Chief Information Security Officer - NGED

About us

At National Grid, our commitment to a cleaner, greener energy future is powered by the dedication and ingenuity of our people. Join our team as Chief Information Security Officer for our Electric Distribution Business Unit and be a part of something bigger-where your unique skills and passions can make a real difference. Together, we are superpowered.

National Grid is hiring a Chief Information Security Officer - NGED on a permanent basis. This position can be based in Warwick, Plymouth, Bristol or London. This role is designated as hybrid, with an expectation of a few days per month in the office. Requirements may vary based on business needs and company policy.

As Business Unit Chief Information Security Officer (BU CISO) for NG Electric Distribution (NGED), you ll be responsible for overseeing the development, implementation, and management of the organization s information security program, ensuring alignment to the Group Cyber Security strategy, policy, and share service capabilities.

You ll work closely with other business and IT executives to identify, evaluate, and mitigate information security risks to the organization, its assets, and its customers.

You ll also be responsible for ensuring compliance with applicable laws, regulations, and industry standards. Operating within a federated group security model, you ll balance local operational accountability with global security strategy, standards, and shared services.

You ll report directly to the Group CISO and act as the senior security leader for the National Grid Electricity Distribution business. The role will matrix to and act as an extended member of the NGED Chief Information and Digital Officer s leadership team.

• Own cyber security outcomes for NGED operations, including OT, SCADA, control systems, field assets, and supporting IT platforms.
• Ensure all NGED Programs have embedded Security representation and are Secure by Design.
• Ensure cyber security enables safe, reliable, and continuous electricity supply, not just compliance.
• Lead preparedness for high-impact, low-frequency events (e.g., nation-state activity, systemic failures, prolonged outages).
• In conjunction with Group Security, lead and manage within NGED the development and implementation of cyber security strategies, policies, procedures, and controls to protect company assets, intellectual property, and customer information.
• Establish and maintain a risk-based security posture aligned to NIST, CIS, NIS, CAF, IEC 62443 (where applicable).
• Translate technical risk into clear, decision-grade insight for executives and boards.
• Conduct regular security assessments and audits to identify gaps and vulnerabilities, and develop and execute remediation plans.
• Act as the security authority for the distribution business within the group federated model.
• Implement and operate global security policies, standards, and shared services, adapting where operational risk requires.
• Influence group strategy through real-world operational insight.
• Escalate and challenge constructively to ensure controls adequately address critical infrastructure risk.
• Collaborate with business leaders and stakeholders to identify and mitigate cyber security risks and threats, ensuring compliance with regulatory requirements and industry standards.
• Lead local security teams embedded across IT, OT, engineering, and operations.
• Ensure effective delivery of security operations and monitoring, incident response and crisis management, vulnerability and patch management (IT & OT), identity, access, and privileged access controls.
• Personally support major cyber incidents and regulatory escalations, working with internal and external stakeholders.
• Provide guidance and oversight to security analysts, engineers, and other staff managing security incidents, vulnerabilities, and threats.
• Act as the senior security contact for regulators (e.g., Ofgem, NCSC), government bodies, critical suppliers, and industry partners as it pertains to NGED.
• Own security assurance activities including audits, assessments, and regulatory submissions.
• Lead localised incident response and recovery efforts and support global efforts in the event of a security breach or cyber attack, working with internal and external stakeholders to contain and mitigate impact
• Develop security leaders who understand both technology and operational reality
• Challenge unsafe behaviours and poor risk decisions-calmly, clearly, and with evidence
• Foster a culture of security awareness and responsibility among employees, contractors, and partners, providing training and education as needed
• Manage security budgets and resources, and ensure that security projects are delivered on time, within budget, and to the required quality standards.

• Master s Degree in a relevant discipline, or an equivalent combination of education, training, and experience.
• Experience in strategic technology leadership, IT infrastructure, analytics, and outsourcing management.
• Excellent…