Job Details
Job Title : Vice President, IT Security
Location : Any AVEVA Group location
Employment Type : Full-time regular
Overview
AVEVA is creating software trusted by over 90% of leading industrial companies. We are seeking a dynamic leader to head Corporate IT Security. This role reports directly to the AVEVA CIO, with a dotted-line reporting relationship to the Group CISO. The Vice President will collaborate closely with the Group CISO and Product Security teams to ensure Corporate IT is fully aligned with the enterprise security strategy, as defined by the CISO.
The focus is execution within Corporate IT, delivering enforceable standards, control baselines, and reference architectures that 1LOD teams embed across IT delivery. The VP is accountable for executing the enterprise security strategy within Corporate IT as defined by the CISO.
The VP owns Corporate IT security risk management and compliance, including policy and standards implementation, operational assurance, reporting with the IT Office, ISO / IEC 27001 implementation, and obligations under NIS2, CRA, and GDPR. The role oversees Corporate IT Digital Security Trust Standards.
Leading Security Architecture and Engineering for Corporate IT, including secure by design reference architectures, a formal application certification process, and reusable security services such as DLP integrated into CI / CD and infrastructure.
The VP runs 24x7 security monitoring for Corporate IT and coordinates for R&D where required. Scope includes vulnerability management, operational threat hunting, continual improvement of detection platforms and playbooks, and end to end incident management.
Accountable for Corporate IT data protection and privacy in partnership with Legal and Data Privacy, including privacy by design controls, data classification and retention, and governance of internal identity and access management, including high risk access, exceptions, and continuous control monitoring.
The VP also leads vendor selection and performance for security services and fosters collaboration across Corporate IT, R&D, Schneider Electric Cyber Security, and business functions to embed security in line with AVEVA priorities and risk appetite.
Key Responsibilities
Security Strategy & Standards
* Provide Corporate IT inputs to the enterprise security strategy in collaboration with the CISO and Product Security, ensuring it is cohesive and complete.
* Execute the enterprise security strategy within Corporate IT, as defined by the CISO, by translating it into enforceable standards, control baselines, and security reference architecture (e.G., Zero Trust, endpoint hardening and disk encryption) in partnership with 1LOD teams.
IT Corporate Security – Governance, Risk & Compliance
* Own Corporate IT Security risk management, ensuring risks are identified, assessed, prioritized, and mitigated.
* Design and run the Corporate IT Security program across risk assessments, policy and standards rollout, operational compliance, and reporting, in close collaboration with the IT Office for consistent GRC.
* Lead Corporate IT responses to audits, regulatory inspections, and customer security assurance, ensuring timely remediation.
* Establish and maintain a centrally managed Corporate IT control environment with clear evidence of compliance and effectiveness, working with the IT Office.
* Champion accountability and continuous improvement using insights from assurance activities, incidents, and audits.
* Provide challenge and oversight of 1LOD to ensure controls are well designed and operate effectively and sustainably.
* Ensure Corporate IT Security GRC requirements are measurable, testable, and aligned to business objectives and stakeholder expectations.
Legislative, Regulatory, International Standards & Trust Standards
* Ensure Corporate IT meets NIS2 and CRA obligations in partnership with Legal and 1LOD, aligning on requirements and timelines.
* Lead ISO / IEC 27001 for Corporate IT by defining ISMS scope, running gap assessments, funding and tracking remediation, conducting pre audit rehearsals, and issuing independent go or no go recommendations.
* Lead Corporate IT customer security assurance end to end, from pre contract due diligence to post contract audits, responding to queries and keeping obligations within risk appetite.
* Own Corporate IT responses to Digital Security Trust Standards, set and deliver the roadmap, and drive continual improvement
Internal Identity & Access Management (I-IAM)
* Set guardrails and standards with 1LOD, challenge designs and changes, and approve time bound exceptions with compensating controls.
* Run operational assurance including design and effectiveness testing and continuous control monitoring and hold 1LOD accountable.
* Govern critical and high-risk identity scenarios and run periodic access reviews for high risk applications.
Security Architecture
* Embed security in Corporate IT solution and enterprise architecture from the outset.
* Maintain reference architectures and blueprints that operationalize secure by design.
* Operate a formal application certification process including design reviews, threat assessments, and certification before release, aligned to risk appetite and regulatory needs.
Security Engineering
* Build reusable security services, automation, and hardened baselines such as DLP and central logging.
* Integrate security checks into Corporate IT delivery pipelines and deployments.
* Ensure security building blocks are easy to consume and well documented for IT and business teams.
Security Monitoring, Operations & Incident Management
* Lead 24x7 monitoring for Corporate IT, coordinating for R&D when required. Activities include vulnerability and exposure management, threat hunting, and detection engineering.
* Lead Corporate IT incident response end to end, coordinating with 1LOD, business functions, Schneider Electric, the CISO, and R&D on major incidents.
* Operate and improve central detection platforms such as SIEM and vulnerability scanning and associated playbooks.
* Run table‑top exercises and purple or red team exercises with the CISO and convert lessons into durable improvements.
Data Privacy & Data Loss Prevention (DLP)
* Partner with Legal and Data Privacy to ensure Corporate IT controls meet GDPR, NIS2, and CRA obligations.
* Ensure Corporate IT privacy risks are identified and mitigated within risk appetite.
* Own DLP strategy, implementation, and continuous improvement across Corporate IT and business functions.
* Work with 1LOD to deploy and integrate DLP and connect alerts to logging and incident workflows.
* Keep DLP solutions easy to consume and supported. Review effectiveness and adapt to evolving threats and needs.
Vendor Management
* Lead selection, onboarding, and performance management of Corporate IT security products and services.
* Ensure third party vendors meet AVEVA security, compliance, and operational standards.
Collaboration & Influence
* Build strong relationships with the CIO, Schneider Electric Cyber Security, and leaders across Corporate IT, R&D, and business functions.
* Act as the bridge between policy and execution for Corporate IT, ensuring security is embedded in every initiative.
* In partnership with the CISO, convene and participate in a cross‑functional security leadership forum to ensure alignment, continuous feedback, and cohesive execution across security domains.
Ideal knowledge and experience
* 15+ years in IT security, primarily in senior leadership delivering Corporate IT Security in global, complex organizations.
* Proven, strategic, results driven leader of Corporate IT Security transformations.
* Demonstrated leadership with ISO / IEC 27001 and directives such as NIS2 in Corporate IT.
* Experience leading multinational Corporate IT Security teams;
CISO exposure advantageous.
* Deep expertise across SaaS, PaaS, cloud, and data center security.
* Preferred experience enhancing security in software product and services organizations.
* Hands on leadership of incident response and resilience with minimal business disruption.
* Track record building high performing international teams with accountability and continuous improvement.
* Recognized for governance frameworks that give executives clear visibility of risk, compliance, and priorities.
* Strong engagement with regulators and customers, able to defend posture and close issues.
* Excellent C suite communication, translating technical risk into business terms.
* Strong vendor leadership, building partnerships that strengthen Corporate IT security.
* Consistent collaboration and continuous improvement aligned to evolving business needs and risk appetite.
About AVEVA & Benefits
Our global team of 300+ IT professionals supports AVEVA operations and transformation efforts. We nurture a collaborative, inclusive and authentic culture with autonomy and guidance. AVEVA offers a flexible benefits fund and comprehensive packages that vary by country.
Hybrid working
By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
Hiring process
Applicants are invited to submit a cover letter and CV through our application portal. We are committed to recruiting and retaining people with disabilities and will provide reasonable support during the process if requested.
Availability
Find out more at AVEVA official site.
#J-18808-Ljbffr