Director, Information Security - GRC

Director leads AVEVA’s Governance, Risk and Compliance function within the central Digital Security organization, a senior leadership role accountable for security policy framework aligned to ISO 27001, NIS2, IEC 62443, and for risk governance reporting to executive leadership and parent governance structures. Responsible for building and leading a global GRC team, driving automation in GRC workflows to scale programs, and providing consultation to senior leaders. Key duties include owning the enterprise security risk register, managing third party risk (TPRM), leading the Security PMO, ensuring regulatory compliance (ISO 27001, SOC 2) and monitoring regulatory changes, and shaping policy, standards, and governance across federated teams. Requires 10+ years in information security with at least 5 years in a senior, capability-building role, strong leadership, and experience in regulated markets. Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Lead Auditor are preferred. The role offers hybrid work with a local office presence in the UK (Cambridge or London) and may involve occasional on-site collaboration. The package includes a competitive bonus, comprehensive benefits, and a focus on sustainable and inclusive practices.