Director, Security Resilience in London

AVEVA is creating software trusted by over 90% of leading industrial companies.

Location: Cambridge | UK

Employment type: Full-time regular

Previous Experience: 10+ years in information security or enterprise risk management, with at least 5 years in a senior role biased towards building resilience capability, not just running it. Experience designing and building crisis management and BCDR programmes in complex, multi-stakeholder environments. A proven track record as a people and/or department leader, with experience serving as an operational coordinator during live crisis or major incident events.

This position leads AVEVA’s newly established Security Resilience function within the central Digital Security organization, a strategic leadership role created to build and advance AVEVA’s capability in crisis management, business continuity, and enterprise-wide resilience. The role holder is accountable for ensuring that AVEVA can withstand, respond to, and recover from disruption whether from a cyber incident, operational failure, or external crisis event and that resilience requirements are embedded into AVEVA’s systems and ways of working by design.

AVEVA is a fast-growing software company operating in highly regulated markets and is an independent subsidiary of Schneider Electric. This is a build role: the successful candidate will have the opportunity to establish this function from the ground up, defining the frameworks, tooling, and operating cadence that make AVEVA genuinely resilient at scale. The function must be continuously modernised through automation and innovation, so that resilience practices keep pace with the speed and complexity of AVEVA’s business.

We are building a highly integrated security practice where all security disciplines share and act in coordination on risk signal. The Director of Security Resilience must work closely with Cyber Defence whose incident response capability depends on resilience planning and with GRC to ensure resilience risk is captured in the enterprise risk register, and with federated IT and R&D security teams who own the systems and services that resilience planning protects. The successful candidate will combine deep resilience expertise with a collaborative, data-driven mindset and the drive to build something new.

Operating at a senior level within this specialised field, the Director of Security Resilience will often be called on to provide consultation to leaders and counsel to the wider Security function. They are responsible for generating new theories, concepts, principles, and methodologies and will contribute significantly to the development of policy for the Digital Security function.

Key Responsibilities

• Crisis Management & Response: Maintain and continuously develop AVEVA’s crisis management framework — including playbooks, escalation protocols, and decision-making structures. Lead crisis management exercises and simulations to test preparedness, and serve as the central coordinator during live crisis events, ensuring a structured and controlled response across the organisation.
• Business Continuity & Disaster Recovery: Drive Business Impact Analysis (BIA) and Business Continuity and Disaster Recovery (BCDR) planning across AVEVA — identifying critical systems, processes, and dependencies, and ensuring recovery objectives are clearly defined and achievable. Plan and facilitate regular tabletop exercises to validate plans under realistic conditions and track improvement actions to closure.
• Travel & Event Security: Provide security assessments, advisories, and operational support for staff travel and AVEVA-hosted events. Maintain a travel risk programme that gives AVEVA employees the guidance and support they need to operate safely, and ensure that event security requirements are assessed and addressed ahead of time.
• Resilience by Design: Ensure resilience requirements are built into new systems, platforms, and products at the design stage not retrofitted after the fact. Work with IT Security, R&D Security, and technology teams to define and validate recovery objectives for critical digital assets and services, and confirm that backup and recovery procedures work under realistic conditions.
• Capability Building & Programme Maturity: Build the Security Resilience function from its foundation, establishing operating processes, tooling, and metrics that enable the programme to scale. Drive automation in resilience workflows, develop a clear maturity roadmap, and report programme progress to the CISO and AVEVA leadership. Ensure resilience risk is surfaced clearly in the GRC risk register and governance structures.
• People and Functional Leadership: Build and develop a high-performing Security Resilience team with a culture of preparedness, intellectual curiosity, and continuous improvement. Set clear objectives, invest in professional development, and act as a visible advocate for the Resilience function across AVEVA and Schneider Electric. An assured leader of both direct reports and in-directs to drive strategic alignment and output, setting and maintaining high standards as a member of the Digital Security Senior Leadership Team. Possesses a demonstrated ability to navigate ambiguity and make tough decisions—ranging from structural re-organizations to talent optimization—while maintaining team morale, transparency, and a people-first culture in accordance with AVEVA’s values.

Skills and Experience

• 10+ years in information security or enterprise risk management, with at least 5 years in a senior role biased towards building resilience capability, not just running it.
• Expertise in crisis management, business continuity, and disaster recovery frameworks and methodologies (e.g., ISO 22301, NIST SP 800-34, BS 11200).
• Strong understanding of how resilience connects to the broader security model, particularly the relationship between resilience planning, incident response, and enterprise risk governance.
• Experience designing and building crisis management and BCDR programmes in complex, multi-stakeholder environments.
• A proven track record as a people and/or department leader, preferably having led managers or a significant team. Experience leading in a regional or global setting is advantageous.
• Experience serving as an operational coordinator during live crisis or major incident events, working across organisational functions under incident pressure.
• Reporting resilience risk and programme maturity to executive leadership and parent company governance structures.
• Driving automation and tooling improvements in resilience workflows to improve programme scalability and reduce dependency on manual processes.
• Experience operating in regulated markets, with awareness of resilience-related regulatory obligations (e.g., NIS2, DORA, ISO 22301).
• Execution bias; demonstrated ability to build programmes from the ground up while simultaneously managing day-to-day resilience operations.
• Rational empathy; demonstrated experience aligning resilience and continuity imperatives with the operational realities and priorities of the business.
• Natural collaborator; demonstrated experience coordinating across security, technology, and business functions to deliver joined-up resilience outcomes.
• Data literate, automation biased, operationally fluent, able to design scalable, tooling-driven resilience programmes that evolve beyond manual processes.
• Excellent communication skills; able to present complex resilience scenarios, risk trade-offs, and recovery plans clearly to executive and board audiences.

Desired/Preferred

• Industrial software, OT/ICS environments, or technology companies serving critical infrastructure.
• Working within a large enterprise group resilience or security governance structure as a subsidiary leader, with accountability to a parent company.
• Working with AI and machine learning applications in resilience; for example, predictive risk modelling, automated scenario planning, or real-time recovery monitoring.
• Professional certifications: CBCP (Certified Business Continuity Professional), ISO 22301 Lead Implementer, CISSP, or equivalent.
• Commercial acumen and working knowledge of cloud-native resilience patterns, DevSecOps, and modern software delivery practices.

Competencies

• Adaptable and resilient: Thrives in dynamic environments; maintains strategic focus through regulatory change and organisational evolution.
• Practical and logical: Structured thinking with a bias toward pragmatic, implementable solutions.
• Self-motivated and decisive: Comfortable making and owning decisions in ambiguous situations.
• Collaborative and influential: Earns influence through credibility and expertise; builds trusted relationships across federated teams and leadership.
• Transparent and courageous: Surfaces difficult resilience gaps and crisis findings; brings problems to leadership without softening the message.
• Curious and growth-oriented: Continuously learning about emerging threats, evolving resilience practices, and improvements in automation and crisis management tooling.

Digital Security at AVEVA

Our Digital Security organization is responsible for protecting AVEVA’s digital estate and products across a federated security model. We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join.

UK Benefits include: Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program. It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Hybrid working

We work in a hybrid way at AVEVA. Most roles are based at a local AVEVA office, with an expectation of being on-site 50% of your working hours to support collaboration and connection. Some positions are fully office-based depending on the nature of the work, and certain roles that support specific customers or markets may be remote. The working arrangement for this position will be confirmed during the hiring process.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.