Salesforce Global Risk & Compliance Lead

Salesforce Global Risk & Compliance Lead

AVEVA is creating software trusted by over 90% of leading industrial companies.

Location: London or Cambridge

Employment Type: full-time

We are seeking a highly experienced Global Risk & Compliance Lead to oversee risk management, security, and compliance for our Sales Enablement platforms, primarily focused on Salesforce. This role is responsible for ensuring that Salesforce solutions meet global regulatory requirements, align with enterprise risk frameworks, and maintain the highest standards of data protection, security, and governance. Reporting to the Sales Enablement Domain Director with a dotted line to the Head of IT GRC, this position collaborates closely with Sales Enablement teams to document control designs, organize evidence collection, manage dependencies (e.g., JML feeds from HR, access reviews by Business Owners), and strengthen Role-Based Access Control (RBAC) structures. The key objective is to ensure compliance with Sarbanes-Oxley (SOX) requirements, implement controls from the Crown Jewel Security Playbook (e.g., risk assessments, access reviews, patching, backups), and satisfy the Crown Jewel Security Policy by protecting critical assets through governance, identification, protection, detection, response, and recovery measures.

The ideal candidate will bring deep expertise in compliance, risk management, and Salesforce governance, with the ability to work with globally distributed teams and collaborate across business, legal, and technology functions.

Responsibilities

• Define and maintain global compliance and risk frameworks for Salesforce implementation and operations.
• Documenting control designs for Sales Enablement processes, ensuring alignment with Crown Jewel Playbook controls (e.g., critical stakeholder inventory, supply chain risk management, risk assessments, data inventory, user access reviews).
• Project managing dependencies on other teams, such as timely Joiner-Mover-Leaver (JML) feeds from HR, and access reviews by Business Owners.
• Conduct risk assessments to identify, evaluate, and mitigate risks related to Salesforce data, processes, and integrations.
• Develop controls to ensure compliance with internal policies and external regulations.

Skills & Qualifications

• ISACA (or equivalent) qualification: Certified Information Systems Auditor (CISA), or Certified Information System Manager (CISM), or Certified Governance of Enterprise IT (CGEIT).
• 5+ years of experience in risk, compliance, or governance roles, with at least 3 years focused on Salesforce or large-scale SaaS implementations.
• Strong knowledge of global data protection regulations (GDPR) and industry compliance frameworks (SOX, ISO 27001).
• Salesforce certifications (e.g., Salesforce Administrator, Security & Privacy Specialist).
• Proven track record in implementing risk and compliance programs across multiple geographies.
• Experience with Salesforce security and compliance features, including Shield, encryption, access controls, and audit logging.
• Experience estimating costs of remediation activities / projects, split by one-off vs recurring costs.
• Proficiency in documenting risk and control mappings for review by external auditors, with appreciation of impacts on financial statements.
• Ability to document and coach others on business process and system mapping, including RBAC structures.
• MS Office, especially MS Outlook, Excel, PowerPoint, and SharePoint; analytics skills an advantage.
• Knowledge of Crown Jewel Playbook controls (e.g., patching, MFA, data encryption, incident response) and Policy directives (e.g., govern, protect, detect).
• Excellent communication, stakeholder management, and leadership skills.