. This role will be responsible for providing insightful knowledge and actionable recommendations to achieve AVEVA’s target operating model for security and increase the maturity of existing processes and systems. One area of focus of this 12 month work package is to improve transparency of security operations and compliance to customers. We will be improving our Trust Centre, and streamlining security engagement on customer contracts. The post holder will be expected to quickly integrate into the team, proactively engage with stakeholders across the business, from technical SME’s to business leadership. They will need to work independently and able to prioritise their time across multiple projects and engagements.

Key responsibilities

• Implementation of Security Policy & Standards: Provide subject matter expert knowledge and support on the developing policy, standards, and exemption services to enable controls and supporting control practices to be embedded and optimised across the organisation. Includes optimisation of underpinning risk and control indicators.
• Implementation of Security Risk Management & Assurance: Provide subject matter expert knowledge on developing security risk management and risk assurance services that enable effective, and data driven risk management and reporting across operations. This includes the capability to monitor and report effectiveness of risk management within the product development lifecycle and supply chain.
• Ability to Gather and Review Evidence For Compliance: Complete discovery investigations to demonstrate compliance to regulations, standards and customer requirements and present evidence in a consumable format for customers, regulators etc.
• Implementation of Security Control Systems: Provide subject matter expert knowledge to business stakeholders to enable adoption, adaption, and optimisation of security controls across the organisation. This includes the controls used within the product development lifecycle and supply chain.
• Stakeholder Engagement: Build and maintain trusted relationships with stakeholders to embed security risk practices into operational activities. This includes providing guidance and thought leadership on risk best practice and assurance to technical and non-technical stakeholders.

Essential requirements

• Experience: Preferable 7+ years relevant work experience in security governance, risk, and compliance with at least 3 years of working as a senior expert or manager of a significant department. Experience of fulfilling similar role in a software publishing or internet business is preferable.
• Governance: Significant experience in developing, implementing, and optimising security policies, standards, and control-sets to enable effective adaption and adoption across organisational departments and teams.
• Risk Management and Assurance: Extensive experience of understanding of using threat, security control performance and business operations to independently assess residual security risk position to the end customer based on business processes and practices including product development lifecycle and supply chain.
• Regulatory Compliance: Significant experience of working within a regulated environment and advising others on the principal requirements of major legislation and regulations relevant to security, and the legal and regulatory instruments relevant to the role. Experience of responding to new regulations e.g. NIS2. Knowledge of cross-border regulations, such as GDPR and EU Data Privacy rules.

Desired skills

• Organisational Skills: Highly skilled in managing multiple tasks within set deadlines whilst managing expectations of invested parties.
• Communication Skills: Excellent verbal and written communication skills, with the ability to convey complex information clearly and concisely to diverse audiences. Ability to communicate effectively with technical and non-technical stakeholders.
• Decision making: Highly skilled in tactical decision-making with organisational impact.
• Problem-solving: Able to address day-to-day challenges quickly with a focus on operational solutions. Highly skilled at deconstructing large complex problems into solutions that can be easily understood and executed by business and digital teams.

Our Digital Security team is responsible for protecting AVEVA’s digital assets and keeping the company’s data and IP secure. We’re also playing a critical role in AVEVA’s move to the cloud. As cyber threats grow and more and more data moves into the cloud, the importance of our role is only going to grow. If you’re a collaborative problem solver that’s passionate about cybersecurity, you’ll find fulfilment and opportunity in our team.

UK Benefits include: Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program. It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Hybrid working: By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process: Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

About AVEVA: AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably. We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy.

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria. AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.