Director, Information Security - GRC

Location: Cambridge, UK

Employment type: Full-time regular

Benefits: Competitive package with an attractive bonus incentive plan, regionally specific benefits ranging from above the norm paid vacation, contributions to retirement investment plans or pensions, insurances and many other memberships and perks designed to enhance the workplace experience, your health, and wellbeing.

Previous Experience: 10+ years in information security with at least 5 years in a senior role biased towards building capability not just running it. Proven track record of building and leading teams in complex, international and multi-stakeholder environments, with experience reporting security risk to executive leadership and parent company governance structures. Demonstrated ability to drive automation and tooling improvements in GRC workflows to improve program scalability.

The Director, Information Security GRC leads AVEVA’s Governance, Risk and Compliance function within the central Digital Security organization, a key second-line leadership role in AVEVA’s federated security model. This position is accountable for the policies, standards, and governance frameworks that protect AVEVA’s digital estate and products, and for the risk assurances that AVEVA leadership and Schneider Electric require to make informed business decisions. The GRC function must be a genuine enabler of business agility, continuously modernizing through automation and innovation. We are building a highly integrated security practice, where all security disciplines share and act in coordination on risk signal.

The successful candidate must combine broad security experience with GRC expertise and deeply understand how they interact to deliver the trust promise of AVEVA. They will possess a collaborative mindset, with a passion for data-driven, scalable approaches to security and risk management. Operating at a senior level within this specialised field, and as a member of the functional Senior Leadership team, the Director of Security GRC will often be called on to provide consultation to leaders, and counsel to the CISO. They are responsible for generating new theories, concepts, principles, and methodologies and will contribute significantly to the development of policy for the Digital Security function. As a leader of leaders, and with a global team, this individual must establish a culture of performance excellence, ensuring the team deliver on the demands and expectations of the Security practice, in accordance with our values.

Key Responsibilities

• Operating as the central second-line function, the Director sets the standards all federated teams execute against, retains independent oversight and audit rights, and provides joined-up risk governance reporting to the CISO, AVEVA ELT, and Schneider Electric.
• Security Policy manage the full policy lifecycle in response to evolving threats, regulation, and business context.
• Risk Assessment demonstrated ability to act tactically while innovating next generation solutions.
• Rational empathy; demonstrated experience in aligning security imperatives with the goals and values of the organization.
• Natural collaborator; demonstrated experience delivering joined up solutions.
• Data literate, automation biased, operationally fluent.
• Excellent risk communication skills.
• Commercial acumen and working knowledge of cloud security, DevSecOps, and Agile delivery practices.

Desired/Preferred

• Industrial software, OT/ICS security, or technology companies serving critical infrastructure or highly regulated industries.
• Working within a large enterprise group security governance structure as a subsidiary security leader.
• Working with AI and machine learning applications in security.
• Professional certifications: CISSP, CISM, CRISC, or ISO 27001 Lead Implementer / Lead Auditor.
• Experience in a federated, matrixed, or multi-subsidiary structure — driving standards across organizational boundaries.

Competencies

• Adaptable and resilient: Thrives in dynamic environments; maintains strategic focus through regulatory change and organisational evolution.
• Practical and logical: Structured thinking with a bias toward pragmatic, implementable solutions.
• Self-motivated and decisive: Comfortable making and owning decisions in ambiguous situations.
• Collaborative and influential: Earns influence through credibility and expertise; builds trusted relationships across federated teams and leadership.
• Transparent and courageous: Surfaces difficult risk findings and brings problems to leadership.
• Curious and growth-oriented: Continuously learning about emerging threats, regulatory change, and improvements in automation and tooling.

Hybrid working

We work in a hybrid way at AVEVA. Most roles are based at a local AVEVA office, with an expectation of being on-site 50% of your working hours to support collaboration and connection. Some positions are fully office-based depending on the nature of the work, and certain roles that support specific customers or markets may be remote. The working arrangement for this position will be confirmed during the hiring process.

UK Benefits include:

• Flexible benefits fund
• Emergency leave days
• Adoption leave
• 28 days annual leave (plus bank holidays)
• Pension
• Life cover
• Private medical insurance
• Parental leave
• Education assistance program

It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case‑by‑case basis.