Empleos actuales relacionados con Vice President, IT Security - Madrid - AVEVA

AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: Vice President, IT Security Location: Any AVEVA Group location   Employment Type: Full-time regular The job We are seeking a dynamic leader to head Corporate IT Security. This role reports directly to the AVEVA CIO, with a dotted-line reporting relationship to the Group CISO. As Vice President, you will collaborate closely with the Group CISO and Product Security teams to ensure Corporate IT is fully aligned with the enterprise security strategy, as defined by the CISO. The focus is execution within Corporate IT, delivering enforceable standards, control baselines, and reference architectures that 1LOD teams embed across IT delivery. The VP is accountable for executing the enterprise security strategy within Corporate IT as defined by the CISO. The VP owns Corporate IT security risk management and compliance, including policy and standards implementation, operational assurance, reporting with the IT Office, ISO/IEC 27001 implementation, and obligations under NIS2, CRA, and GDPR. The role oversees Corporate IT Digital Security Trust Standards. Leading Security Architecture and Engineering for Corporate IT. This includes secure by design reference architectures, a formal application certification process, and reusable security services such as DLP integrated into CI/CD and infrastructure. The VP runs 24x7 security monitoring for Corporate IT and coordinates for R&D where required. Scope includes vulnerability management, operational threat hunting, continual improvement of detection platforms and playbooks, and end to end incident management. Accountable for Corporate IT data protection and privacy in partnership with Legal and Data Privacy. This includes privacy by design controls, data classification and retention, and governance of internal identity and access management, including high risk access, exceptions, and continuous control monitoring. The VP also leads vendor selection and performance for security services and fosters collaboration across Corporate IT, R&D, Schneider Electric Cyber Security, and business functions to embed security in line with AVEVA priorities and risk appetite. In partnership with the CISO, the VP helps convene a cross-functional forum that brings together security leaders across the function to ensure alignment and cohesive execution. Key Responsibilities Security Strategy & Standards Provide Corporate IT inputs to the enterprise security strategy in collaboration with the CISO and Product Security, ensuring it is cohesive and complete. Execute the enterprise security strategy within Corporate IT, as defined by the CISO, by translating it into enforceable standards, control baselines, and security reference architecture (e.g., Zero Trust, endpoint hardening and disk encryption) in partnership with 1LOD teams. IT Corporate Security – Governance, Risk & Compliance Own Corporate IT Security risk management, ensuring risks are identified, assessed, prioritized, and mitigated. Design and run the Corporate IT Security program across risk assessments, policy and standards rollout, operational compliance, and reporting, in close collaboration with the IT Office for consistent GRC. Lead Corporate IT responses to audits, regulatory inspections, and customer security assurance, ensuring timely remediation. Establish and maintain a centrally managed Corporate IT control environment with clear evidence of compliance and effectiveness, working with the IT Office. Champion accountability and continuous improvement using insights from assurance activities, incidents, and audits. Provide challenge and oversight of 1LOD to ensure controls are well designed and operate effectively and sustainably. Ensure Corporate IT Security GRC requirements are measurable, testable, and aligned to business objectives and stakeholder expectations. Legislative, Regulatory, International Standards & Trust Standards Ensure Corporate IT meets NIS2 and CRA obligations in partnership with Legal and 1LOD, aligning on requirements and timelines. Lead ISO/IEC 27001 for Corporate IT by defining ISMS scope, running gap assessments, funding and tracking remediation, conducting pre audit rehearsals, and issuing independent go or no go recommendations. Lead Corporate IT customer security assurance end to end, from pre contract due diligence to post contract audits, responding to queries and keeping obligations within risk appetite. Own Corporate IT responses to Digital Security Trust Standards, set and deliver the roadmap, and drive continual improvement Internal Identity & Access Management (I-IAM) Set guardrails and standards with 1LOD, challenge designs and changes, and approve time bound exceptions with compensating controls. Run operational assurance including design and effectiveness testing and continuous control monitoring and hold 1LOD accountable. Govern critical and high-risk identity scenarios and run periodic access reviews for high risk applications. Security Architecture Embed security in Corporate IT solution and enterprise architecture from the outset. Maintain reference architectures and blueprints that operationalize secure by design. Operate a formal application certification process including design reviews, threat assessments, and certification before release, aligned to risk appetite and regulatory needs. Security Engineering Build reusable security services, automation, and hardened baselines such as DLP and central logging. Integrate security checks into Corporate IT delivery pipelines and deployments. Ensure security building blocks are easy to consume and well documented for IT and business teams. Security Monitoring, Operations & Incident Management Lead 24x7 monitoring for Corporate IT, coordinating for R&D when required. Activities include vulnerability and exposure management, threat hunting, and detection engineering. Lead Corporate IT incident response end to end, coordinating with 1LOD, business functions, Schneider Electric, the CISO, and R&D on major incidents. Operate and improve central detection platforms such as SIEM and vulnerability scanning and associated playbooks. Run tabletops and purple or red team exercises with the CISO and convert lessons into durable improvements. Data Privacy & Data Loss Prevention (DLP) Partner with Legal and Data Privacy to ensure Corporate IT controls meet GDPR, NIS2, and CRA obligations. Ensure Corporate IT privacy risks are identified and mitigated within risk appetite. Own DLP strategy, implementation, and continuous improvement across Corporate IT and business functions. Work with 1LOD to deploy and integrate DLP and connect alerts to logging and incident workflows. Keep DLP solutions easy to consume and supported. Review effectiveness and adapt to evolving threats and needs. Vendor Management Lead selection, onboarding, and performance management of Corporate IT security products and services. Ensure third party vendors meet AVEVA security, compliance, and operational standards. Collaboration & Influence Build strong relationships with the CIO, Schneider Electric Cyber Security, and leaders across Corporate IT, R&D, and business functions. Act as the bridge between policy and execution for Corporate IT, ensuring security is embedded in every initiative. In partnership with the CISO, convene and participate in a cross‑functional security leadership forum to ensure alignment, continuous feedback, and cohesive execution across security domains. Ideal knowledge and experience 15+ years in IT security, primarily in senior leadership delivering Corporate IT Security in global, complex organizations. Proven, strategic, results driven leader of Corporate IT Security transformations. Demonstrated leadership with ISO/IEC 27001 and directives such as NIS2 in Corporate IT. Experience leading multinational Corporate IT Security teams; CISO exposure advantageous. Deep expertise across SaaS, PaaS, cloud, and data center security. Preferred experience enhancing security in software product and services organizations. Hands on leadership of incident response and resilience with minimal business disruption. Track record building high performing international teams with accountability and continuous improvement. Recognized for governance frameworks that give executives clear visibility of risk, compliance, and priorities. Strong engagement with regulators and customers, able to defend posture and close issues. Excellent C suite communication, translating technical risk into business terms. Strong vendor leadership, building partnerships that strengthen Corporate IT security. Consistent collaboration and continuous improvement aligned to evolving business needs and risk appetite. IT at AVEVA Our global team of 300+ IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company, we help keep the business healthy and productivity high.  We also provide key support for the transformation and modernisation efforts globally. We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join. Find out more: UK Benefits include:   Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus