Director, Information Security - Assurance

Location: Cambridge, UK

Employment type: Full‑time regular

Previous Experience:

• 10+ years in information security with at least 5 years in a senior role biased towards building audit/assurance capability.
• Proven track record of building and leading assurance or audit teams in complex, international and multi‑stakeholder environments.
• Experience designing and operating controls assurance programmes spanning IT, cloud, and product security domains, with direct exposure to external audit and certification processes (ISO 27001, SOC 2).

The Director, Information Security - Assurance leads AVEVA’s Security Assurance function within the central Digital Security organization. The role is accountable for independently testing whether AVEVA’s security controls are operating as designed, providing objective evidence to support risk assurances given to AVEVA leadership and Schneider Electric, and connecting assurance findings directly to the risk register and governance process.

Key Responsibilities:

• Operating as the central second‑line assurance function, providing independent testing and validation of controls across all federated teams.
• Assurance findings feed directly into the GRC risk register and governance process, supporting external audit and certification programmes ensuring AVEVA can evidence its security posture to customers, regulators, and Schneider Electric.
• Design and lead a continuous controls assurance programme that independently tests whether security controls across all federated teams are operating effectively against policy objectives and centrally defined standards.
• Drive automation to shift from periodic point‑in‑time reviews to ongoing, evidence‑based control monitoring.
• Demonstrated ability to act tactically while innovating next generation solutions.
• Rational empathy; demonstrated experience in aligning security imperatives with the goals and values of the organisation.
• Natural collaborator; demonstrated experience delivering joined‑up solutions across security disciplines and with federated partners.
• Data literate, automation biased, operationally fluent.
• Excellent assurance reporting skills; able to translate technical findings into clear, evidence‑based risk narratives for executive, audit, and regulatory audiences.

Desired/Preferred:

• Industrial software, OT/ICS security, or technology companies serving critical infrastructure or highly regulated industries.
• Working within a large enterprise group security governance structure as a subsidiary security leader.
• Working with AI and machine learning applications in security assurance and automated control testing.
• Professional certifications: CISSP, CISA, CISM, or ISO 27001 Lead Auditor.
• Commercial acumen and working knowledge of cloud security, DevSecOps, and Agile delivery practices.
• Experience in a federated, matrixed, or multi‑subsidiary structure.

Competencies:

• Adaptable and resilient: Thrives in dynamic environments; maintains strategic focus through regulatory change and organisational evolution.
• Practical and logical: Structured thinking with a bias toward pragmatic, implementable solutions.
• Self‑motivated and decisive: Comfortable making and owning decisions in ambiguous situations.
• Collaborative and influential: Earns influence through credibility and expertise; builds trusted relationships across federated teams and leadership.
• Transparent and courageous: Surfaces difficult assurance findings and brings problems to leadership without softening the message.
• Curious and growth‑oriented: Continuously learning about emerging threats, evolving control landscapes, and improvements in assurance automation and tooling.

UK Benefits:

• Flexible benefits fund
• Emergency leave days
• Adoption leave
• 28 days annual leave (plus bank holidays)
• Pension
• Life cover
• Private medical insurance
• Parental leave
• Education assistance programme

Hybrid Working: We work in a hybrid way at AVEVA. Most roles are based at a local AVEVA office, with an expectation of being on‑site 50% of your working hours to support collaboration and connection. Some positions are fully office‑based depending on the nature of the work, and certain roles that support specific customers or markets may be remote. The working arrangement for this position will be confirmed during the hiring process.

Equal Opportunity Statement: AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case‑by‑case basis.