Associate Director, Information Security, Application Security

Grade Level (for internal use):

About the Role:

The Team:

The SPGI Market Intelligence InfoSec team works to increase value in our products through strong security posture. When we can show our customers their information is well protected with us, they are more apt to bring new opportunities. Additionally, our work to reduce risk contributes to the value returned to our customers and shareholders. We engage closely with product teams to deliver security practices, capabilities, and advisory services to continually improve and ensure security is incorporated throughout the product lifecycle.

Responsibilities and Impact:

• Application Security
  • Build and drive a coherent, scalable application security and SecDevOps program across the division, ensuring alignment with the corporate security strategy, capabilities, and policies.
  • Champion the adoption of security practices within the DevOps cycle to proactively address risks and enhance the security posture of development projects.
  • Design and promote secure coding practices, training and assets for application development teams.
  • Manage and report on application security performance, metrics, and KPIs.
• Product engagement
  • Engage closely with business units to understand their security requirements and align security capabilities accordingly.
  • Identify, prioritize, and drive remediation of security vulnerabilities and issues.
  • Document and/or review security standards, architectures and blueprints for adoption by product teams to improve protection, visibility and transparency.
• Education and enablement
  • Facilitate educational opportunities within the division to increase security awareness, secure coding practices and secure architecture and design.
  • Provide technical guidance and support to the security and product teams in incident response, control adoption, and threat mitigation.
  • Train and mentor staff on application security awareness, skills, and tools.

Compensation/Benefits Information: (This section is only applicable to US candidates)

S&P Global states that the anticipated base salary range for this position is $107,433 to $237,100. Final base salary for this role will be based on the individual’s geographic location, as well as experience level, skill set, training, licenses and certifications.

In addition to base compensation, this role is eligible for an annual incentive plan. This role is not eligible for additional compensation such as an annual incentive bonus or sales commission plan.

This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, please click here.

What We’re Looking For:

Basic Required Qualifications:

• 5-8 years of experience in security engineering, application security, software engineering, or related roles.
• Understanding of DevSecOps and hands-on experience …