Director, Information Security - Assurance in London

Location: Cambridge, UK

Employment type: Full‑time regular

Previous Experience:

• 10+ years in information security with at least 5 years in a senior role biased towards building audit/assurance capability.
• Proven track record of building and leading assurance or audit teams in complex, international and multi‑stakeholder environments.
• Experience designing and operating controls assurance programmes spanning IT, cloud, and product security domains, with direct exposure to external audit and certification processes (ISO 27001, SOC 2).

The Job:

The Director, Information Security - Assurance leads AVEVA’s Security Assurance function within the central Digital Security organization. The role is accountable for independently testing whether AVEVA’s security controls are operating as designed, providing objective evidence to support risk assurances given to AVEVA leadership and Schneider Electric, and connecting assurance findings directly to the risk register and governance process.

Key Responsibilities:

• Operating as the central second‑line assurance function, providing independent testing and validation of controls across all federated teams.
• Design and lead a continuous controls assurance programme that independently tests whether security controls across all federated teams are operating effectively against policy objectives and centrally defined standards.
• Drive automation to shift from periodic point‑in‑time reviews to ongoing, evidence‑based control monitoring.
• Commission and oversee in‑depth technical assurance activities including penetration testing, configuration reviews, and control effectiveness assessments.
• Own the security evidence library and lead coordination of external audit and certification processes (ISO 27001, SOC 2).
• Identify control weaknesses and coverage gaps across the AVEVA estate, driving remediation tracking through the GRC risk register.
• Provide high‑quality, evidence‑based assurance reporting to the CISO, AVEVA Executive Team, and Schneider Electric Group Security.
• Build and develop a high‑performing Assurance team with a culture of rigour, intellectual curiosity, and continuous improvement.

Skills and Experience:

• Deep expertise in control testing methodologies, assurance frameworks, and security audit practices across ISO 27001, SOC 2, NIST CSF, NIS2, and IEC 62443.
• Strong technical breadth across IT security, cloud security and application security.
• Experience leading leaders is advantageous.
• Experience owning or leading external audit and certification processes (ISO 27001, SOC 2).
• Driving automation in assurance testing and evidence gathering workflows.
• Experience operating in regulated markets with direct exposure to compliance frameworks.
• Excellent assurance reporting skills; able to translate technical findings into clear, evidence‑based risk narratives.

Desired/Preferred:

• Industrial software, OT/ICS security, or technology companies serving critical infrastructure or highly regulated industries.
• Professional certifications: CISSP, CISA, CISM, or ISO 27001 Lead Auditor.

Competencies:

• Adaptable and resilient.
• Practical and logical.
• Self‑motivated and decisive.
• Collaborative and influential.
• Transparent and courageous.
• Curious and growth‑oriented.

UK Benefits:

• Flexible benefits fund
• Emergency leave days
• Adoption leave
• 28 days annual leave (plus bank holidays)
• Pension
• Life cover
• Private medical insurance
• Parental leave
• Education assistance programme

Hybrid Working:

We work in a hybrid way at AVEVA. Most roles are based at a local AVEVA office, with an expectation of being on‑site 50% of your working hours to support collaboration and connection.

Equal Opportunity Statement:

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect.