AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at

The Quality and Information Security Internal Auditor is responsible for ensuring the smooth running and maintenance of a comprehensive internal audit system in relation to AVEVA’s Quality and Information Security certifications and providing support on various operational matters and products.

This Role is primarily responsible for performing internal audits, information security control and system review and design. The successful candidate should have broad information security and audit experience, a high degree of professionalism, a friendly and collaborative demeanour, and strong verbal, written, and organizational skills. This position typically reports to the Manager of Information Security.

What you get to do in this role :

Responsibilities include but not limited to the following :

Plan, establish, execute, document & report, consult, verify & close Information Security Internal audits

Perform analysis of information security standards such as ISO 27001 : 2022 and create compliance reports for information security standards and other requirements.

Understand the scope of AVEVA Security requirements and perform information security internal audits

Determine the compliance of support functions and delivery verticals against the information security requirements

Facilitate the audits by client and client certified audit firms

Carry out detailed review of the audit remediation plans, continually track issue closures, and conduct re-verification review of issues prior to submitting to client

Maintain an up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance

Present reports and recommendations to the Internal Audit Leader on information security issues

Work independently under the general direction of the Internal Audit Leader to ensure timely and accurate completion of information security internal audit objectives and perform the requisite preparation

Perform testing of internal controls specified in Information Security Policies

Recommend security policy changes and enhancements

Support the Information Security program including development, collection, assessment, and reporting of metrics

Collaborate with Internal & External Auditors on information security and compliance matters

To be successful in this role you require :

Ability to plan, execute and document Information Security Internal Audits

Strong presentation skills and experience with technical, managerial, and executive audiences

Ability to understand and create written and graphical representations of processes and systems

Ability to communicate well at all levels with strong interpersonal skills including the ability to support, advise and influence senior and managers and executives

Ability to measure and report the effectiveness and efficiency of security activities

Strong analytical skills, ability to analyse operational data.

Excellent organisation skills with a structured working methodology

Excellent documentation, communication, and interpersonal skills

Required Competencies / Qualifications

At least 4 to 8 years of working experience as an information Security auditor.

Minimum B.E / BTech / MSC.

Knowledge of ISO 27001,9001, NIST requirements and certification. CISA, CISM and CISSP are good to have

Knowledge on Cloud DevOps, Supplier Management and Supplier Audits

Knowledge of the software design and development lifecycle, commercial software development and release management, and in-life support processes.

Prior knowledge and experience on performing Testing of internal controls specified in Information Security policies

Working knowledge of IT Auditing and compliance practices Audit report writing

Broad-based IT experience with technical knowledge of Network Design, Infrastructure Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Applications Security and Source Code review

Knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception, and audit trails