Vice President Security GRC
AVEVA
- London
- Permanent
- Full-time
- Develop, operate and continuously improve GRC services based on business priorities and strategic objectives.
- Create and maintain an annual operational plan that delivers the GRC service improvements whilst enabling the GRC team to manage their own individual performances and career progression.
- Oversee and where necessary execute periodic organizational and system level risk and impact assessments to identify security risks in a manner that drives AVEVA leaders to invest in risk minimisation efforts.
- Implement, monitor, maintain and continuously improve the adherence and adoption of the AVEVA risk management process in line with the AVEVA corporate governance framework.
- In support of business priorities and strategic objectives, define and reports security metrics and KPIs to Security Leadership concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and non-compliance.
- Develop and maintain the Security risk register whilst having the ability to clearly and concisely articulate and aggregate risk positions to differing levels of Stakeholders (technical and non-technical) including ELT/ELC.
- Must hold or have achieved a professional certification in risk and audit such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC).
- Experience of successful working within a regulated control environment, implementing industry frameworks, GRC services and operations across global enterprise, including 3rd Party Supply Chain.
- Experience of integrating new regulations into existing GRC services in a timely manner e.g. NIS, Cyber Resilience Act.
- Effective written and verbal communication skills, especially translating between business and technical terminology and communication GRC messages using language that is meaningful to recipients.
- Ability to interact with AVEVA stakeholders at all levels of seniority and across all business units and function, understanding their respective business objectives and values.
- Bachelor’s Degree in Computer Science, Information Systems, Engineering or related technical field.