Director, Data Security Architecture Director, Data Security Architecture …

S&P Global
in New York, NY
Permanent, Full time
Be the first to apply
S&P Global
in New York, NY
Permanent, Full time
Be the first to apply
Director, Data Security Architecture
Grade ( relevant for internal applicants only ): 12

The Team: The Security Architecture team is responsible for helping the business design and implement secure solutions in accordance to S&P Global policies and standards as well as assessing information security risk across a number of different areas. We are a truly global with members in North America, Europe, and Asia. Our goal is to ensure that security is done in a way that is pragmatic and helpful, we are not the team of "No" but of "How can we make this work".

The Impact: This role will be responsible for building out an effective Data Security program (including DLP) for S&P Global as well as improving the current data security posture. It is critical to helping S&P Global ensure that our data is used in a manner that is secure across all aspects of the business for the 21st century. The role will be shaping how S&P Global secures and uses all of its data.

What's in it for you:
  • Ability to build a data security program for a global organization from the ground up
  • Work with a diverse and highly experience team of individuals
  • One can have a real impact in a large organization that generally does not exist in an organization of this size
S&P Global states that the anticipated base salary range for this position is to $ 100,800-230,200. Base salary ranges may vary by geographic location.
In addition to base compensation, this role is eligible for an annual incentive plan.
This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, visit .

  • Partner, coach and collaborate with IT, engineering, development and business teams about data security.
  • Work closely with operational risk, compliance, legal and audit teams.
  • Research, validate and deploy solutions meeting security and business needs in order to ensure data security.
  • Formally develop standards, policies, procedures and processes for the identification, classification, handling, and governance of data.
  • Develop and evolve existing DLP programs to address new security threats while meeting business needs.
  • Possess a DevOps focus across technology and security architecture, automation, integration and distribution.
  • Drive security efficiencies, enabling security team members to work on more advanced tasks.
Basic Qualifications:
  • At least 5 to 8+ years' experience in cybersecurity, including compliance and risk management with a background in data or information handling.
  • A proven deep background (preferred 5+ years in addition to cybersecurity) in technology design, implementation and delivery.
  • Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.
  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls.
  • Excellence in communicating business risk from cybersecurity issues.
  • Experience driving measurable improvement in monitoring and response capabilities at scale.
  • Experience architecting security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.
  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Preferred Qualifications:
  • Experience with Amazon Web Services (AWS) or Microsoft Azure.
  • Proficient with scripting in Python, JavaScript, or PowerShell.
  • DevOps background with experience in compliance obligations.
  • Experience with one or more of the following: ISO 27001, NIST, Sarbanes-Oxley Act (SOX), the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards, or Service Organization Controls (SOC) 2.
  • Working knowledge of Windows, Linux and Unix.
  • Familiarity with federal, state and international privacy laws
  • CISSP; CISM and/or SANS certification a plus
S&P Global Corporate

At S&P Global, we don't give you intelligence-we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person.

The EEO is the Law Poster describes discrimination protections under federal law.

20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group)

Job ID: 261191
Posted On: 2021-05-11
Location: New York, New York, United States
S&P Global logo
More Jobs Like This
See more jobs