Salesforce Risk & Compliance Specialist

AVEVA is creating software trusted by over 90% of leading industrial companies.

Location: London or Cambridge

Employment Type: full-time

We are seeking a highly experienced Global Risk & Compliance Lead to oversee risk management, security, and compliance for our Sales Enablement platforms, primarily focused on Salesforce. This role is responsible for ensuring that Salesforce solutions meet global regulatory requirements, align with enterprise risk frameworks, and maintain the highest standards of data protection, security, and governance. Reporting to the Sales Enablement Domain Director with a dotted line to the Head of IT GRC, this position collaborates closely with Sales Enablement teams to document control designs, organize evidence collection, manage dependencies (e.g., JML feeds from HR, access reviews by Business Owners), and strengthen Role-Based Access Control (RBAC) structures. The key objective is to ensure compliance with Sarbanes-Oxley (SOX) requirements, implement controls from the Crown Jewel Security Playbook (e.g., risk assessments, access reviews, patching, backups), and satisfy the Crown Jewel Security Policy by protecting critical assets through governance, identification, protection, detection, response, and recovery measures.

The ideal candidate will bring deep expertise in compliance, risk management, and Salesforce governance, with the ability to work with globally distributed teams and collaborate across business, legal, and technology functions.

• Governance & Risk Management Define and maintain global compliance and risk frameworks for Salesforce implementation and operations.
• Documenting control designs for Sales Enablement processes, ensuring alignment with Crown Jewel Playbook controls (e.g., critical stakeholder inventory, supply chain risk management, risk assessments, data inventory, user access reviews).
• Project managing dependencies on other teams, such as timely Joiner-Mover-Leaver (JML) feeds from HR, and access reviews by Business Owners.
• Conduct risk assessments to identify, evaluate, and mitigate risks related to Salesforce data, processes, and integrations.
• Develop controls to ensure compliance with internal policies and external regulations.

• Regulatory & Compliance Oversight Ensure Salesforce configuration and operations comply with global and regional regulations (e.g., GDPR, SOX).
• Tightening RBAC structures by reviewing and documenting roles, permissions, and access controls, ensuring least privilege and periodic reviews.

• Security & Controls Collaborate with IT Security to design and enforce secure Salesforce configurations (SSO, MFA, RBAC, encryption).
• Ensure proper segregation of duties and implement internal controls within Salesforce.
• Oversee third-party application and integration risk assessments.
• Preparing for and responding to cybersecurity incidents within Sales Enablement scope, driving internal innovation to define best practices for securing the domain.
• Mitigating cybersecurity risks generated by Sales Enablement activities, ensuring policies are applied and critical assets (Crown Jewels) are protected.

• Audit & Monitoring Define audit-ready processes and provide evidence of compliance for internal and external audits.
• Establish monitoring, logging, and reporting mechanisms for ongoing compliance validation.
• Ensuring SOX compliance by gathering timely evidence of control operation and proactively preparing audit responses.
• Measuring compliance with IT policies, setting KPIs, and initiating activities to close gaps, preparing submissions for audits and the Executive Risk Committee.
• Implement continuous improvement to address findings from audits and risk reviews.

• Stakeholder Management & Enablement Act as a key liaison between compliance, security, business, and Salesforce program leadership.
• Provide guidance and training to Salesforce admins, developers, and business stakeholders on compliance best practices.
• Acting as the Digital Risk representative for the Domain interacting with other relevant GRC teams as required.
• Keep up-to-date with Salesforce releases, platform changes, and emerging technologies to ensure our performance strategy remains cutting-edge.

• Ideal Skills ISACA (or equivalent) qualification: Certified Information Systems Auditor (CISA), or Certified Information System Manager (CISM), or Certified Governance of Enterprise IT (CGEIT).
• 5+ years of experience in risk, compliance, or governance roles, with at least 3 years focused on Salesforce or large-scale SaaS implementations.
• Strong knowledge of global data protection regulations (GDPR) and industry compliance frameworks (SOX, ISO 27001).
• Salesforce certifications (e.g., Salesforce Administrator, Security & Privacy Specialist).
• Proven track record in implementing risk and compliance programs across multiple geographies.
• Experience with Salesforce security and compliance features, including Shield, encryption, access controls, and audit logging.
• Experience estimating costs of remediation activities/projects, split by one-off vs recurring costs.
• Proficiency in documenting risk and control mappings for review by external auditors, with appreciation of impacts on financial statements.
• Ability to document and coach others on business process and system mapping, including RBAC structures.
• MS Office, especially MS Outlook, Excel, PowerPoint, and SharePoint; analytics skills an advantage.
• Knowledge of Crown Jewel Playbook controls (e.g., patching, MFA, data encryption, incident response) and Policy directives (e.g., govern, protect, detect).
• Excellent communication, stakeholder management, and leadership skills.

• Desired skills Experience leading compliance efforts in multi-cloud Salesforce environments (Sales Cloud, Service Cloud, Marketing Cloud, etc.).

Our global team of 300+ IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company, we help keep the business healthy and productivity high. We also provide key support for the transformation and modernisation efforts globally. We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join.

UK Benefits include: Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program. It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably. We are committed to embedding sustainability and inclusion into our operations, our culture, and our.