We are National Grid, and we are at the heart of energy. From heating homes to making sure businesses fire on all cylinders, we’re using our engineering excellence to connect people and the planet. We’re also looking to the future – innovating, inventing, and transforming – to make possible the energy systems of tomorrow. And that’s why there’s never been a more exciting time to join us and help us to make a difference to people’s lives every day.
This position has the flexibility to be based from either our Warwick or Wokingham office.
A competitive salary dependent on capability
As well as your base salary, you will receive a company car or allowance, a bonus of up to 20% of your salary for stretch performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, a salary sacrifice technology scheme, support via the employee assistance line and matched charity giving to name a few.
The role of Head of UK Security Architecture will act as the senior security design authority for National Grid UK, ensuring that a Security Architecture is formally approved and adopted to ensure that the complexity of our environments can be managed securely and successfully, delivering to the business values, goals, and objectives.
The role will provide a focal point for the creation and re-use of value by leading security architectural change in our business and industrial control system environments, establishing vision and planning for future state security architectures, influencing and directing DR&S, National Grid and Partner leaderships accordingly.
The role will define and own the creation and operation of the National Grid Security Architecture function establishing a formal methodology and framework for risk driven information security and information assurance architectures, supporting critical business initiatives, driving a philosophy of resilience and recovery.
The role will lead and manage the production of SABSA compatible enterprise security architecture and associated patterns, ensuring all National Grid security services are appropriately documented within IS tools, and available for re-use by architects and others.
The role will provide direction to DR&S functions and business areas through the production of enterprise reference patterns, an Information Security Policy Architecture, and the leadership of, or representation at, appropriate governance boards.
- Lead and manage the UK security architecture function addressing business needs holistically, articulating pragmatic, credible and effective people, process & technology based reference patterns.
- Lead the creation of value by ensuring the development and adoption of re-useable security service patterns for complex systems, ensuring consistency with stated security strategies.
- Interpret identified risk and establish the required remediation within the UK security architecture to remedy the risk.
- Ensure that the security architecture aligns with the business vision and maintain security architectural flexibility.
- Develop reference enterprise security architectural patterns to be adopted by Security Architecture ensuring they reflect Contextual, Conceptual, Logical, Physical, Component and Operational components.
- Provide direction on the potential adoption and securing of emerging technologies and changing business needs ensuring alignment with the long-term security architecture vision.
- Guide various business and IT teams as needed toward a common architecture and engage stakeholders as advocates of the vision.
- Establish a mechanism for the formal approval, adoption and maintenance of the enterprise security architecture.
- Provide leadership in transforming the DR&S architecture function into a proactive value-added business-focused service provider, while ensuring that risks are identified and managed appropriately.
- Maintain oversight of portfolio security architecture, to identify emerging risks and ensure a mitigation path for identified risks.
- Establish and manage a framework through which the system and application level SDLC is mandated and managed.
The position requires a disciplined thinker capable of developing and maintaining an architectural framework within which complexity is broken down, so it can be clearly articulated and managed successfully. The individual will need to lead and influence senior leadership, working across organisational boundaries to ensure that appropriate and appropriate security architecture is adopted and supported throughout the business.
The role requires the individual to be business and service focused, understanding the inter-relationship between technical and procedural solutions to support the long term needs of the business, taking account of operational / long term costs and influencing support for agreed security strategies.
Requires leadership and influencing skills at a senior level, capable of communicating strategically, achieving stated aims and goals. Good organisational skills, time management, attention to detail and accuracy over multiple simultaneous activities to derive a holistic security architecture. Must be pro-active, adaptable and results driven, whilst capable of interpreting and delivering on strategies and direction provided.
The position requires a team player who must be able to manage directly and through influence / matrix. Be able to work under pressure, manage multiple activities, using their own initiative and motivation to meet deadlines and set priorities without close supervision.
The role requires the ability to effectively articulate complex technical requirements and provide thought leadership to senior management. Drawing on a broad range of skills and experience; creating innovative insights, adapting methods and practices to fit team and cultural needs.
- Strong background in enterprise and / or security architecture frameworks such as Zachman/E2AF/TOGAF/SABSA and their operation, including domain based security models, secure development lifecycle and application security.
- Strong knowledge and experience developing and implementing security service architectures and their operation across partner eco-systems.
- Experience of establishing security architecture control models that inform each stage of the software development lifecycle process.
- Experience of designing and managing security controls within service providers and the cloud.
- Experience of developing Information Security Policy Architecture models and their application in complex environments.
- Strong communication, leadership and partnering skills.
- Able to demonstrate a high degree of credibility and influence senior stakeholders within the Organisation.
- Proven track record of successfully delivering business requirements to time and budget constraints.
- Able to operate as a highly independent worker and as part of a strong team/collaborative approach.
- Prior Critical National Infrastructure (CNI) and utility industry experience preferred.
- Educated to degree level (or equivalent combination of education and experience).
- Information Security Qualifications such as CISSP, CSSLP, CISM, SABSA Practitioner preferred.
- Security Qualifications such as SANs, CCNA, CCNP.
Experience & Capabilities
- The role currently will have direct reports
- The role requires leading strategic conversations with DR&S, National Grid and Partner leadership teams as well as providing governance, oversight and direction regarding Security Architecture.
- The role interprets business, IT and security strategies, influencing acceptable business risk postures, determining the required reference security architectures and services, and articulating the end state security architecture.
- Ownership of security architecture and related services taking responsibility for gaining acceptance and buy in form both internal and external stakeholders.
- Lead the alignment of business and IT, operating across organisational boundaries to drive common approaches, delivering sustainable, agile and reusable solutions
- The position will be responsible for building strategic relationships with National Grid, Partner and industry leadership, together with internal and external peers to develop a holistic security architecture across business and ICS environments focusing on high impact opportunities that leverage Technology, Architecture and Sector expertise.
- Act as the Security Design Authority for National Grid, leading and attending appropriate governance bodies to the effect.
- A proven track record of adding business value by aiding a business to develop and govern their security architecture or by providing security solutions in response to a particular business need
- International delivery experience would be advantageous
- To have recognized knowledge of security architecture across TOGAF architectural domains Business, Application, Data, Technology utilising the SABSA framework.
- Excellent senior stakeholder management and influencing skills covering all business lines and eco-system.
- Understanding of the cost and value drives of IS and business
- Experience of Secure Development Life Cycle (SDLC), its implementation and maintenance
- Some experience in modelling techniques (e.g. UML, OOAD, SSADM, Yourdon etc.) would be beneficial
- Utilities experience highly beneficial.
- Designing and monitoring security architectures
- Be highly motivated with good analytical skills, capable of strategic communication with a wide audience, including senior stakeholders and be a credible performer in senior management forums
- Experience of working in global teams with matrix reporting and deliverables.
- Excellent communication, both verbal and written English, allied to strong presentation and workshop facilitation skills including communicating technical solutions
- Demonstrate the application of National Grid values in all interactions with colleagues, partners vendors and stakeholders.
- Leading and working with teams across distributed geographical boundaries
- To be a lateral thinker, energetic, able to build bridges between different stakeholder communities, commercially astute and customer-facing
- A consultative approach and business requirement focused
- Provide mentoring and coaching for solution architects across the organisation and potentially manage a project based security delivery team as required.
Advert Close Date
Sunday 23rd December