Principal Specialist, Security GRC (1-year Fixed Term)

Principal Specialist, Security GRC

Cambridge, London, Derry/Londonderry, United Kingdom

Full-time, 1-year Fixed Term

AVEVA is a global leader in industrial software, driving digital transformation and sustainability. By connecting the power of information and artificial intelligence with human insight, AVEVA enables teams to use their data to unlock new value. We call this Performance Intelligence. AVEVA’s comprehensive portfolio enables more than 20,000 industrial enterprises to engineer smarter, operate better and drive sustainable efficiency. AVEVA supports customers through a trusted ecosystem that includes 5,500 partners and 5,700 certified developers around the world. The company is headquartered in Cambridge, UK, with over 6,500 employees and ninety offices in over forty countries. Learn more at www.aveva.com.

We take pride in our core values and the diversity of our people, valuing the unique experience and expertise that people from diverse backgrounds bring to our business. At AVEVA, we are all about Limitless possibilities. Are you?

The Principal Specialist, Security GRC is a 1-year fixed-term employee position, a critical role in shaping and establishing AVEVA’s 2nd Line of Defence Security Governance, Risk and Compliance capabilities and services.

This role will be responsible for providing insightful knowledge and actionable recommendations to achieve AVEVA’s target operating model for security GRC and increase the maturity of existing processes and systems.

The post holder will be expected to quickly integrate into the team, proactively engage with stakeholders across the business, from technical SMEs to business leadership. They will need to work independently and be able to prioritize their time across multiple projects and engagements.

1. Implementation of Security Policy & Standards. Provide subject matter expert knowledge and support on the developing policy, standards, and exemption services to enable controls and supporting control practices to be embedded and optimized across the organization. Includes optimization of underpinning risk and control indicators.
2. Implementation of Security Risk Management & Assurance. Provide subject matter expert knowledge on developing security risk management and risk assurance services that enable effective, and data-driven risk management and reporting across operations. This includes the capability to monitor and report the effectiveness of risk management within the product development lifecycle and supply chain.
3. Implementation of Supply Chain Security Risk Management. Provide subject matter expert knowledge to build and optimize the supply chain security risk management service to enable effective management of supplier security risks across the organization. Collaborate with supply chain partners to shape procurement, legal, digital, and other business practices to identify and mitigate supply chain security risks.
4. Stakeholder Engagement. Build and maintain trusted relationships with stakeholders to embed security risk practices into operational activities. Provide guidance and thought leadership on risk best practices and assurance to both technical and non-technical stakeholders.

• Experience. Preferably 7+ years relevant work experience in security governance, risk, and compliance, with at least 3 years in a senior expert or managerial role. Experience in a software publishing or internet business is preferable.
• Governance. Significant experience in developing, implementing, and optimizing security policies, standards, and control sets to enable effective adoption across organizational departments and teams.
• Risk Management and Assurance. Extensive understanding of using threat, security control performance, and business operations to independently assess residual security risks based on business processes, including product development lifecycle and supply chain.
• Regulatory Compliance. Experience working within a regulated environment, advising on major legislation and regulations relevant to security, such as GDPR, NIS2, and other cross-border data privacy rules.

• Organizational Skills. Skilled in managing multiple tasks within deadlines while managing stakeholder expectations.
• Communication Skills. Excellent verbal and written communication skills, capable of conveying complex information clearly to diverse audiences.
• Decision-making. Skilled in tactical decision-making with organizational impact.
• Problem-solving. Able to address operational challenges quickly, deconstruct complex problems into understandable and executable solutions for business and digital teams.

Our Digital Security team protects AVEVA’s digital assets and supports our move to the cloud. As cyber threats grow, our role becomes increasingly vital. If you’re passionate about cybersecurity and a collaborative problem solver, you’ll find fulfillment here.

Find out more: https://www.aveva.com/en/about/careers/

Flexible benefits fund, emergency leave, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance. Benefits vary by country but are similarly comprehensive.

Find out more: aveva.com/en/about/careers/benefits/

Employees are expected to be in their local AVEVA office three days a week; some roles are fully office-based or remote depending on the position.

Interested? Submit your cover letter and CV through our application portal. We are committed to inclusive hiring and providing reasonable accommodations for applicants with disabilities.

Global leader in industrial software with over 6,500 employees worldwide, serving industries like energy, infrastructure, chemicals, and minerals. Committed to sustainability and inclusion. Learn more at sustainability-report.aveva.com/

All applicants must undergo drug screening and background checks as per local laws.

AVEVA is an Equal Opportunity Employer, fostering an inclusive culture that values diversity and respect. Reasonable accommodations are provided where needed.