Global Head of Strategic Service Design & Architecture
This job is no longer active.
View similar jobs.
POST DATE 9/9/2016
END DATE 11/29/2016
JOB DESCRIPTIONAPPLY JOB DESCRIPTION
GLOBAL HEAD OF STRATEGIC SERVICE DESIGN & ARCHITECTURE
JOB ID 20162743 DATE POSTED 09/08/2016 Description
ABOUT THE POSITION:
This role is UK/US based and reports directly to the CISO & Head of Digital Risk and Security. The role is accountable for the development of organization s cyber and information security strategy and architecture, ensuring that it is aligned with the overall business objectives. In addition, this person will drive the Cyber Security Program and ensure it is delivered to requirements within time and budget constraints, and aligned to the defined strategy.
The role is accountable for the organization, development and management of National Grid s business security architecture strategy, service design and capability delivery. It encompasses the following:
* Establishing and operating the business model to deliver a business wide cross functional capability and value realization of digital security services through reference architectures and consultancy;
* Coordinating, overseeing and directing the Enterprise Security Architecture, Service Security Architecture, Security Service Management & Cyber Security Program Management Office functions to deliver value realization in defending National Grid s ability to securely deliver energy to its customers;
* Delivering strategic design and program consultancy to ensure National Grid s digital security capability is always consistent with the potential internal and external threat;
* Maintain oversight of, and identify any weakness in, the business security architecture, clearly articulating potential business impacts to the business area concerned and gaining agreement as to mitigation strategies;
* Setting forward and gaining agreement to an evolving digital security & business security architecture that is adequately and appropriately funded and resourced;
* Ensuring the delivery of effective and efficient security consultancy to business units, programs and projects ;
* Developing and maintaining cyber / information security policies, standards, processes and procedures, that reflect the requirements of the current legal, regulatory and threat landscapes.
The role is a highly visible position, where the candidate must have a deep and varied expertise of information security practices. In particular, previous experience of security strategy and security policy development, knowledge of threat assessment methodologies and risk management frameworks will be essential.
This person must have strong communication, leadership and partnering skills and have the credibility to present a business case and influence senior stakeholders across the Organization. There is likely to be a requirement to travel between the various UK and US sites on occasion.
POSITION RESPONSIBILITIES (INCLUDING BUT NOT LIMITED TO):
* Consistently visualizing future state business security capability & services in light of current & future cyber threat landscape, the associated risk and mitigation strategies;
* Design, build and deliver a common perspective of security strategy, policies, architecture and services required for the secure operation of business strategies in relation to National Grid s threat landscape;
* Clearly articulate the argument for required change in security architecture & services, developing the strategy and roadmap for change, delivering the agreed people, process, technology improvements
* SECURITY STRATEGY Through interaction with the Digital Risk and Security team develop, and maintain on an ongoing basis, the high-level security strategy for the organization. The strategy will cover proposed activity and approach for the medium to long term and must be aligned with the overall business objectives. Develop the high level business case for implementation of the strategy and assist with the financial planning process to ensure that the strategy is appropriately funded.
* PROGRAM MANAGEMENT OFFICE Establish a governance structure and metrics to monitor and measure projects to deliver the Security Strategy and value realization.
* RESEARCH Contribute to conducting research on current trends, emerging technology and associated threats related to the information security industry. Ensure that any relevant areas are fed into the security strategy and risk framework as appropriate.
* PRIVACY, LEGAL AND INFORMATION PROTECTION Maintain an up to date knowledge of applicable legal, regulatory and industry requirements regarding the safeguarding of sensitive, personal or customer information. Liaise with the internal and external legal and data privacy teams to obtain guidance where appropriate. Ensure that any relevant requirements are reflected in the organization s security policies and standards.
* POLICY AND STANDARDS Ensure that all the organization s security policies and requirements are captured within a comprehensive suite of policy and standards documents. This documentation suite should cover the high level policy requirements down to the lower level implementation guidance and should be made available to all persons that are impacted by them. The policy and standards should be aligned to recognized industry good practice and standards.
This role has a significant impact on the security program development that affects all employees within the Organisation.
* This role has a significant impact on the operation of the gas and electricity networks in the UK and the
US and ensuring that they are secure and reliable. * No. of direct reports - Six
KNOWLEDGE & EXPERIENCE REQUIRED:
* Deep knowledge of Security architectures (business, data, application and technology), service design, operation measurement and reporting, likely to be gained in industry or from a consultancy background over a number of years.
* Experience of developing a business wide security strategy. In particular, an ability to incorporate the high level business objectives into practical short, medium and long term measures.
* Prior experience of security policy, standards, process and procedure development, in line with industry best practice and standards including SABSA and TOGAF frameworks, ISO27001, NERC-CIP, SOX and the Payment Card Industry Data Security Standard (PCI DSS).
* Deep understanding of risk and compliance frameworks.
* Able to demonstrate a high degree of credibility and influence senior stakeholders within the Organisation.
* Experience managing a team of security professionals.
* Proven track record of successfully delivering business requirements to time and budget constraints.
* Proven people management skills, with a track record of leading a team, managing performance and creating development plans.
* Able to operate as a highly independent worker and as part of a strong team/collaborative approach.
* Prior Critical National Infrastructure (CNI) and utility industry experience preferred.
* May represent company on industry or security standards bodies or focus groups as a topical expert.
* Respects others and values their diversity
* Take ownership for driving performance
* Leads and supports others in making the transition from current state to desired state
* Builds alignment that delivers outstanding team work
* Collaborates within and across the company
* Knows and leverages out strengths
* Demonstrates ongoing commitment to self development to drive high performance
* Understands the constraints and mechanisms to overcome in bringing about change in a matrix organisation
NATIONAL GRID IS AN EQUAL OPPORTUNITY EMPLOYER THAT VALUES A BROAD DIVERSITY OF TALENT, KNOWLEDGE, EXPERIENCE AND EXPERTISE. WE FOSTER A CULTURE OF INCLUSION THAT DRIVES EMPLOYEE ENGAGEMENT TO DELIVER SUPERIOR PERFORMANCE TO THE COMMUNITIES WE SERVE. NATIONAL GRID IS PROUD TO BE AN AFFIRMATIVE ACTION EMPLOYER,