Senior Director, Business Information Security Officer
Location: New York, New York
Internal Number: 263866
Grade ( relevant for internal applicants only ): 14
S&P Global Platts is currently seeking a Business Information Security Officer (BISO) to join our Technology Leadership Team. This is a senior engineering leadership role who ensures security best practices are part of everything we do within the Platts Technology organization. The BISO will work with the corporate InfoSec team to bake security into S&P Global Platts strategic plans and operations. The BISO will provide input into the corporate CISO strategy and guide, consult and partner with Platts Technology leadership to ensure the CISO strategy is seamlessly integrated into the Platts Technology strategy. This person will be the primary contact for security related concerns with internal stakeholders and external regulators.
Their day-to-day responsibilities include partnering with the technology teams to ensure that security engineering and operations are prioritized, and security best practices are part of the technology life cycle from beginning to end. This includes planning roadmaps to rollout security standards, advising on engineering efforts, creating communities of practice that build and deploy engineering solutions, and working with all engineering teams to address security gaps and notify them when vulnerabilities or security defects are discovered. Regular collaboration with the CISO's organization is required to make sure priorities are clearly understood. Working with internal audit, compliance and related regulatory groups within S&P Global Platts is critical to ensuring we are not only adhering to best practices, but able to evidence that externally to regulatory and audit stakeholders.
This person must be technical with a focus in security. He or she must have good communication and priority managements skills and be comfortable reporting out to and working with senior executives on key strategic initiatives. He or she needs to be able to clearly state the security posture of the firm and how that impacts S&P Global Platts. This person must also feel comfortable being an evangelist for security and enjoy working with other technologists in making security something that is not only necessary, but an exciting aspect of everyone's personal career story.
What We're Looking For * Ability to clearly articulate and build support for a strategic security vision, as passionate about the 'why' as the 'how' * Be relentlessly curious, take ownership and challenge the status quo * Have in-depth knowledge of the security landscape as well as deep understanding of how to implement solutions in a regulated setting * Operates globally and is able to define where strategies and tactics need to be applied globally and where locally, and to communicate that clearly and simply * In-depth knowledge of cloud providers, cloud operating models and cloud security controls and best practices * Looks at external companies, products and capabilities and how they may accelerate Platts Technology security initiatives * Shapes and leverages advanced conceptual thinking to solve complex and/or completely new or novel security situations that have never been dealt with before. * Actively pursues innovative solutions that align with the company's tolerance for risk (business and reputational).
Required Skills * 10+ years of experience in technology and 5+ years in information security * 5+ years of experience in application development or application security * 5+ years of experience in risk management with direct participation in risk management processes, including application risk classification and control assessments * Must display subject matter expertise in application security, vulnerability remediation, secure system operations, and be grounded in software development lifecycle management * Strong experience working with lines of business and gaining consensus on security rationale, implementation, deployment and maintenance * Strong experience of public cloud operators, ideally AWS but Google Cloud or Azure is acceptable * Experience giving presentations and comfortable communicating in a senior executive setting
S&P Global states that the anticipated base salary range for this position is $148,200 to $338,600. Base salary ranges may vary by geographic location.
In addition to base compensation, this role is eligible for an annual incentive plan.
At S&P Global Platts, we provide the insights; you make better informed trading and business decisions with confidence. We're the leading independent provider of information and benchmark prices for the commodities and energy markets. Customers in over 150 countries look to our expertise in news, pricing and analytics to deliver greater transparency and efficiency to markets. S&P Global Platts coverage includes oil and gas, power, petrochemicals, metals, agriculture and shipping.
S&P Global Platts is a division of S&P Global (NYSE: SPGI), which provides essential intelligence for individuals, companies and governments to make decisions with confidence. For more information, visit www.platts.com .
S&P Global has a Securities Disclosure and Trading Policy ("the Policy") that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policy's requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy.
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.