Vacancy expired!
Sr. Lead, Application Security
The Team:
Part of the Ratings Technology group and reporting to the Business Information Security Officer (BISO) who is responsible for driving security strategy across the Ratings division. The team instills values of enablement, accountability, and shared responsibility throughout the division. The division is global, with members in the USA, Singapore, Europe, and India.
The Impact:
The Senior Lead, Application Security will be a lead resource building and expanding our security champions program across the Ratings Technology group. This individual will work with the software development, cloud architecture, and operations teams to build a security-first culture. Additionally, this role will coordinate with security champions leaders in other divisions and the corporate Information Security team build a community of champions that share information and work collaboratively on common application security challenges.
Compensation/Benefits Information:
S&P Global states that the anticipated base salary range for this position is $125,000 - $165,000. Base salary ranges may vary by geographic location.
This role is eligible to receive S&P Global benefits.
For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires .
What’s in it for you:
The role engages with a broad range of technologists and business professionals allowing you to develop a experience with emerging cloud-native technology and credit ratings business flows
As your technology and organizational experience grows, there is an opportunity to grow your role by working broadly in collaboration with other divisional teams to help increase the overall security maturity of the firm.
This role will provide the ability to demonstrate leadership in both the security and developer communities as you’ll be helping shape the security champions program from the ground up.
Responsibilities: Part of the BISO organization which is responsible for directing the division security strategy and building a security-minded culture. The position will be responsible for developing, implementing, and expanding a security champions program that embeds security-minded engineers within the software development, architecture, and operational teams.
Build an Application Security champions program by working with the scrum teams to define an effective strategy for engaging software developers interested in serving as Application security subject matter experts
Share expertise of tools and best practices that empower Developers to frictionlessly meet requirements for security across all phases of the DevSecOps cycle
Drive behavioral change and inspire a security culture through advocacy and awareness compaigns targeting the engineering teams
Identify and collaborate with security champions to broaden the security reach within the scrum teams.
Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computer-based training) to reach a diverse audience of resources
Assist in aligning the security champions program with the division’s greatest risks and regulatory compliance requirements
Assist the BISO with continuous refinement and implementation of the division’s cyber security strategy by providing feedback gathered from the engineering teams via the security champions
Produce periodic, high-quality reports illustrating program status, areas for improvement and success attributes aligning to the business
Remain current with new security threats and DevSecOps best practices
Demonstrate security expertise both within the firm and in the industry at large
Perform other duties as assigned
What We’re Looking For:
Skills and Experience
Demonstrated skill in application security and/or software development with a focus on secure design and coding practices
Exhibit detailed understanding of security threats especially within a cloud-native environment
Proven capability to advocate for security best practices in terms of business value and enablement
Established experience successfully leading large-scale projects across global functions
Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure
Strong project management and personal organizational skills
Ability to work in a constantly changing environment under tight deadlines
Ability to work independently
Excellent interpersonal skills
Basic Qualifications:
3-5 years experience in application security and/or software development roles
1-3 years in a leadership position (team lead, manager, etc.)
Strong Communication skills
Preferred Qualifications:
Experience working in a highly regulated business environment
Experience with Amazon Web Services (AWS) or Microsoft Azure.
Experience conducting application security assessments, threat modeling, or secure code reviews
Working knowledge of OWASP Top 10, OWASP SAMM, or BSIMM
Working knowledge of Windows, Linux, and Unix
Working knowledge of CI/CD tools and cloud-native development practices
Highly trustworthy; leads by example
CISM, CSSLP, Security+ or other industry certification a plus
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group), SWP Priority – Ratings - (Strategic Workforce Planning)
Job ID: 265528
Posted On: 2021-11-22
Location: Virtual, New York, United States
