Director, Data Security Architecture
( relevant for internal applicants only ): 12 The Team:
The Security Architecture team is responsible for helping the business design and implement secure solutions in accordance to S&P Global policies and standards as well as assessing information security risk across a number of different areas. We are a truly global with members in North America, Europe, and Asia. Our goal is to ensure that security is done in a way that is pragmatic and helpful, we are not the team of "No" but of "How can we make this work". The Impact:
This role will be responsible for building out an effective Data Security program (including DLP) for S&P Global as well as improving the current data security posture. It is critical to helping S&P Global ensure that our data is used in a manner that is secure across all aspects of the business for the 21st century. The role will be shaping how S&P Global secures and uses all of its data. What's in it for you:
- Ability to build a data security program for a global organization from the ground up
- Work with a diverse and highly experience team of individuals
- One can have a real impact in a large organization that generally does not exist in an organization of this size
S&P Global states that the anticipated base salary range for this position is to $ 100,800-230,200. Base salary ranges may vary by geographic location.
In addition to base compensation, this role is eligible for an annual incentive plan.
This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires . Responsibilities:
- Partner, coach and collaborate with IT, engineering, development and business teams about data security.
- Work closely with operational risk, compliance, legal and audit teams.
- Research, validate and deploy solutions meeting security and business needs in order to ensure data security.
- Formally develop standards, policies, procedures and processes for the identification, classification, handling, and governance of data.
- Develop and evolve existing DLP programs to address new security threats while meeting business needs.
- Possess a DevOps focus across technology and security architecture, automation, integration and distribution.
- Drive security efficiencies, enabling security team members to work on more advanced tasks.
- At least 5 to 8+ years' experience in cybersecurity, including compliance and risk management with a background in data or information handling.
- A proven deep background (preferred 5+ years in addition to cybersecurity) in technology design, implementation and delivery.
- Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.
- Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls.
- Excellence in communicating business risk from cybersecurity issues.
- Experience driving measurable improvement in monitoring and response capabilities at scale.
- Experience architecting security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
S&P Global Corporate
- Experience with Amazon Web Services (AWS) or Microsoft Azure.
- DevOps background with experience in compliance obligations.
- Experience with one or more of the following: ISO 27001, NIST, Sarbanes-Oxley Act (SOX), the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards, or Service Organization Controls (SOC) 2.
- Working knowledge of Windows, Linux and Unix.
- Familiarity with federal, state and international privacy laws
- CISSP; CISM and/or SANS certification a plus
At S&P Global, we don't give you intelligence-we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit www.spglobal.com
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com
and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID:
261191 Posted On:
New York, New York, United States