Lead Architect, Security

In order to support and enable the Big Work and the dramatic shift in today's cyber-risk landscape, our security decision-making and implementation processes are shifting from centrally controlled, stage-gated, waterfall approaches to more decentralized and agile methods. Instead of being confined to a centralized authority, risk decisions are to be made at the edge by delegated CISOs using agile processes and cyber judgment.

To facilitate this shift, cybersecurity requires scalable processes that can effectively handle conflicts, excess residual risks, and exception requests. These processes should be able to provide hands-on support at the speed required by the business.

The Global CISO is embracing an approach that involves centrally creating cybersecurity policies and capabilities with input from delegated CISO's. These policies and capabilities are then adapted locally into standards, guidelines, and operating procedures. The "what" is defined centrally, while the "how" is resolved locally.

National Grid is hiring a Lead Security Architect. This is a hybrid position located in Waltham, MA.

Our vision is to be recognized as a world leading Information Technology and Digital function in the energy sector and a trusted partner across National Grid businesses. In the Security Architect role, you will play a crucial role in ensuring our organization's information systems/operational technology is secure and protected against cyber threats. Your expertise will help us identify potential risks and vulnerabilities and develop effective mitigation strategies to protect our assets and support our vision of being a leader in our industry.

* Providing a security service steer to the projects and programs, on security related matters.
* Ownership and definition of the security scope/architecture for a variety of projects deployed globally
* Drive security requirements, architectures, patterns and approaches via the company's processes.
* Day to day engagement with development teams to advise and consult on security matters
* Work closely with project teams, DevOps teams to ensure solution complies with security requirements and that risks are appropriately managed.
* Removing impediments for the successful delivery of the security related initiatives
* Provide technical security input as required by the security policy lead.
* Coordination of technical design/review activities with various segments within the Security team.
* Accountable for ensuring that key risks and issues are identified, addressed, and resolved in a manner that satisfies the business.
* Accountable for ensuring residual risk is captured and owners are identified.
* Conduct regular 1st line risk assessments to identify potential cyber threats and vulnerabilities to the business's systems and data.
* Conduct 1st line supply chain assurance for suppliers, in co-ordination with the 2nd line Vendor Assurance team
* Conduct reviews of new or existing Vendor contracts to ensure appropriate clauses and addendums are included with the 3rd party contracts
* Develop and implement strategies to mitigate cyber risks and enhance the business's security posture.
* Stay up-to-date with the latest cyber threats and trends, and recommend appropriate security controls and countermeasures.
* Maintain documentation and reporting on security-related activities, including risk assessments, incident response, and compliance audits.

* Bachelor's degree in a relevant discipline, or an equivalent combination of education, training, and experience.
* 7 or more years of related experience.
* Collaborate effectively with colleagues and suppliers in different time zones.
* Strong analytical and problem-solving skills for making sound decisions under pressure.
* Foster positive work environment with teamwork and effective communication.
* Ability to influence, build relationships, and demonstrate team leadership skills in fast-paced, ambiguous, and autonomous professional service environment.