Chief Information Security Officer - NGED in England

At National Grid, our commitment to a cleaner, greener energy future is powered by the dedication and ingenuity of our people. Join our team as Chief Information Security Officer for our Electric Distribution Business Unit and be a part of something bigger-where your unique skills and passions can make a real difference. Together, we are superpowered.

This position can be based in Warwick, Plymouth, Bristol or London. This role is designated as hybrid, with an expectation of a few days per month in the office. Requirements may vary based on business needs and company policy.

As Business Unit Chief Information Security Officer (BU CISO) for NG Electric Distribution (NGED), you will be responsible for overseeing the development, implementation, and management of the organization’s information security program, ensuring alignment to the Group Cyber Security strategy, policy, and shared service capabilities.

You will work closely with other business and IT executives to identify, evaluate, and mitigate information security risks to the organization, its assets, and its customers. You will also be responsible for ensuring compliance with applicable laws, regulations, and industry standards. Operating within a federated group security model, you will balance local operational accountability with global security strategy, standards, and shared services.

You will report directly to the Group CISO and act as the senior security leader for the National Grid Electricity Distribution business. The role will matrix to and act as an extended member of the NGED Chief Information and Digital Officer’s leadership team.

What you’ll do:

• Own cyber security outcomes for NGED operations, including OT, SCADA, control systems, field assets, and supporting IT platforms.
• Ensure all NGED Programs have embedded Security representation and are ‘Secure by Design’.
• Ensure cyber security enables safe, reliable, and continuous electricity supply, not just compliance.
• Lead preparedness for high-impact, low-frequency events (e.g., nation-state activity, systemic failures, prolonged outages).
• In conjunction with Group Security, lead and manage within NGED the development and implementation of cyber security strategies, policies, procedures, and controls to protect company assets, intellectual property, and customer information.
• Establish and maintain a risk-based security posture aligned to NIST, CIS, NIS, CAF, IEC 62443 (where applicable).
• Translate technical risk into clear, decision-grade insight for executives and boards.
• Conduct regular security assessments and audits to identify gaps and vulnerabilities, and develop and execute remediation plans.
• Act as the security authority for the distribution business within the group federated model.
• Implement and operate global security policies, standards, and shared services, adapting where operational risk requires.
• Influence group strategy through real-world operational insight.
• Escalate and challenge constructively to ensure controls adequately address critical infrastructure risk.
• Collaborate with business leaders and stakeholders to identify and mitigate cyber security risks and threats, ensuring compliance with regulatory requirements and industry standards.
• Lead local security teams embedded across IT, OT, engineering, and operations.
• Ensure effective delivery of security operations and monitoring, incident response and crisis management, vulnerability and patch management (IT & OT), identity, access, and privileged access controls.
• Personally support major cyber incidents and regulatory escalations, working with internal and external stakeholders.
• Provide guidance and oversight to security analysts, engineers, and other staff managing security incidents, vulnerabilities, and threats.
• Act as the senior security contact for regulators (e.g., Ofgem, NCSC), government bodies, critical suppliers, and industry partners as it pertains to NGED.
• Own security assurance activities including audits, assessments, and regulatory submissions.
• Lead localised incident response and recovery efforts and support global efforts in the event of a security breach or cyber attack, working with internal and external stakeholders to contain and mitigate impact.
• Develop security leaders who understand both technology and operational reality.
• Challenge unsafe behaviours and poor risk decisions-calmly, clearly, and with evidence.
• Foster a culture of security awareness and responsibility among employees, contractors, and partners, providing training and education as needed.
• Manage security budgets and resources, and ensure that security projects are delivered on time, within budget, and to the required quality standards.

About you:

• Master's Degree in a relevant discipline, or an equivalent combination of education, training, and experience.
• Experience in strategic technology leadership, IT infrastructure, analytics, and outsourcing management.
• Excellent communication and interpersonal abilities, including articulating complex ideas and influencing in a matrix environment.
• Strong ability to guide IT financials and lead a diverse team with inclusive culture across geographical boundaries.
• Senior cyber security leadership experience in critical national infrastructure, utilities, energy, transport, or industrial environments.
• Proven experience securing OT and IT environments at scale.
• Deep understanding of operational risk, safety, and resilience.
• Experience operating within federated or matrixed organisations.
• Prior engagement with Ofgem, NCSC, or equivalent regulators.

What you’ll get:

• Competitive Salary
• Bonus: 20% On Target with a max award of 40%
• Full Electric Company Car

Additional benefits:

• Flexible benefits such as a cycle scheme, share incentive plan, technology schemes.
• Generous pension scheme, double-matched up to 6% - for every £1 you contribute, the company adds £2.
• Ongoing career development and support to help you cover the cost of professional membership subscriptions, course fees, books, examination fees and time off for study leave - so long as it is relevant to your role.
• Access to apps such as digital GP service for round the clock access to GP video consultations and NHS repeat prescriptions, wellbeing app to support your health and fitness.
• Access to Work + Family Space, providing support and resources for work and family life, including paid emergency childcare and eldercare.

The closing date for this vacancy is 20th February. However, we encourage candidates to submit their applications as early as possible and not to wait until the published closing date. National Grid’s recruitment periods can and may vary. We reserve the right to remove this advert or close it to further applications at any point during the recruitment process.

Please note that in most cases, National Grid is unable to offer sponsorship for employment under the UK points-based immigration system. As such, applicants must have the legal right to work in the UK without requiring sponsorship now or in the future under the UK points-based immigration system. However, in exceptional circumstances where there is a clear and demonstrable need for specialist skills that cannot be sourced from the local labour market, National Grid may consider offering sponsorship. All applications are welcome from candidates who meet these requirements, regardless of race, nationality, or ethnic origin.

National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.