Seeking a motivated and collaborative security leader to run our rapidly growing application security team and our secure development lifecycle program. The person in this role will also lead in building the application secure strategy, design, deployment, and operations of all of our systems. This role requires impeccable interpersonal skills as well as a deep and broad understanding of S&P;’s overall business strategy, strategy for each division, overall architecture and products. The leader must be technical and collaborative with an ability to influence technology leaders to build security into the Software Development Lifecycle.
Create a relevant strategy and vision for application security to ensure the reduction of risk on the applications at S&P;
Refine and drive widespread adoption of our secure development lifecycle process
Build partnerships with other development teams, be a source of expertise in security best practices
Recruit, mentor and grow your team of application security analysts
Develop and deliver engaging and memorable security trainings
Project manage all application security team initiatives and
Manage enterprise wide penetration tests
Provide detailed guidance and support to teams in application vulnerability remediation
Guide your team in selecting and implementing automated application scanning, static analysis and related tools
Perform threat modeling, architecture and source code reviews of S&P; products
Provide application security guidance on cloud environments as well as non-cloud environments
Communicate relevant metrics and trends to the technology leadership team.
Ensure stakeholder satisfaction
Security leaders with deep empathy and a passion for helping others grow
Generalists who love learning new things and concocting creative security solutions for novel and risky functionality
5+ year of prior team lead or people management experience
7+ years experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modeling
Experience with AWS, Java, Python, Ruby, and other modern open source languages and tools
Experience with static code analysis tools (Fortify)
Experience with dynamic code analysis tools (WebInspect)
Deep understanding of common web application attacks
About S&P; Global
At S&P; Global, we don’t give you intelligence—we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include:
•S&P; Global Ratings, which provides credit ratings, research and insights essential to driving growth and transparency.
•S&P; Global Market Intelligence, which provides insights into companies, markets and data so that business and financial decisions can be made with conviction.
•S&P; Dow Jones Indices, the world’s largest resource for iconic and innovative indices, which helps investors pinpoint global opportunities.
•S&P; Global Platts, which equips customers to identify and seize opportunities in energy and commodities, stimulating business growth and market transparency. For more information, visit www.spglobal.com
S&P; Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.