Massachusetts Information Technology Jobs

Search for Jobs in Information Technology
MassHire JobQuest Logo

Job Information

National Grid Strategic Risk Manager in Waltham, Massachusetts

About us

National Grid is hiring a Strategic Risk Manager for our security operations team in Waltham, MA.

Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.

To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.

To find out more about us and what we do click here (https://www.nationalgrid.com/about-us)

About the role

Are you excited about working in Energy, Critical Infrastructure and Operational Technology and have in-depth risk management experience? We have a unique opportunity in cyber security for a Strategic Risk Specialist to assess IT, OT & Critical Infrastructure within the energy sector. The primary purpose of the team is to perform and maintain strategic cyber security risk assessments and improvement plans for IT and OT environments across Gas, Electric environments including substations, control centres, compressors, terminals and interconnectors. As Strategic Risk Specialist you will conduct iterative quality assessment of vulnerability, security controls, threat and business impact to better understand evolving risks and in turn inform current and future security strategy.

Key Accountabilities include:

  • Leading strategic and system level cyber security risk assessments for new or existing IT, CNI and OT environments, analyzing attack paths and architectures to identify and present critical risks and potential remediations

  • Embedding security risk management best practices within security & business functions

  • Driving Risk Management Framework activities within the System Development Lifecycle

  • Delivering high quality quantitative and qualitative strategic reporting for business stakeholders & senior leaders

  • Manage first line risk interfaces and relations with US business entities

  • Manage delivery of risk reporting and communication of risk to US leadership

About you

Ideally you will have:

  • Leadership experience managing a team

  • Excellent communication skills for articulating complex topics

  • 5+ years experience utilizing risk assessment methodologies (e.g. NIST 800-30, ISO27001, FAIR)

  • 5+ years of demonstrable experience working with industry best practices and security control frameworks (e.g. NIST 800 53, ISO 27001, IEC 62443, NIST CSF)

  • 5+ years of demonstrate experience implementing security risk management frameworks (e.g. NIST 800-39, 800-37.)

  • Have extensive experience implementing, managing and refining Information Security Risk Management Frameworks and supporting tools such as Archer

  • Ability to communicate complex messages both orally & in writing using quantitative & qualitative measures to senior leaders across the business

  • Confidence to challenge, take ownership of complex challenges, lead risk assessments, agree and build future improvement plans

  • Moderate to basic understanding of ICS/SCADA

  • Experience assessing IT &/or OT environments against a known best practice

Qualifications Required

Must Have:

  • Educated to degree level (or equivalent combination of education and experience)

  • Experience in Cyber Security (Risk management, Strategy, Ops, etc.)

  • Relevant security risk qualifications (i.e. CRISC, FAIR.)

  • Experience with Agile Delivery methodology

  • Information Security Qualifications such as CISSP

Desirable:

  • Knowledge of Cyber Security within IT or OT (ICS, SCADA, IEC62443, etc.)

  • Experience with IEC 62443 and Industrial Control System Security or risk management (GISCSP/GRID certification)

  • Energy industry experience

To read the full role profile click here (https://careers.nationalgrid.com/download_file/596/0)

More Information

This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.

National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.

DirectEmployers