The Head of Divisional Security & Deputy CISO position requires a working knowledge of information security technologies and experience in a large organization. The Head of Divisional Security & Deputy CISO will proactively work with the CISO and business units to help implement practices that meet defined policies and standards for information security. Additionally, will be responsible for overseeing the Application Security function to ensure that security tools and standards are integrated into the development lifecycle. Managing the Business Unit Information Security program to build and execute Divisional cyber strategy, training, processes, and fundamentals to increase and mature the cyber risk posture. Supporting the business to ensure that Information security risks are understood as part of any Merger and Acquisition activity.
The Head of Divisional Security & Deputy CISO will be expected to understand and help resolve assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information. Understanding the acceptable levels of information security risk in the organization will be key.
The Head of Divisional Security & Deputy CISO must be knowledgeable about the broader business environment and help ensure that information systems are maintained in a fully functional, secure mode.
Specific Responsibilities Include:
Monitor and make recommendations to improve the enterprise information security risk management program, facilitating information security governance topics and status
Help achieve business goals by prioritizing data, application/product security and coordinating the evaluation, and deployment of current and future security technologies.
Monitor and make recommendations to improve a strategic, comprehensive enterprise wide cyber and information security program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
Help with the enforcement of security policies and procedures based on industry-standard best practices.
Build strong relationships with stakeholders across the enterprise in order to enhance appropriate security controls to protect the enterprise and product, making sure data security remains a top priority.
Help assess and deploy emerging technologies that enable the firm to better manage and monitor the security posture.
Partner closely with business stakeholders, especially technology and risk, to ensure that all applications and platforms are developed with security in mind and that appropriate security controls have been implemented.
Support S&P Global's move to the cloud by advising and monitoring security controls to support its advancement.
Work cross functionally to evaluate and prepare the security function for current and future acquisitions, mergers, and new business ventures.
Work to help integrate security functions with IHS Markit if the merger is approved.
Building and implementing strategy, working with external stakeholders, including customers, vendors and regulators regarding assurance and diligence reviews.
Work closely with Digital Technology Services and other technology teams in the divisions to help secure information, computer, network, and processing systems.
Lead a small team of InfoSec professionals
Coach and mentor the more junior teams to ensure their continued success.
Qualifications & Experience:
10+ years' experience within the information security domain.
Clear understanding of the evolving needs within the cybersecurity function and strong relationships with the vendor and security community.
Effective and comfortable working with various stakeholders without full accountability or reporting.
Experience integrating mergers and acquisitions preferred.
Highly technical, confident at the operational management level.
Experience with highly sensitive data and maintaining its security as a top priority; understanding big data and technology at scale.
Understanding of public and private cloud, security tools to monitor and support cloud adoption, and the latest tools and methodologies as it relates to cloud migration.
Strong quantitative and analytical abilities.
Excellent written and verbal communication skills.
Strong leader, team player, contributor, and collaborator.
Comfortable dealing with ambiguity and conflicting priorities.
Self-motivated and self-directed.
Prior experience in a regulated environment preferred but not required.
Proponent of continuous improvement process and the ability to challenge the status quo.
Embody a collaborative and consensus-driven approach to decision making.
Forward thinking; ability to think outside the box to anticipate potential new threats and remain creative in solutions delivery.
Ability to anticipate the unknown, willingness to see past the present and continually innovate and create new ways to remain at the forefront of security.
Have a willingness to learn new skills and technologies.
Mission driven or comfortable in a very mission-oriented organization.
Commercial/practical approach to decision making.
S&P Global states that the anticipated base salary range for this position is $148,200 to $338,600. Base salary ranges may vary by geographic location.
In addition to base compensation, this role is eligible for an annual incentive plan.
At S&P Global, we don't give you intelligence--we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit www.spglobal.com .
S&P Global has a Securities Disclosure and Trading Policy ("the Policy") that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policy's requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy.
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.