AVEVA

Global Risk & Compliance Lead

AVEVA

full-time

Posted on:

Location Type: Hybrid

Location: Cambridge • 🇬🇧 United Kingdom

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Define and maintain global compliance and risk frameworks for Salesforce implementation and operations
  • Documenting control designs for Sales Enablement processes, ensuring alignment with Crown Jewel Playbook controls (e.g., critical stakeholder inventory, supply chain risk management, risk assessments, data inventory, user access reviews)
  • Project managing dependencies on other teams, such as timely Joiner-Mover-Leaver (JML) feeds from HR, and access reviews by Business Owners
  • Conduct risk assessments to identify, evaluate, and mitigate risks related to Salesforce data, processes, and integrations
  • Develop controls to ensure compliance with internal policies and external regulations
  • Ensure Salesforce configuration and operations comply with global and regional regulations (e.g., GDPR, SOX)
  • Tightening RBAC structures by reviewing and documenting roles, permissions, and access controls, ensuring least privilege and periodic reviews
  • Collaborate with IT Security to design and enforce secure Salesforce configurations (SSO, MFA, RBAC, encryption)
  • Prepare for and respond to cybersecurity incidents within Sales Enablement scope, driving internal innovation to define best practices for securing the domain
  • Define audit-ready processes and provide evidence of compliance for internal and external audits
  • Establish monitoring, logging, and reporting mechanisms for ongoing compliance validation

Requirements

  • ISACA (or equivalent) qualification: Certified Information Systems Auditor (CISA), or Certified Information System Manager (CISM), or Certified Governance of Enterprise IT (CGEIT)
  • 5+ years of experience in risk, compliance, or governance roles, with at least 3 years focused on Salesforce or large-scale SaaS implementations
  • Strong knowledge of global data protection regulations (GDPR) and industry compliance frameworks (SOX, ISO 27001)
  • Salesforce certifications (e.g., Salesforce Administrator, Security & Privacy Specialist)
  • Proven track record in implementing risk and compliance programs across multiple geographies
  • Experience with Salesforce security and compliance features, including Shield, encryption, access controls, and audit logging
  • Experience estimating costs of remediation activities / projects, split by one-off vs recurring costs
  • Proficiency in documenting risk and control mappings for review by external auditors, with appreciation of impacts on financial statements
  • Ability to document and coach others on business process and system mapping, including RBAC structures
  • MS Office, especially MS Outlook, Excel, PowerPoint, and SharePoint; analytics skills an advantage
  • Knowledge of Crown Jewel Playbook controls (e.g., patching, MFA, data encryption, incident response) and Policy directives (e.g., govern, protect, detect)
Benefits
  • Flexible benefits fund
  • Emergency leave days
  • Adoption leave
  • 28 days annual leave (plus bank holidays)
  • Pension
  • Life cover
  • Private medical insurance
  • Parental leave
  • Education assistance program

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Salesforcerisk assessmentscompliance frameworksdata protection regulationsRBAC structuresaudit loggingencryptionproject managementcost estimationbusiness process mapping
Soft skills
collaborationcoachingdocumentationcommunicationinnovation
Certifications
Certified Information Systems Auditor (CISA)Certified Information System Manager (CISM)Certified Governance of Enterprise IT (CGEIT)Salesforce AdministratorSecurity & Privacy Specialist