NATIONAL GRID CO USA (NE POWER): Manager, Risk

In accordance with guidelines regarding companies classified as Federal contractors and consistent with our core commitment of safety, National Grid has made the decision to require all new hires to be fully COVID-19 vaccinated as a condition of hire.

” Full vaccination” is defined as two weeks after both doses of a two-dose vaccine or two weeks since a single-dose vaccine has been administered.

Anyone unable to be vaccinated, either because of a religious belief or a disability can request a reasonable accommodation.Job Title: Risk Manager, Technology Risk Programme AssuranceAbout usNational Grid is hiring a Risk Manager, Technology Risk Programme Assurance for our Technology Risk team based in either Syracuse or Massachusetts!Every day we deliver safe and secure energy to homes, communities, and businesses.

We are there when people need us the most.

We connect people to the energy they need for the lives they live.

The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow.

This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.About the roleThe Project & Programme Risk Assurance Team provides Risk Assurance on technology enabled change programs and technology related regulatory requirements across the US and UK.The Risk Manager role provides a fast-paced and challenging opportunity for a highly motivated individual looking for exciting career development opportunity with direct exposure to leadership and stakeholders across the business.Candidate will work with projects and programmes to inform them of controls that are required to be implemented prior to go-live, whilst working closely with the Controls Assurance and other 2LOD teams such as Controls & Compliance.Key accountabilities will include: Own a portfolio of Projects and work with them throughout their lifecycle to assess and inform applicable IT Controls Review evidence to ensure controls have been designed, implemented and tested Based on controls validation, provide risk opinion on projects and programs prior to implementation Establish and maintain relationships with key stakeholders, including Program Leads, Security and other SMEs Willingness to challenge programs, projects and leadership on controls, compliance and security matters Work closely with Controls & Compliance to understand the Sox environment and the impact of any Projects to applicable Sox controls and test the design and effectiveness of these controls Interface with IT/OT support teams, legal and other stakeholder individuals and teams as required.

Review and provide guidance to team over identification, testing and opinions of IT Controls over their portfolio of Projects Maintain and continually improve processes, team artifacts & key documentationAbout youKnowledge and Capabilities: Experience of either working in or providing assurance over technology enabled projects and programs Experience and knowledge of project lifecycle including stage gates, agile frameworks etc.

Understanding of SSAE 16, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles Strong demonstrable experience in managing information systems or information/cyber security risk according to an industry standard approach (i.E.

COSO, ISO, NIST) Knowledge of the 3 Line of Defense model for Risk Management Experience with a variety of risk tools Able to demonstrate a high degree of credibility and influence senior stakeholders within the organization Ability to communicate effectively both orally and in writing Excellent knowledge of information/cyber security and related principles Thorough knowledge of IT and information/cyber security controls Self-motivated, able to deliver with minimal supervision, and always aware of the “bigger picture” Experience of relevant standards, frameworks and regulations including some of: NIS Directive, GDPR, NERC CIP, Sarbanes Oxley, PCI, NIST Cyber Security Framework, HIPAA, UK Directive 105, US Data Privacy related laws, CFATS, CCPA, MAS 201, RIITPA, NIST 800-53, COBIT 5 Experience in the Critical National Infrastructure (CNI) and utility industry experience preferred Experience with data analytics and data visualization with excellent attention to detail when working with data sets and reportingAttributes: Strong interpersonal skills Ability to persuade control owners and operators in designing controls commensurate with risk Ability to support the business through change assurance and risk management Ability to translate technical concerns to business and associated risks a mustQualifications: Risk and Controls Certifications such as CRISC and CISA, preferred Educated to degree levels in math, science or computers Strong demonstrable Risk Management experience, Information Security and Compliance Ability to interface effectively with other Security and Technology Risk Teams, Information Technology Leadership Team (ITLT), Control Owners, Control Operators, Enterprise Risk Management, National Grid Business Units Information Systems Certifications such as CISSP, CISM or CEH, preferred Strong experience of Sox testing, preferred Working knowledge of Archer, preferredThis position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills.

Candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise.

?We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve.

?National Grid is proud to be an affirmative action employer.

We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.