×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant

Director, Information Security - GRC

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: AVEVA
Full Time position
Listed on 2026-06-20
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 100000 - 125000 GBP Yearly GBP 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

Job Title: Director, Information Security GRC

Location: Cambridge, UK

Employment type: Full-time regular

Benefits: Competitive package with an attractive bonus incentive plan, regionally specific benefits ranging from above the norm paid vacation, contributions to retirement investment plans or pensions, insurances and many other memberships and perks designed to enhance the workplace experience, your health, and wellbeing.

Previous

Experience:

 10+ years in information security with at least 5 years in a senior role biased towards building capability not just running it. Proven track record of building and leading teams in complex, international and multi-stakeholder environments, with experience reporting security risk to executive leadership and parent company governance structures. Demonstrated ability to drive automation and tooling improvements in GRC workflows to improve program scalability.

The Director, Information Security GRC leads AVEVA’s Governance, Risk and Compliance function within the central Digital Security organization, a key second-line leadership role in AVEVA’s federated security model. This position is accountable for the policies, standards, and governance frameworks that protect AVEVA’s digital estate and products, and for the risk assurances that AVEVA leadership and Schneider Electric require to make informed business decisions.

AVEVA is a fast-growing software company operating in highly regulated markets and is an independent subsidiary of Schneider Electric. The GRC function must be a genuine enabler of business agility, continuously modernizing through automation and innovation.

We are building a highly integrated security practice, where all security disciplines share and act in coordination on risk signal. The successful candidate must combine broad security experience with GRC expertise and deeply understand how they interact to deliver the trust promise of AVEVA. They will possess a collaborative mindset, with a passion for data-driven, scalable approaches to security and risk management.

Operating at a senior level within this specialised field, and as a member of the functional Senior Leadership team, the Director of Security GRC will often be called on to provide consultation to leaders, and counsel to the CISO. They are responsible for generating new theories, concepts, principles, and methodologies and will contribute significantly to the development of policy for the Digital Security function.

As a leader of leaders, and with a global team, this individual must establish a culture of performance excellence, ensuring the team deliver on the demands and expectations of the Security practice, in accordance with our values.

Key Responsibilities

Operating as the central second-line function, the Director sets the standards all federated teams execute against, retains independent oversight and audit rights, and provides joined-up risk governance reporting to the CISO, AVEVA ELT, and Schneider Electric.

Security Policy & Standards
  • Define and maintain AVEVA’s security policy framework aligned to ISO 27001, NIS2, IEC 62443, and contractual obligations.
  • Set centralised standards for control design and assurance testing across all federated teams; manage the full policy lifecycle in response to evolving threats, regulation, and business context.
Risk Assessment & Governance
  • Own the enterprise security risk register and operate governance processes, including regular reporting to the AVEVA Executive Team and Schneider Electric Group Security.
  • Engage business owners in risk treatment decisions and deliver transparent, defensible risk reporting that enables leadership to make informed decisions.
Third Party Risk Management
  • Lead the TPRM programme — assessing the security posture of suppliers, SaaS platforms, and technology partners.
  • Integrate risk gates into procurement decisions and drive automation to scale the programme efficiently.
Programme Management & Maturity
  • Lead the Security PMO, coordinating investment and improvement initiatives to advance programme maturity.
  • Maintain a transparent security roadmap and actively identify opportunities to automate GRC workflows to increase…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search