• Find preferred job with Jobstinger
  • ID
    #23813267
  • Salary
    $125,000 - $165,000 a year
  • Source
    S&P Global
  • Date
    2021-11-22
  • Deadline
    2022-01-21
 
Full-time

Vacancy expired!

Sr. Lead, Application Security

The Team:

Part of the Ratings Technology group and reporting to the Business Information Security Officer (BISO) who is responsible for driving security strategy across the Ratings division. The team instills values of enablement, accountability, and shared responsibility throughout the division. The division is global, with members in the USA, Singapore, Europe, and India.

The Impact:

The Senior Lead, Application Security will be a lead resource building and expanding our security champions program across the Ratings Technology group. This individual will work with the software development, cloud architecture, and operations teams to build a security-first culture. Additionally, this role will coordinate with security champions leaders in other divisions and the corporate Information Security team build a community of champions that share information and work collaboratively on common application security challenges.

Compensation/Benefits Information:

S&P Global states that the anticipated base salary range for this position is $125,000 - $165,000. Base salary ranges may vary by geographic location.

This role is eligible to receive S&P Global benefits.

For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires .

What’s in it for you:

The role engages with a broad range of technologists and business professionals allowing you to develop a experience with emerging cloud-native technology and credit ratings business flows

As your technology and organizational experience grows, there is an opportunity to grow your role by working broadly in collaboration with other divisional teams to help increase the overall security maturity of the firm.

This role will provide the ability to demonstrate leadership in both the security and developer communities as you’ll be helping shape the security champions program from the ground up.

Responsibilities: Part of the BISO organization which is responsible for directing the division security strategy and building a security-minded culture. The position will be responsible for developing, implementing, and expanding a security champions program that embeds security-minded engineers within the software development, architecture, and operational teams.

Build an Application Security champions program by working with the scrum teams to define an effective strategy for engaging software developers interested in serving as Application security subject matter experts

Share expertise of tools and best practices that empower Developers to frictionlessly meet requirements for security across all phases of the DevSecOps cycle

Drive behavioral change and inspire a security culture through advocacy and awareness compaigns targeting the engineering teams

Identify and collaborate with security champions to broaden the security reach within the scrum teams.

Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computer-based training) to reach a diverse audience of resources

Assist in aligning the security champions program with the division’s greatest risks and regulatory compliance requirements

Assist the BISO with continuous refinement and implementation of the division’s cyber security strategy by providing feedback gathered from the engineering teams via the security champions

Produce periodic, high-quality reports illustrating program status, areas for improvement and success attributes aligning to the business

Remain current with new security threats and DevSecOps best practices

Demonstrate security expertise both within the firm and in the industry at large

Perform other duties as assigned

What We’re Looking For:

Skills and Experience

Demonstrated skill in application security and/or software development with a focus on secure design and coding practices

Exhibit detailed understanding of security threats especially within a cloud-native environment

Proven capability to advocate for security best practices in terms of business value and enablement

Established experience successfully leading large-scale projects across global functions

Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure

Strong project management and personal organizational skills

Ability to work in a constantly changing environment under tight deadlines

Ability to work independently

Excellent interpersonal skills

Basic Qualifications:

3-5 years experience in application security and/or software development roles

1-3 years in a leadership position (team lead, manager, etc.)

Strong Communication skills

Preferred Qualifications:

Experience working in a highly regulated business environment

Experience with Amazon Web Services (AWS) or Microsoft Azure.

Experience conducting application security assessments, threat modeling, or secure code reviews

Working knowledge of OWASP Top 10, OWASP SAMM, or BSIMM

Working knowledge of Windows, Linux, and Unix

Working knowledge of CI/CD tools and cloud-native development practices

Highly trustworthy; leads by example

CISM, CSSLP, Security+ or other industry certification a plus

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.

20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group), SWP Priority – Ratings - (Strategic Workforce Planning)

Job ID: 265528

Posted On: 2021-11-22

Location: Virtual, New York, United States

Vacancy expired!

Report job