Salesforce Global Risk & Compliance Lead in London

We are seeking a highly experienced Global Risk & Compliance Lead to oversee risk management, security, and compliance for our Sales Enablement platforms, primarily focused on Salesforce. This role is responsible for ensuring that Salesforce solutions meet global regulatory requirements, align with enterprise risk frameworks, and maintain the highest standards of data protection, security, and governance. Reporting to the Sales Enablement Domain Director with a dotted line to the Head of IT GRC, this position collaborates closely with Sales Enablement teams to document control designs, organize evidence collection, manage dependencies (e.g., JML feeds from HR, access reviews by Business Owners), and strengthen Role-Based Access Control (RBAC) structures. The key objective is to ensure compliance with Sarbanes-Oxley (SOX) requirements, implement controls from the Crown Jewel Security Playbook (e.g., risk assessments, access reviews, patching, backups), and satisfy the Crown Jewel Security Policy by protecting critical assets through governance, identification, protection, detection, response, and recovery measures. The ideal candidate will bring deep expertise in compliance, risk management, and Salesforce governance, with the ability to work with globally distributed teams and collaborate across business, legal, and technology functions.

Responsibilities

• Define and maintain global compliance and risk frameworks for Salesforce implementation and operations.
• Document control designs for Sales Enablement processes, ensuring alignment with Crown Jewel Playbook controls (e.g., critical stakeholder inventory, supply chain risk management, risk assessments, data inventory, user access reviews).
• Project manage dependencies on other teams, such as timely Joiner-Mover-Leaver (JML) feeds from HR and access reviews by Business Owners.
• Conduct risk assessments to identify, evaluate, and mitigate risks related to Salesforce data, processes, and integrations.
• Develop controls to ensure compliance with internal policies and external regulations.
• Ensure Salesforce configuration and operations comply with global and regional regulations (e.g., GDPR, SOX).
• Tighten RBAC structures by reviewing and documenting roles, permissions, and access controls, ensuring least privilege and periodic reviews.
• Collaborate with IT Security to design and enforce secure Salesforce configurations (SSO, MFA, RBAC, encryption).
• Ensure proper segregation of duties and implement internal controls within Salesforce.
• Oversee third-party application and integration risk assessments.
• Prepare for and respond to cybersecurity incidents within Sales Enablement scope, driving internal innovation to define best practices for securing the domain.
• Mitigate cybersecurity risks generated by Sales Enablement activities, ensuring policies are applied and critical assets (Crown Jewels) are protected.
• Define audit-ready processes and provide evidence of compliance for internal and external audits.
• Establish monitoring, logging, and reporting mechanisms for ongoing compliance validation.
• Ensure SOX compliance by gathering timely evidence of control operation and proactively preparing audit responses.
• Measure compliance with IT policies, set KPIs, and initiate activities to close gaps, preparing submissions for audits and the Executive Risk Committee.
• Implement continuous improvement to address findings from audits and risk reviews.
• Act as a key liaison between compliance, security, business, and Salesforce program leadership.
• Provide guidance and training to Salesforce admins, developers, and business stakeholders on compliance best practices.
• Act as the Digital Risk representative for the domain interacting with other relevant GRC teams as required.
• Keep up-to-date with Salesforce releases, platform changes, and emerging technologies to ensure our performance strategy remains cutting-edge.

Skills & Qualifications

• ISACA (or equivalent) qualification: Certified Information Systems Auditor (CISA), Certified Information System Manager (CISM), or Certified Governance of Enterprise IT (CGEIT).
• 5+ years of experience in risk, compliance, or governance roles, with at least 3 years focused on Salesforce or large-scale SaaS implementations.
• Strong knowledge of global data protection regulations (GDPR) and industry compliance frameworks (SOX, ISO 27001).
• Salesforce certifications (e.g., Salesforce Administrator, Security & Privacy Specialist).
• Proven track record in implementing risk and compliance programs across multiple geographies.
• Experience with Salesforce security and compliance features, including Shield, encryption, access controls, and audit logging.
• Experience estimating costs of remediation activities/projects, split by one-off vs recurring costs.
• Proficiency in documenting risk and control mappings for review by external auditors, with appreciation of impacts on financial statements.
• Ability to document and coach others on business process and system mapping, including RBAC structures.
• MS Office, especially MS Outlook, Excel, PowerPoint, and SharePoint; analytics skills an advantage.
• Knowledge of Crown Jewel Playbook controls (e.g., patching, MFA, data encryption, incident response) and Policy directives (e.g., govern, protect, detect).
• Excellent communication, stakeholder management, and leadership skills.

Desired Skills

• Experience leading compliance efforts in multi-cloud Salesforce environments (Sales Cloud, Service Cloud, Marketing Cloud, etc.).

UK Benefits

• Flexible benefits fund
• Emergency leave days
• Adoption leave
• 28 days annual leave (plus bank holidays)
• Pension
• Life cover
• Private medical insurance
• Parental leave
• Education assistance program

It's possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Hybrid working

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

About AVEVA

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably. We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy.

Background checks

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

Equal Opportunity Employer

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case‐by‐case basis.