National Grid Business Information Security Officer, Security Services in Syracuse, New York
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business
The Business Information Security Officer’s (BISO) role will be the focal point for effective engagement between business areas and the Security Team. This role will be a trusted adviser to senior business and technology stakeholders and provide broad knowledge of security strategies, policies, processes, architecture and road maps to enable divisions/business to understand and meet security requirements.
The BISO role will reporting to the Head of Business Information Security Officer and work closely with the with the business, supporting to operate within information security risk appetite. The BISO will be an essential business partner and will take responsibility for the assessing and managing information security risk for the business.
This role will focus on ensuring that Information Security is considered in respect of all elements of Business. The BISO will be required to support business units with the design and implementation of central security strategies
1. Build maintain effective relationship with a division’s Business and Technology stakeholders. Be the voice of information security in the division/business area and the voice of the business within information security.
2. Raise the profile of security within the organisation by being pro-actively involved with stakeholders and customers.
3. Own and communicate the divisional roadmap for information security aligned with risk appetite and overall security roadmap. Align information security responsibilities and working practices of divisions and security teams. Identify and resolve risks and issues.
4. Facilitate planning, introduction, delivery of information security services and initiatives e.g.
• security capability / maturity improvement,
• delivery of point services such as vulnerability assessments, project risk assessments, vendor assessments
• divisional security awareness and educations
• delivering targeted security and risk briefing
5. Collate demand for security and collaborate across the security team to balance supply and demand of security and divisional resources.
6. Contribution to development and implementation of security architecture, and the design of security service and processes.
7. Ensure that policy compliance is appropriate to the organisational and Business Unit’s level of risk acceptance.
8. Demonstrate to stakeholders that appropriate security controls are in place and own/create actions plans to manage improvement or change where necessary.
9. Advise stakeholders on how to achieve the relevant controls and assist with solutions to support them.
10. Where necessary ensure that processes are documented and communicated in language that is relevant and understandable to international and /or non-technical audiences.
11. Ensure all proposed technical solutions uphold security requirements.
12. Support and deliver security initiatives as needed and be able to demonstrate and track progress to stakeholders.
13. Manage divisional security incidents, working closely with group and divisional stakeholders.
14. Any other duties relating to the remit of a role of this standing as required by the needs of the business.
The ideal candidate profile will include the following points:
1. The ability to build good relationships at all levels and across all business units and organisations, and the ability of influence stakeholders of all levels
2. Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
3. Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams.
4. Highly self-motivated and directed, with keen attention to detail.
5. A good understanding of security frameworks including ISO27001/NIST/SANs.
6. Have a relevant industry certification such as CISSP, CISM, CRISC or similar
Individuals selected for this role are expected to have both extensive knowledge and managerial know-how related to the following aspects of the CISO pillar skills matrix:
Experience managing multi-function relationships throughout major transformation;
1. Understanding of security technology;
2. Experience in a role balanced between business stakeholders and a central service organization;
3. Navigating a multifaceted, matrix organization; and
4. Collaborating with multiple stakeholders across functional and technical skillsets.
5. Analytical: Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance.
6. Technical: Broad understanding of security technology.
7. Business: High level understanding of utility/energy sector business model, service offerings, and business operating environment as it pertains to the firm's threat landscape. Ability to frame threats and exposures in a business context recognized by non-technical staff and executives.
8. Domain landscape: Knowledge of technical security operating principles
9. Communication: Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms' staff and leadership to enable effective information security activities and processes in line with the cyber readiness program
5 years of relevant security work experience and 4 years of experience in project management. Knowledge of security system technologies and supporting electrical and IT infrastructures desirable
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team