Cyber Risk Assessment Engineer

About us

At National Grid, we keep people connected and society moving. But it’s so much more than that. National Grid supplies us with the environment to make it happen. As we generate momentum in the energy transition for all, we don’t plan on leaving any of our customers in the dark.

National Grid is hiring for a Cyber Risk Assessment Engineer     - This position can be based from any of our main UK locations such as Warwick, Bristol, Derby, Leeds, Newcastle and West Weymouth. Hybrid/Flexible Working model.

Job Purpose

This role takes a lead in cyber asset management for Electricity Transmission (ET), ensuring cybersecurity risks are fully understood, assessed and effectively managed across our operational technology (OT) environments.

By contextualising how cyber threats and vulnerabilities manifest within ET’s substations and control systems, you’ll translate cyber risk into robust asset management policies and investment priorities. You’ll provide expert input to ensure emerging threats are anticipated, mitigation strategies are effective, and asset decisions support both regulatory compliance and long‑term network resilience. Working closely with engineering, projects and design teams, you’ll play a key role in strengthening ET’s cyber maturity and protecting the transmission network.

What you'll do

• Lead the development of ET’s vulnerability management processes for OT devices
• Capture, assess and manage cybersecurity vulnerabilities and deviations from target state using an agreed risk framework
• Develop cybersecurity policies and technical specifications that reduce risk, improve organisational cyber maturity and support compliance with NIS regulations
• Engage with project and design teams to ensure cybersecurity requirements for OT devices are understood and built into solutions
• Communicate current cybersecurity risks and vulnerabilities clearly through appropriate reporting and stakeholder engagement
• Support the development of engineering justifications and business cases for investment in additional cybersecurity controls
• Provide subject matter expertise on emerging cyber threats and ensure effective mitigations are implemented across the ET estate

About you

You’re an analytical and forward‑thinking professional with strong technical understanding of OT environments and how cybersecurity risks impact operational electricity networks. You’re confident influencing technical audiences, comfortable challenging established approaches, and motivated to help the business mature its cyber and asset management capability.

You’ll bring:

• Experience introducing changes to technical specifications, standards or policies
• The ability to clearly communicate complex and sensitive cyber risks verbally and in writing
• A proactive mindset, comfortable breaking new ground and supporting changes to how decisions are made
• Strong understanding of OT assets and systems used in Electricity Transmission substations, particularly protection and control systems
• Experience applying structured risk assessment processes and frameworks
• Knowledge of operational practices used to manage and support OT assets
• A detailed understanding of how cybersecurity risks manifest across networks, devices and systems
• Sound understanding of asset management principles, including lifecycle management, risk‑based decision making and asset data
• Familiarity with international cybersecurity standards such as IEC 62443 and IEC 62351

This role offers the opportunity to shape how cyber risk is embedded into asset management decisions and play a critical part in protecting the resilience and security of the Electricity Transmission network.

What you'll get

• Salary: £55,000–£68,000 per annum (dependent on experience).
• Discretionary annual bonus.
• Contributory pension — employer matches employee contributions up to 12% of salary.
• Flexible benefits including share incentive, salary‑sacrifice car and technology schemes, employee assistance and matched charity giving.

More Information

The closing date for this vacancy is 14th May. However, we encourage candidates to submit their applications as early as possible and not to wait until the published closing date. National Grid’s recruitment periods can and may vary. We reserve the right to remove this advert or close it to further applications at any point during the recruitment process.

DE & I statement:

At National Grid, we work towards the highest standards in everything we do, including how we support, value, and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation and welcome and encourage applicants with diverse experiences and backgrounds, offering flexible and tailored support, at home and in the office.

Our goal is to drive, develop, and operate our business in a way that results in a more inclusive culture. All employment is decided on the basis of qualifications, the innovation from diverse teams & perspectives, and business need. We are committed to building a workforce that can represent the communities we serve and have a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.

Please note that in most cases, National Grid is unable to offer sponsorship for employment under the UK points-based immigration system. As such, applicants must have the legal right to work in the UK without requiring sponsorship now or in the future under the UK points-based immigration system. However, in exceptional circumstances where there is a clear and demonstrable need for specialist skills that cannot be sourced from the local labour market, National Grid may consider offering sponsorship. All applications are welcome from candidates who meet these requirements, regardless of race, nationality, or ethnic origin.

#LI-AZ1 #LI-HYBRID