Security Resilience Manager - Hybrid

About The Role

At National Grid, we keep people connected and society moving. But it’s so much more than that. National Grid supplies us with the environment to make it happen. As we generate momentum in the energy transition for all, we don’t plan on leaving any of our customers in the dark. So, join us as a Cyber Exercising and Resilience Manager, and find your superpower.

The Cyber Exercising and Resilience Manager plays a crucial role in minimising National Grid's costs associated with security cyber incidents. They achieve this by developing and implementing comprehensive planning and preparation processes that encompass all aspects of security and resilience. The manager evaluates the effectiveness of existing cyber contingency measures and leads necessary improvements. They also ensure that National Grid personnel are well-prepared and trained to fulfill their security-related duties and responsibilities in alignment with relevant cyber policies, procedures, and agreements.

National Grid is hiring a Cyber Exercising and Resilience Manager for our Security department. This is a hybrid role based in Warwick. 
 

Key Accountabilities

• Exercise Design & Development: Create realistic cyber incident scenarios, focusing on the full lifecycle of an incident including identification, containment, remediation, recovery and post-incident analysis.
• Stakeholder Management: Proactively engage with key stakeholders across the organization to gather insights, align exercise objectives and regulatory requirements, and ensure everyone is informed and involved through the process. Work with incident response teams, business units, and technical support teams to identify critical assets, potential risks, and dependencies. Also provide support to other exercising teams fulfilling cyber security themed exercises.
• Facilitation: Lead tabletop exercises, ensuring all stakeholders review their response processes to better understand their roles during a cybersecurity incident and ask probing questions to draw out responses.
• Assessment: Evaluate response and recovery plans and procedures as they relate to cyber incidents in National Grid’s most critical environments, focusing on the objectives identified by the business. 
• Post-exercise Reporting: Compile after-action reports (AARs) with actionable feedback and insights, offering recommendations to refine incident response plans, procedures, and engagement processes, and ensure ownership of remediation plans to improve security posture. 
• Incident Response Process Understanding: Have a solid understanding of best practices across the entire incident response process, including escalation points, internal and external communications and business impact mitigation. 
• Regulatory Requirements: Providing oversight coordination and assurance of an effective exercise program to fulfil regulatory objectives (SWIFT, NIS, NERC CIP, NYPSC Data Privacy, TSA Gas Pipeline Directive).

About You

• Experience in the development and orchestration of response and recovery tabletop exercise or live simulation activities (preferably in a cybersecurity or IT environment).
• Proven capability to evaluate response and recovery capabilities and the ability to identify innovative solutions.
• Previous experience collaborating within virtual teams with positive outcomes.
• An established team player able to work under pressure, manage multiple activities, using their own initiative and motivation to meet deadlines and set priorities without close supervision. 
• Previous experience working in a resilience, information technology, security operations or other related roles. 
• Understanding of common cyber threat types and how they manifest in Enterprise IT, Critical National Infrastructure (CNI), and Operational Technology (OT) / Industrial Control (ICS) environments.
• Strong verbal and written communication skills and the ability to communicate effectively to both technical and non-technical stakeholders are essential.
• Strong stakeholder management skills, with the ability to engage and maintain relationships across multiple departments and levels of the organization.

Qualifications

• Educated to degree level or post graduate level (equivalent combination of education and experience).
• Certification in cyber security or incident response (e.g., Security+, CISSP, CISM, or similar).

More Information

A competitive salary between £55,000 – £69,000 – dependent on capability

As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, salary sacrifice car and technology schemes, support via employee assistance lines and matched charity giving to name a few.

#LI-RL1
#LI-HYBRID

At National Grid, we work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office.

Our goal is to drive, develop and operate our business in a way that results in a more inclusive culture. All employment is decided on the basis of qualifications, the innovation from diverse teams & perspectives and business need. We are committed to building a workforce so we can represent the communities we serve and have a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.