Director, Information Security - Assurance

Job Title

Director, Information Security
- Assurance

Cambridge, UK

Full‑time regular

10+ years in information security with at least 5 years in a senior role biased towards building audit/assurance capability, not just running it. Proven track record of building and leading assurance or audit teams in complex, international and multi‑stakeholder environments. Experience designing and operating controls assurance programmes spanning IT, cloud, and product security domains, with direct exposure to external audit and certification processes (ISO 27001, SOC
2).

The Director, Information Security
- Assurance leads AVEVA’s Security Assurance function within the central Digital Security organization. The role is accountable for independently testing whether AVEVA’s security controls are operating as designed, providing objective evidence to support risk assurances given to AVEVA leadership and Schneider Electric, and connecting assurance findings directly to the risk register and governance process.

Operating as the central second‑line assurance function, the Director provides independent testing and validation of controls across all federated teams. Assurance findings feed directly into the GRC risk register and governance process, supporting external audit and certification programmes ensuring AVEVA can evidence its security posture to customers, regulators, and Schneider Electric.

• Design and lead a continuous controls assurance programme that independently tests whether security controls across all federated teams are operating effectively against policy objectives and centrally defined standards.
• Drive automation to shift from periodic point‑in‑time reviews to ongoing, evidence‑based control monitoring.

• Commission and oversee in‑depth technical assurance activities including penetration testing, configuration reviews, and control effectiveness assessments.
• Provide objective, evidence‑based findings across the AVEVA digital estate — covering IT, cloud, product, and R&D environments.

• Own the security evidence library and lead coordination of external audit and certification processes (ISO 27001, SOC
  2).
• Leverage proactive assurance activity to build continuous audit readiness rather than reactive preparation, reusing assurance evidence to reduce duplication of effort.

• Identify control weaknesses and coverage gaps across the AVEVA estate, including areas where controls are under‑deployed, misconfigured, or ineffective against the threat landscape.
• Drive remediation tracking through the GRC risk register and report progress to the CISO and leadership.

• Provide high‑quality, evidence‑based assurance reporting to the CISO, AVEVA Executive Team, and Schneider Electric Group Security.
• Translate technical findings into clear, actionable risk insight that directly informs governance decisions and the enterprise risk register.

• Build and develop a high‑performing Assurance team with a culture of rigour, intellectual curiosity, and continuous improvement.
• Set clear objectives, invest in professional development, and act as a visible advocate for the Assurance function across AVEVA and Schneider Electric.
• Lead both direct reports and indirects to drive strategic alignment and output, setting and maintaining high standards as a member of the Digital Security Senior Leadership Team.
• Navigate ambiguity and make tough decisions—ranging from structural re‑organisations and budgetary choices to talent optimisation—while maintaining team morale, transparency, and a people‑first culture in accordance with AVEVA’s values.

• 10+ years in information security with at least 5 years in a senior role biased towards building audit/assurance capability.
• Deep expertise in control testing methodologies, assurance frameworks, and security audit practices across ISO 27001, SOC 2, NIST CSF, NIS2, and IEC 62443.
• Strong technical breadth across IT security, cloud security and application…