Chief Information Security Officer - NGED
Role details
Job location
Tech stack
Job description
As Business Unit Chief Information Security Officer (BU CISO) for NG Electric Distribution (NGED), you'll be responsible for overseeing the development, implementation, and management of the organization's information security program, ensuring alignment to the Group Cyber Security strategy, policy, and share service capabilities.
You'll work closely with other business and IT executives to identify, evaluate, and mitigate information security risks to the organization, its assets, and its customers.
You'll also be responsible for ensuring compliance with applicable laws, regulations, and industry standards. Operating within a federated group security model, you'll balance local operational accountability with global security strategy, standards, and shared services.
You'll report directly to the Group CISO and act as the senior security leader for the National Grid Electricity Distribution business. The role will matrix to and act as an extended member of the NGED Chief Information and Digital Officer's leadership team., Own cyber security outcomes for NGED operations, including OT, SCADA, control systems, field assets, and supporting IT platforms
- . Ensure all NGED Programs have embedded Security representation and are 'Secure by Design'
- . Ensure cyber security enables safe, reliable, and continuous electricity supply, not just compliance
- . Lead preparedness for high-impact, low-frequency events (e.g., nation-state activity, systemic failures, prolonged outages)
- . In conjunction with Group Security, lead and manage within NGED the development and implementation of cyber security strategies, policies, procedures, and controls to protect company assets, intellectual property, and customer information
- . Establish and maintain a risk-based security posture aligned to NIST, CIS, NIS, CAF, IEC 62443 (where applicable)
- . Translate technical risk into clear, decision-grade insight for executives and boards
- . Conduct regular security assessments and audits to identify gaps and vulnerabilities, and develop and execute remediation plans
- . Act as the security authority for the distribution business within the group federated model
- . Implement and operate global security policies, standards, and shared services, adapting where operational risk requires
- . Influence group strategy through real-world operational insight
- . Escalate and challenge constructively to ensure controls adequately address critical infrastructure risk
- . Collaborate with business leaders and stakeholders to identify and mitigate cyber security risks and threats, ensuring compliance with regulatory requirements and industry standards
- . Lead local security teams embedded across IT, OT, engineering, and operations
- . Ensure effective delivery of security operations and monitoring, incident response and crisis management, vulnerability and patch management (IT & OT), identity, access, and privileged access controls
- . Personally support major cyber incidents and regulatory escalations, working with internal and external stakeholders
- . Provide guidance and oversight to security analysts, engineers, and other staff managing security incidents, vulnerabilities, and threats
- . Act as the senior security contact for regulators (e.g., Ofgem, NCSC), government bodies, critical suppliers, and industry partners as it pertains to NGED
- . Own security assurance activities including audits, assessments, and regulatory submissions
- . Lead localised incident response and recovery efforts and support global efforts in the event of a security breach or cyber attack, working with internal and external stakeholders to contain and mitigate impac
- t Develop security leaders who understand both technology and operational realit
- y Challenge unsafe behaviours and poor risk decisions-calmly, clearly, and with evidenc
- e Foster a culture of security awareness and responsibility among employees, contractors, and partners, providing training and education as neede
- d Manage security budgets and resources, and ensure that security projects are delivered on time, within budget, and to the required quality standards
- .
Requirements
Master's Degree in a relevant discipline, or an equivalent combination of education, training, and experience
- . Experience in strategic technology leadership, IT infrastructure, analytics, and outsourcing management
- . Excellent communication and interpersonal abilities, including articulating complex ideas and influencing in a matrix environment
- . Strong ability to guide IT financials and lead a diverse team with inclusive culture across geographical boundaries
- . Senior cyber security leadership experience in critical national infrastructure, utilities, energy, transport, or industrial environments
- . Proven experience securing OT and IT environments at scale
- . Deep understanding of operational risk, safety, and resilience
- . Experience operating within federated or matrixed organisations
- . Prior engagement with Ofgem, NCSC, or equivalent regulators
- .
Benefits & conditions
Competitive Salar
- y Bonus: 20% On Target with a max award of 40
- % Full Electric Company Ca
- r
Additional benefits: Flexible benefits such as a cycle scheme, share incentive plan, technology scheme
- s Generous pension scheme, double-matched up to 6% - for every £1 you contribute, the company adds £2Ongoing career development and support to help you cover the cost of professional membership subscriptions, course fees, books, examination fees and time off for study leave - so long as it is relevant to your rol
- e Access to apps such as digital GP service for round the clock access to GP video consultations and NHS repeat prescriptions, wellbeing app to support your health and fitnes
- s Access to Work + Family Space, providing support and resources for work and family life, including paid emergency childcare and eldercar
- e
