Job Description

We are looking for a pro-active and forward thinking Director of Information Security that is well versed in information security management principles and comes from a technical hands on background and can manage multiple parallel projects. This is a leadership position within the S&P Commodity Insights business unit focusing on establishing best practices and driving security practices within the business unit. The Director will work across the Commodity Insights technology business unit and become intimately familiar with access controls, certificate management, infrastructure hardening, SDLC, security monitoring and all security practices. This position will also interface with the S&P Global\'s corporate information security group. The Director will help to formulate, define, and implement security procedures that are necessary to ensure the safety of information system assets, protecting them from intentional or inadvertent access or destruction. Will interface with peers in the Information Technology Department and business unit managers to understand their privacy and security needs and will implement procedures and solutions to accommodate those requirements consistent with industry standards, statutory guidelines and regulations. Performs any functions, within scope of authority and expertise, to provide the highest level of service and responsiveness to customers and co-workers. Responsibilities: Develop and implement global security policies, standards and procedures with an emphases on SDLC, application security and network/server risk management Own all security risk items and remediation Work with software development team and provide detailed instructions on which security vulnerabilities needs to be mitigated Conduct periodic security audits to monitor compliance with objectives Recommend security improvements by assessing currents needs, evaluating trends and anticipating future requirements Investigate security breaches and insure compliance with applicable reporting directives. Provide on-going communication with senior management during the investigation Coordinate information security training for employees and other third parties as required Develop and conduct security awareness programs for all users Coordinate information technology risk assessments and issue report of findings including recommendations for corrective actions Coordinate with third party security vendors the design and execution of vulnerability assessments, penetration tests and security audits Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks or threats Qualifications: Experience with security management, access controls, auditing and monitoring, network security, cloud security, application security, PKI and cryptography, security models, BCP, DR and incident management CISSP is a MUST no exception (non-expired) Prior experience as a software engineer or systems/network engineer OWASP Membership is preferred Prior experience working for a software company Prior experience with PII Bachelor\'s degree, preferably in Computer Sciences or Technology Preferably at least 8+ years of security experience At S&P Global Platts, we provide the insights you make better informed trading and business decisions with confidence. We\'re the leading independent provider of information and benchmark prices for the commodities and energy markets. Customers in over 150 countries look to our expertise in news, pricing and analytics to deliver greater transparency and efficiency to markets. S&P Global Platts coverage includes oil and gas, power, petrochemicals, metals, agriculture and shipping. S&P Global Platts is a division of S&P Global (NYSE: SPGI), which provides essential intelligence for individuals, companies and governments to make decisions with confidence. For more information, visit . S&P Global has a Securities Disclosure and Trading Policy (\'the Policy\') that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policy\'s requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster describes discrimination protections under federal law. 103 - Middle Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH103.2 - Middle Management Tier II (EEO Job Group)

foundit