Associate Director, Information Security

Grade Level (for internal use):

About the Role: 

The Team: 

The SPGI Market Intelligence InfoSec team works to increase value in our products through strong security posture. When we can show our customers their information is well protected with us, they are more apt to bring new opportunities. Additionally, our work to reduce risk contributes to the value returned to our customers and shareholders. We engage closely with product teams to deliver security practices, capabilities, and advisory services to continually improve and ensure security is incorporated throughout the product lifecycle. 

 
Responsibilities and Impact: 

• Application Security 

• Build and drive a coherent, scalable application security and SecDevOps program across the division, ensuring alignment with the corporate security strategy, capabilities, and policies. 

• Champion the adoption of security practices within the DevOps cycle to proactively address risks and enhance the security posture of development projects. 

• Design and promote secure coding practices, training and assets for application development teams. 

• Implement threat modeling practices to identify and assess potential security threats early in the development lifecycle. This proactive approach will facilitate the design of robust security controls, ensuring that applications are resilient against emerging threats. 

• Manage and report on application security performance, metrics, and KPIs. 

Required Qualifications: 

   Hands on Experience & ability to run: 

• Dynamic vulnerability assessments (DAST) 

• Static vulnerability assessments (SAST) – Code reviews 

• Software composition analysis (SCA) 

• Mobile vulnerability Assessments (MVA) – IOS & Android 

• Penetration Testing 

• Product engagement 

• Engage closely with business units to understand their security requirements and align security capabilities accordingly. 

• Identify, prioritize, and drive remediation of security vulnerabilities and issues. 

• Document and/or review security standards, architectures and blueprints for adoption by product teams to improve protection, visibility and transparency. 

• Education and enablement 

• Facilitate educational opportunities within the division to increase security awareness, secure coding practices and secure architecture and design. 

• Provide technical guidance and support to the security and product teams in incident response, control adoption, and threat mitigation. 

• Train and mentor staff on application security awareness, skills, and tools. 

Compensation/Benefits Information: (This section is only applicable to US candidates) 

S&P Global states that the anticipated base salary range for this position is $107,433 to $237,100. Final base salary for this role will be based on the individual’s geographic location, as well as experience level, skill set, training, licenses and certifications. 

In addition to base compensation, this role is eligible for …