US Cyber Security Incident Response Manager
Northborough - Massachusetts (MA),
NATIONAL GRID CO USA (NE POWER)
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.
The US Cyber Security Incident Response Manager will provide leadership and management of a cross-functional team at a Tactical Level for Cyber Security Incident Response, Threat hunting and resilience activities, ensuring cyber security attacks are detected and responded to effectively, and ensuring the lowest impact possible to National Grid Operations.
The CSIRT Manager is responsible for planning, directing and control of the functions and operations of the 24/7 Cyber Security Operations Center (CSOC) in the US in association with her/his UK equivalent
The role will serve as the subject matter expert and primary escalation point in the area of US Cyber Security Incident Response, fulfilling a key role in delivering a cyber-resilience strategy for National Grid. The post holder will lead and have accountability for the management of the triage, containment, root cause analysis, tactical mitigation, operational residual risk assessment together with stakeholder reporting of time critical security incidents throughout the response and problem management lifecycles.
The role will also identify and define systemic underlying causes of impacting events and make recommendations for corrective actions and track their implementation.
Ensure flawless implementation of the incident resolution process, with transparent communication that drives very high levels of internal/external customer satisfaction
Manages resources assigned to the incident and ensures the incident is receiving the proper support to drive resolution as quickly as possible.
Escalating, prioritizing, communicating, and coordinating high severity incidents ensuring adherence to the company’s incident response process.
Represents Security as the initial single on-point contact for any confirmed or potential high severity incidents and ensures interested parties and executives are alerted via an internal executive communication.
Ensure all agreed to operational policies and procedures are adhered to and championing the incident response process.
Driving the incident response process from detection through containment and eradication.
Lead the coordination with internal stakeholders through resolution of the incident. Closely partnering and collaborating with Infrastructure, Engineering, Major Incident Management, Technical Support, Customer to ensure alignment across the business.
Leading cross-functional post-incident process reviews to ensure continuous improvement of operations and execution.
Contribute to the improvement of the incident response process based on lessons learned.
Direct the functions, processes, and operations of the SOC and ensures policies, procedures, and objectives align with industry best practices.
Monitor key performance indicators, determine gaps in performance metrics, and recommend/execute change management techniques for efficiency/quality improvements
Analyse applications functionality and new technologies to optimize effective/efficient incident review by staff and minimize client risk
Conduct scheduled and ad hoc training exercises to ensure staff are current with the
Prior experience in a fast paced operational environment
Professional demeanor even in high stress situations
Ability to manage time and professional interactions well
Ability to deliver quality work products with aggressive deadlines while balancing multiple priorities
- Customer Focus
- Performance Excellence (Process Excellence)
- Regulatory Understanding
- Creates the Future
- Consistently delivers great performance
- Builds Relationships
- Develops self and Others
- 5+ years experience in the Information Security field, including operational security monitoring or incident response experience.
- 3+ years managing, coordinating, and ensuring resolution of security issues.
- Deep experience leading and responding to complex critical incidents security, availability, or customer experience incidents).
- Broad information security knowledge, including some familiarity with key regulations and standards relating to security incident response.
- Ability to manage and constantly triage multiple security incidents, differentiating urgent issues from the merely important.
- Ability to stand back from a complex problem, logically assess the facts, and formulate a plan of action - even in the worst of situations.
- Strong technical understanding of network fundamentals and common Internet protocols.
- Strong technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).
- 12 Security Operations and Incident Response Staff
- Major Incident Management
- Legal Functions
- I&O (Global IT)
- NCSC Incident Management
- Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.
- Excellent customer relations skills with experience working with teams across multiple time zones.
- Strong teamwork skills with the ability to build and grow relationships with incident response stakeholders.
- Executes with a high level of operational urgency
- Flexibility, integrity and creative problem-solving skills are a pre-requisite to be successful in this role.
- Experience performing analysis utilizing SIEM technologies
- Experience performing analysis utilizing IDS/AV consoles
- Strong understanding of networking and associated protocols
Relevant information security certifications, such as CISSP, SANS GCIA, SANS GCIH, SANS, SANS GCFA, SANS GNFA.
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.