Epicareer Might not Working Properly
Learn More

Senior Security Assurance Analyst

Salary undisclosed

Apply on


Original
Simplified
AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.

For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.

Job Name: Senior Security Assurance Analyst

Organization/department: Global Security Operation, AVEVA Security

Reports to: Head of Red Team & Security Assurance

Job Overview

This role is responsible for ensuring the security and resilience of the organization's information systems by conducting comprehensive risk assessments, managing security monitoring processes, and ensuring compliance with relevant regulations and industry standards. The ideal candidate will have extensive experience in cybersecurity, strong analytical skills, and the ability to work collaboratively across different departments.

Roles And Responsibilities

Primary Duties

  • Conduct comprehensive risk assessments to identify potential security vulnerabilities within the organization's systems, applications, and processes.
  • Review the findings from the Red Team's security assessments and evaluate the associated risks within the context of the NIST Cybersecurity Framework.
  • Conduct security reviews for new software requests to ensure they meet the organization's security standards and policies.
  • Develop and maintain the security assurance framework, scope, and guidelines to ensure the organization's compliance with industry standards and regulatory requirements.
  • Collaborate with the Governance, Risk and Compliance (GRC) team to conduct comprehensive security reviews of third-party suppliers and vendors.
  • Coordinate and track assurance activities, reporting and escalating issues to ensure timely resolution.
  • Assess the effectiveness of existing security measures in mitigating risks and protecting assets.
  • Produce and maintain security assurance reporting dashboard for senior management team.
  • Monitor and manage compliance to technical standards and baselines through automated scanning and in-depth reviews.
  • Collaborate with AVEVA’s Digital Forensic & Incident Response Team to improve detection and response capabilities.
  • Collaborate with AVEVA's Security Operations Team to propose defensive improvements to AVEVA’s environments.
  • Collaborate with AVEVA’s Cyber Threat Intelligence & Hunting Team to provide an adversarial perspective input and proritise ongoing and future Red Team engagements.
  • Collaborate with AVEVA’s Governance, Risk and Compliance (GRC) Team to propose process and policy enhancements and additions.
  • Collaborate with AVEVA’s Vulnerability Management Team to prioritise remediation, mitigation, and exploitable vulnerability findings & severity.
  • Collaborate with AVEVA’s Security Engagement Team to communicate information security policies, processes, and procedures across the business.
  • Produce and maintain AVEVA Security Assurance documents to ensure these align with AVEVA vision and maturity plan.
  • Reports to Head of Red Team & Security Assurance concerning security assurance area, security events & trends, residual risk, vulnerabilities, and other security exposures.

Additional Duties

Under the guidance of Head of Red Team & Security Assurance:

  • Participate in the selection, implementation, and maintenance of security tools and technologies.
  • Contributes through security advisories, blogs, and other communication channels on current and emerging security threats to deliver security awareness programmes for employees.
  • Contribute to the development and maintenance of business continuity and disaster recovery plans for Global Security Operation.
  • Maintain awareness of applicable regulatory standards, upstream risks, and industry leading security practices.
  • Participate in security-related projects and initiatives as required.

Qualifications/Experience

Educational Qualifications

  • Bachelor’s degree in computer science, Information Security, or a related field, or equivalent experience.
  • Minimum 5 years experience in information security, with a strong focus on risk assessment, security monitoring, and compliance.
  • Solid understanding of security frameworks, standards, and best practices (e.g., NIST, ISO, OWASP).
  • Strong analytical and problem-solving skills, with the ability to identify and mitigate security risks.
  • Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to both technical and non-technical audiences.
  • Proven ability to work collaboratively across different departments and teams.

Technical Competency and Experience

  • Experience with common information security management frameworks, such as MITRE Att&ck, International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) or Center for Internet Security (CIS) frameworks.
  • Knowledge of security protocols, encryption techniques, and secure coding practices.
  • Experience with security testing methodologies, including penetration testing, web application security testing, and code review techniques.
  • Familiarity with cloud security principles and best practices (e.g., AWS, Azure).
  • Good communication skills and ability to working with all stakeholders, internal and external, finding, advising and implementing the best solutions.
  • Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversary’s tactics and techniques and focus incident response.
  • Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.

Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.