Technololgy Risk Specialist

Company: NATIONAL GRID CO USA (NE POWER)
Location: Andover
Posted on: January 16, 2022

Job Description:

In accordance with guidelines regarding companies classified as Federal contractors and consistent with our core commitment of safety, National Grid has made the decision to require all new hires to be fully COVID-19 vaccinated as a condition of hire. "Full vaccination" is defined as two weeks after both doses of a two-dose vaccine or two weeks since a single-dose vaccine has been administered. Anyone unable to be vaccinated, either because of a religious belief or a disability can request a reasonable accommodation.Job Title: Technology Risk SpecialistAbout us
National Grid is hiring a Technology Risk Specialist for our security operations team in either Massachusetts or Syracuse.
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of
change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and
always look for new opportunities to grow, both ourselves and our business.About the role
The Technology Risk Specialist role provides a fast-paced and challenging opportunity for a highly motivated individual looking for exciting career development opportunity with direct exposure to leadership and stakeholders across the business.
The purpose of the Technology Risk Specialist is to:1) Help protect National Grid from information, operational and cyber security risks by ensuring threats, risks and controls are managed via a consistent process2) Influence company practices by keeping up to date with current industry trends to ensure risk management processes continue to evolve.This is a 2nd line of defence role within the 3 Lines of Defence model for Risk Management
Primary responsibilities for this role include:

• Perform, support, advise and challenge IT risk management practices and reviews to include: 1) Risk and controls identification and assessment, 2) Quantification, 3) Response and 4) Reporting and monitoring
• Articulate the business function and objectives that are most impacted if the risk were to materialize
• Correlate risk exposure to control failures and identify compensating controls
• Aptly challenge first line risk management activities by understanding quantified threat, control, forecasts & vulnerability data
• Assess the effectiveness of controls by assisting first line in creating and providing analysis of KPIs/KRIs metric data and by conducting assessments
• Work with the 1st line of defense to identify risk event root causes and remediation plans
• Challenge and ensure development of improvement plans are risk-driven
• Maintain and continually improve processes, team artifacts & key documentation
• Drive development, alignment & communication of risk standards (internal and industry best practices), supporting IT risk framework management activities and documentation
• Work with the IT teams and other Technology Risk and Security teams to evolve our risk universe and control framework to address identified weaknesses and emerging threats
• Ensure risks are accurately articulated and appropriate business and IT approval is sought where risks are being accepted, exceptions are being granted or remediation plans are being put in place
• Manage risks, controls and findings within the Archer eGRC tool
• Collaborate with your peers to find a better wayAbout you
  Knowledge and Capabilities:
  • Strong demonstrable experience in managing information systems or information/cyber security risk according to an industry standard approach (i.e. COSO, ISO, NIST)
  • Knowledge of the 3 Line of Defense model for Risk Management
  • Experience with a variety of risk tools
  • Able to demonstrate a high degree of credibility and influence senior stakeholders within the organisation
  • Ability to communicate effectively both orally and in writing
  • Excellent knowledge of information/cyber security and related principles
  • Thorough knowledge of IT and information/cyber security controls
  • Self-motivated, able to deliver with minimal supervision, and always aware of the "bigger picture"
  • Experience of relevant standards, frameworks and regulations including some of: NIS Directive, GDPR, NERC CIP, Sarbanes Oxley, PCI, NIST Cyber Security Framework, HIPAA, UK Directive 105, US Data Privacy related laws, CFATS, CCPA, MAS 201, RIITPA, NIST 800-53, COBIT 5
  • Experience in the Critical National Infrastructure (CNI) and utility industry experience preferred
  • Experience with data analytics and data visualization with excellent attention to detail when working with data sets and reporting
    Qualification Requirements:
    • Risk and Controls Certifications such as CRISC and CISA, preferred
    • Educated to degree levels in math, science or computers
    • Strong demonstrable Risk Management experience, Information Security and Compliance
    • Ability to interface effectively with other Security and Technology Risk Teams, Information Technology Leadership Team (ITLT), Control Owners, Control Operators, Enterprise Risk Management, National Grid Business Units
    • Information Systems Certifications such as CISSP, CISM or CEH, preferred
    • Working knowledge of Archer, preferredThis position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
      National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.

Keywords: NATIONAL GRID CO USA (NE POWER), Boston , Technololgy Risk Specialist, Other , Andover, Massachusetts