Senior Lead, Application Security
Sr. Lead, Application Security The Team:
Part of the Ratings Technology group and reporting to the Business Information Security Officer (BISO) who is responsible for driving security strategy across the Ratings division. The team instills values of enablement, accountability, and shared responsibility throughout the division. The division is global, with members in the USA, Singapore, Europe, and India. The Impact:
The Senior Lead, Application Security will be a lead resource building and expanding our security champions program across the Ratings Technology group. This individual will work with the software development, cloud architecture, and operations teams to build a security-first culture. Additionally, this role will coordinate with security champions leaders in other divisions and the corporate Information Security team build a community of champions that share information and work collaboratively on common application security challenges. Compensation/Benefits Information:
S&P Global states that the anticipated base salary range for this position is $125,000 - $165,000. Base salary ranges may vary by geographic location.
This role is eligible to receive S&P Global benefits.
For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires . What's in it for you:
What We're Looking For:
- The role engages with a broad range of technologists and business professionals allowing you to develop a experience with emerging cloud-native technology and credit ratings business flows
- As your technology and organizational experience grows, there is an opportunity to grow your role by working broadly in collaboration with other divisional teams to help increase the overall security maturity of the firm.
- This role will provide the ability to demonstrate leadership in both the security and developer communities as you'll be helping shape the security champions program from the ground up.
Responsibilities: Part of the BISO organization which is responsible for directing the division security strategy and building a security-minded culture. The position will be responsible for developing, implementing, and expanding a security champions program that embeds security-minded engineers within the software development, architecture, and operational teams.
- Build an Application Security champions program by working with the scrum teams to define an effective strategy for engaging software developers interested in serving as Application security subject matter experts
- Share expertise of tools and best practices that empower Developers to frictionlessly meet requirements for security across all phases of the DevSecOps cycle
- Drive behavioral change and inspire a security culture through advocacy and awareness compaigns targeting the engineering teams
- Identify and collaborate with security champions to broaden the security reach within the scrum teams.
- Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computer-based training) to reach a diverse audience of resources
- Assist in aligning the security champions program with the division's greatest risks and regulatory compliance requirements
- Assist the BISO with continuous refinement and implementation of the division's cyber security strategy by providing feedback gathered from the engineering teams via the security champions
- Produce periodic, high-quality reports illustrating program status, areas for improvement and success attributes aligning to the business
- Remain current with new security threats and DevSecOps best practices
- Demonstrate security expertise both within the firm and in the industry at large
- Perform other duties as assigned
Skills and Experience
- Demonstrated skill in application security and/or software development with a focus on secure design and coding practices
- Exhibit detailed understanding of security threats especially within a cloud-native environment
Proven capability to advocate for security best practices in terms of business value and enablement
- Established experience successfully leading large-scale projects across global functions
Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure
- Strong project management and personal organizational skills
- Ability to work in a constantly changing environment under tight deadlines
- Ability to work independently
- Excellent interpersonal skills
- 3-5 years experience in application security and/or software development roles
- 1-3 years in a leadership position (team lead, manager, etc.)
- Strong Communication skills
- Experience working in a highly regulated business environment
- Experience with Amazon Web Services (AWS) or Microsoft Azure.
- Experience conducting application security assessments, threat modeling, or secure code reviews
- Working knowledge of OWASP Top 10, OWASP SAMM, or BSIMM
- Working knowledge of Windows, Linux, and Unix
- Working knowledge of CI/CD tools and cloud-native development practices
- Highly trustworthy; leads by example
- CISM, CSSLP, Security+ or other industry certification a plus
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com
and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group), SWP Priority - Ratings - (Strategic Workforce Planning) Job ID:
265528 Posted On:
Virtual, New York, United States