Skip Navigation

Careers

Search Jobs

or Search with LinkedIn

Senior Analyst, Program Risk Assurance Apply Now

Job ID 18881 Location Waltham, Massachusetts Organization Legal, Regulatory and Compliance Department IT Security Technology Risk

About us

National Grid is hiring for a Senior Analyst, Program Risk Assurance for our Cyber Risk Assurance team in Waltham, MA.

Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.

To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.

Job Purpose

The Project & Program Risk Assurance Team provides Risk Assurance on technology enabled change programs and technology related regulatory requirements across the US and UK.
•    Coordinate with Subject Matter Experts to ensure projects are up to internal standards 
•    Interface with IT/Operational Technology support teams, legal and other stakeholder individuals and teams as required.  
•    Interface with projects and programmes from start-up to service transition and be able to provide advice on IT Control design and review evidence of compliance 
•    Share best practice within wider Technology Risk 2LOD function 

Key Accountabilities

•    Candidate will work with projects and programs to inform them of controls that are required to be built & implemented prior to go-live 
•    Review evidence to ensure controls have been designed, implemented and tested 
•    Based on controls validation, provide risk opinion prior to implementation 
•    Must have deep understanding of Information Systems, Security techniques, Controls and Risk Management principles.
•    Must be able to work independently and establish strong working relations across various lines of the business.
•    Must be an effective communicator, with strong presentation skills, and be able to communicate to projects and programme risks related to Information Security and related controls.
•    Must be able to demonstrate working knowledge of UK/US regulations and possess a strong background in process development to enhance current processes.
•    Experience of either working in or providing assurance over technology enabled projects and programmes
•    Experience of project lifecycle including stage gates
•    Strong working knowledge of control frameworks (NIST CSF, NIST 800-53, COSO, CobIT, ISO, UCF)
•    Strong Interpersonal Skills (ability to bring people together to solve complex issues)
•    Understanding of Security and Risk Management, including those related to outsourcing
•    Understanding of SSAE 16, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles

Supervisory/Interpersonal- Experience Required

•    Good interpersonal skills required to work with internal/external stakeholders and liaising with audit personnel.

Qualifications

•    Bachelors degree 
•    Preferred Certifications: CISA, CISSP, CISM, CRISC 
•    Experience of IT controls and/or IT risk assurance 
•    Experience at least two of the following, with all preferred: Information Technology, Operational Technology, Cyber Security, Power and Utilities / Electrical Engineering,              Regulatory Compliance, Risk Management, Internal Controls Assurance / Quality Assurance , IT Sarbanes-Oxleyx 
•    Experience of either working in or providing assurance over technology enabled projects and programs 
•    Experience of project lifecycle including stage gates
•    Full end to end knowledge of software development lifecycles and projects including the various stage gates and what good looks like in requirements, build, test, data migration, cutover and go-live activities
•    Demonstrated knowledge of industry standards, regulations and methodologies, including NIST, COBIT, ITIL, SOx, NERC CIP, PCI, HIPAA, etc.
•    Experience of forming opinions over applicable controls based on available information and providing guidance on design of controls where required 
•    Experience of providing risk- based opinion and providing reporting to the business based on reviewing evidence of controls 

Must Have skills
•    Risk Management, Information Security and Regulatory Compliance, or Controls Assurance 
•    Ability to generate succinct and impactful reporting that combines technical knowledge and business ‘easy to understand – non- jargon’ language 
•    Proven ability to deliver BAU activities within tight timescales to high quality 
•    Ability to manage and engage with multiple stakeholders at all levels, including Project Managers/Leadership, IT/OT support teams and other stakeholder individuals and          teams as required 
•    Strong interpersonal skills 

Preferred Skills
•    Communications, Building relationship with Stakeholders, giving opinion based on the risk and control environment of any project/program 
•    Strong team player and able to help improve current processes and procedures 
•    Share knowledge and expertise within Tech Risk team and work with other teams such as Controls Assurance and Vendor Management 

Core Business/Foundation Skills

Business Capability - Customer
Business Capability - Project Management
Business Capability - Stakeholder Engagement
Leadership Quality - Lead through ambiguity and change
Leadership Quality - Start and finish with the customer in mind
Leadership Quality - Deliver excellent performance
Business Capability - Performance Excellence

More Information

This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.

National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.

Apply Now