About us
National Grid is hiring for a Senior Analyst, Program Risk Assurance for our Cyber Risk Assurance team in Waltham, MA.
Job Purpose
The Project & Program Risk Assurance Team provides Risk Assurance on technology enabled change programs and technology related regulatory requirements across the US and UK.
Coordinate with Subject Matter Experts to ensure projects are up to internal standards
Interface with IT/Operational Technology support teams, legal and other stakeholder individuals and teams as required.
Interface with projects and programmes from start-up to service transition and be able to provide advice on IT Control design and review evidence of compliance
Share best practice within wider Technology Risk 2LOD function
Key Accountabilities
Candidate will work with projects and programs to inform them of controls that are required to be built & implemented prior to go-live
Review evidence to ensure controls have been designed, implemented and tested
Based on controls validation, provide risk opinion prior to implementation
Must have deep understanding of Information Systems, Security techniques, Controls and Risk Management principles.
Must be able to work independently and establish strong working relations across various lines of the business.
Must be an effective communicator, with strong presentation skills, and be able to communicate to projects and programme risks related to Information Security and related controls.
Must be able to demonstrate working knowledge of UK/US regulations and possess a strong background in process development to enhance current processes.
Experience of either working in or providing assurance over technology enabled projects and programmes
Experience of project lifecycle including stage gates
Strong working knowledge of control frameworks (NIST CSF, NIST 800-53, COSO, CobIT, ISO, UCF)
Strong Interpersonal Skills (ability to bring people together to solve complex issues)
Understanding of Security and Risk Management, including those related to outsourcing
Understanding of SSAE 16, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles
Supervisory/Interpersonal- Experience Required
Good interpersonal skills required to work with internal/external stakeholders and liaising with audit personnel.
Qualifications
Bachelors degree
Preferred Certifications: CISA, CISSP, CISM, CRISC
Experience of IT controls and/or IT risk assurance
Experience at least two of the following, with all preferred: Information Technology, Operational Technology, Cyber Security, Power and Utilities / Electrical Engineering, Regulatory Compliance, Risk Management, Internal Controls Assurance / Quality Assurance , IT Sarbanes-Oxleyx
Experience of either working in or providing assurance over technology enabled projects and programs
Experience of project lifecycle including stage gates
Full end to end knowledge of software development lifecycles and projects including the various stage gates and what good looks like in requirements, build, test, data migration, cutover and go-live activities
Demonstrated knowledge of industry standards, regulations and methodologies, including NIST, COBIT, ITIL, SOx, NERC CIP, PCI, HIPAA, etc.
Experience of forming opinions over applicable controls based on available information and providing guidance on design of controls where required
Experience of providing risk- based opinion and providing reporting to the business based on reviewing evidence of controls
Must Have skills
Risk Management, Information Security and Regulatory Compliance, or Controls Assurance
Ability to generate succinct and impactful reporting that combines technical knowledge and business easy to understand - non- jargon' language
Proven ability to deliver BAU activities within tight timescales to high quality
Ability to manage and engage with multiple stakeholders at all levels, including Project Managers/Leadership, IT/OT support teams and other stakeholder individuals and terms as required
Strong interpersonal skills
Preferred Skills
Communications, Building relationship with Stakeholders, giving opinion based on the risk and control environment of any project/program
Strong team player and able to help improve current processes and procedures
Share knowledge and expertise within Tech Risk team and work with other teams such as Controls Assurance and Vendor Management
National Grid
40 Sylvan Rd
Waltham
Massachusetts United States
www.nationalgridus.com