AVEVA is creating software trusted by over 90% of leading industrial companies.
Job Title: IT Domain GRC Specialist - Back-Office
Location: London/ Cambridge/ Madrid
Employment Type: Full-time, Hybrid
The job
The IT Domain GRC Specialist – Back Office is responsible for defining, implementing, and ensuring the effective operation of IT controls within the Back Office domain, with a strong emphasis on the Oracle ERP SaaS environment. This role ensures compliance with SOx requirements, leads the adoption of AVEVA's Crown Jewel Security Playbook, and protects critical assets through governance, identification, protection, detection, response, and recovery practices.
The role requires close collaboration with Finance, HR, Business Owners, and multiple GRC stakeholders to document control designs, manage evidence collection, coordinate key dependencies, and strengthen Role-Based Access Control (RBAC) across Back Office operations. This position plays a vital role in shaping digital risk management and maintaining a secure and compliant Back Office ecosystem.
Key responsibilities
- Document control designs for Back Office processes, ensuring alignment with Crown Jewel Playbook controls such as stakeholder inventories, supply-chain risk management, risk assessments, data inventories, and user access reviews.
- Coordinate and support Control Operators in maintaining structured, accurate evidence for control effectiveness, including backups, vulnerability scans, logging, and penetration testing results.
- Project‑manage dependencies across teams—ensuring timely SOC report reviews (Finance), JML feeds (HR), and user access reviews (Business Owners).
- Strengthen RBAC structures by reviewing roles, permissions, and access levels to support least‑privilege principles and periodic access certifications.
- Define cybersecurity and data‑protection requirements for Back Office systems, especially Oracle ERP SaaS, ensuring consistent compliance across services.
- Support readiness and response efforts for cybersecurity incidents within Back Office scope, contributing to domain‑specific security best practices.
- Identify, mitigate, and monitor cybersecurity risks related to Back Office activities, ensuring protection of Crown Jewel assets.
- Guide teams on Secure Development Lifecycle (SDL) practices, ensuring security and privacy requirements are embedded into design and delivery.
- Measure compliance with IT policies, set KPIs, identify gaps, and lead corrective initiatives. Prepare documentation for internal and external audits, as well as Executive Risk Committee submissions.
- Ensure SOx compliance through timely evidence collection, audit preparation, and proactive management of remediation activities.
- Serve as the Digital Risk representative for the domain and collaborate with broader GRC teams as required.
Essential requirements
- ISACA (or equivalent) qualification such as CISA, CISM, or CGEIT.
- Minimum 2 years’ experience in IT control design, assurance, or auditing.
- Experience documenting and presenting control recommendations to management.
- Experience estimating remediation costs and distinguishing between one‑off vs recurring expenses.
- Experience collaborating with external and internal auditors, with solid understanding of SOx compliance and Crown Jewel asset protection.
- Hands‑on experience with Oracle ERP SaaS, including implementing controls for financial and operational processes.
- Strong proficiency in documenting risk and control mappings for audit review.
- Ability to map business processes, system workflows, and RBAC structures.
- Strong MS Office skills, especially Excel, PowerPoint, Outlook, and SharePoint.
Desired skills
- Knowledge of Crown Jewel Playbook controls (e.g., patching, MFA, data encryption, incident response).
- Familiarity with Oracle ERP‑specific controls such as database hardening, data‑flow mapping, and supplier security requirements.
- Strong analytical skills and the ability to coach non‑direct reports.
- Collaborative mindset, with the ability to work across teams while establishing clear accountability.
- High attention to detail when drafting submissions or communications for auditors and stakeholders.
- Proactive approach to identifying improvements and driving evidence‑based enhancements.
IT at AVEVA
Our global team of 300+ IT professionals is responsible for the systems and platforms that keep AVEVA running. By empowering our colleagues and ensuring the smooth operation of the company, we help keep the business healthy and productivity high. We also provide key support for the transformation and modernisation efforts globally.
We pride ourselves on a collaborative, inclusive and authentic culture that provides a framework allowing for autonomy, whilst always being available for support and guidance. We respect the differences that each team member brings and seek to include those perspectives in our solutions for our business functions. The energy and sense of purpose is evident when talking to team members, you will feel part of something special from the first day you join.
Find out more: https://www.aveva.com/en/about/careers/
UK Benefits include:
Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.
It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
Find out more: aveva.com/en/about/careers/benefits/
Hybrid working
By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
Hiring process
Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.
Find out more: aveva.com/en/about/careers/hiring-process
About AVEVA
AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.
We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/
Find out more: aveva.com/en/about/careers/
AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.
AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.
