About the Role:
Grade Level (for internal use):
14
We are looking for a pro-active and forward-thinking Business Information Security Officer that is well versed in information security management principles and comes from a technical hands-on background and can manage multiple parallel projects. This is a leadership position within the S&P Enterprise Data Organization (EDO) focusing on establishing best practices and driving security practices within the business unit.
As the Business Information Security Officer, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization’s overall security objectives.
Responsibilities:
Design, implement, and maintain global security policies, standards, and procedures focused on protecting data across all environments, ensuring alignment with business and IT priorities.
Ensure the divisional security strategy aligns with broader organizational goals, particularly data privacy and protection regulations (e.g., GDPR, CCPA).
Own and manage all data-related security risks, performing risk assessments specific to data storage, processing, and transfer.
Identify, assess, and prioritize data security vulnerabilities, ensuring effective remediation plans are in place and executed.
Conduct periodic audits of data security controls to ensure compliance with internal policies and external regulations.
Ensure adherence to data protection laws and implement robust measures for data privacy, security, and retention.
Work closely with software development teams to ensure secure data handling throughout the software development lifecycle (SDLC), embedding security in data processing systems and applications.
Ensure that data security requirements are incorporated into all phases of technology systems, from design through deployment.
Lead investigations into data security breaches, ensuring proper reporting and communication with senior management during incidents.
Work with the Cyber Incident Response Team (CIRT) to address and mitigate cybersecurity incidents, ensuring appropriate remediation of data breaches.
Develop and deliver targeted security training programs for employees, contractors, and third parties on best practices for data protection.
Implement ongoing data security awareness initiatives, ensuring all stakeholders understand the importance of safeguarding organizational data.
Coordinate with third-party security vendors to conduct vulnerability assessments, penetration tests, and security audits focused on data protection.
Stay current on emerging data security trends, threats, and technologies, recommending updates to security measures as needed.
Establish and maintain a strong data security posture, continuously monitoring the effectiveness of controls and processes.
Represent EDO security to external stakeholders.
Regularly evaluate the organization’s data security safeguards, ensuring they provide robust protection against evolving threats and data-related risks.
Qualifications & Experience:
Bachelor’s degree in computer science, Information Systems, Engineering, or a related field (master’s preferred).
CISSP (Certified Information Systems Security Professional) is a MUST (non-expired).
OWASP Membership and CRISC (Certified in Risk and Information Systems Control) preferred.
8- 10+ years of experience in security-focused roles, particularly in technology-heavy industries (e.g., Software, Financial Services).
Prior experience as a software engineer or systems/network engineer.
Proven track record of securing cloud-based services, ensuring scalability, performance, and reliability.
Experience with PII (Personally Identifiable Information) and security compliance regulations.
Expertise in a wide range of security domains: access controls, network security, cloud security, PKI and cryptography, application security, security models, and incident management.
Experience in cloud computing architectures, common open-source technologies (e.g., Kafka, Spark, Hadoop), and web application development (e.g., Java, PHP, Python).
Strong understanding of NIST security controls frameworks, risk assessment, and risk management.
Experience in secure software design, security testing, and vulnerability remediation.
Familiarity with service control frameworks such as SOC 1 and 2.
Knowledge of threat modeling and risk management practices.
Solid experience in security engineering, system and network security, authentication, cryptographic protocols, and application security.
Strong ability to design secure architectures and review security in development processes.
Familiarity with common security testing tools, vulnerability scanners, and security code reviews.
Strong project management skills with experience leading cross-functional teams in large, complex security projects.
Demonstrated ability to mentor and lead security engineers and managers, fostering a culture of high morale and agility.
Experience with usage and Risk around use of AI in the enterprise a definite bonus
Compensation/Benefits Information: (This section is only applicable to US candidates)
S&P Global states that the anticipated base salary range for this position is $152,600 to $285,000. Final base salary for this role will be based on the individual’s geographic location, as well as experience level, skill set, training, licenses and certifications. In addition to base compensation, this role is eligible for an annual incentive plan. This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, please click here.
What’s In It For You?
Our Purpose:
Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world.
Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.
Our People:
We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.
From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference.
Our Values:
Integrity, Discovery, Partnership
At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals.
Benefits:
We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.
Our benefits include:
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries
Diversity, Equity, and Inclusion at S&P Global:
At S&P Global, we believe diversity fuels creative insights, equity unlocks opportunity, and inclusion drives growth and innovation – Powering Global Markets. Our commitment centers on our global workforce, ensuring that our people are empowered to bring their whole selves to work. It doesn’t stop there, we strive to better reflect and serve the communities in which we live and work, and advocate for greater opportunity for all.
-----------------------------------------------------------
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
-----------------------------------------------------------
102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group)
Job ID: 309972
Posted On: 2024-12-16
Location: New York, New York, United States