S&P Global Director, Information Security Architecture in Beijing, China
Provide end to end Security Architecture reviews as part of the IT lifecycle.
Interpret and apply understanding of policy, process, and business architecture, legal and political implications in order to assist the development of technical solutions or controls.
Maintains a deep understanding and application of security concepts at a technical level.
Able to effectively translate and communicate security and risk implications to technical, non-technical stakeholders.
Work with risk owners to advise, give feedback on level of risk and recommend mitigating controls
Understand the impact of vulnerabilities on existing - future designs and current live systems and articulate appropriate risk-based responses
Drive security through globally standardized automation with CI - CD processes.
Partner with key IT service providers to ensure industry standard platform, network and endpoint security posture.
Ensure industry standard framework implementation
Influence security policy, standards and guidelines.
Participates in internal, external and regulatory audits and requests for information.
Must be a subject matter expert for the company s security processes across multiple domains and disciplines on premise and cloud - SaaS based applications, data, infrastructure and mobile solutions.
- An absolute passion for information security and knowledge of the latest threats, trends and concerns at a global level.
5 years experience in some combination of the following disciplines with an emphasis on information security:*
network architecture, IT perimeter design, threat modelling, security architecture, application architecture and design, authentication platforms, industry standard frameworks (NIST, ISO), physical security, DNS, VPN, URL Filtering, SIEM design, Email security, Cryptography concepts.
Must be highly collaborative, able to effectively interact with peers, management and leadership teams, excel at cross-team initiatives and act with a sense of urgency when security issues or requirements arise.
Demonstrable deep technical knowledge on all facets of Information Technology and Information Security.
Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs).
Intimate knowledge of the Cyber Kill Chain and other relevant network defence and intelligence frameworks.
Knowledge and experience of Cloud deployment models and architectures
Experience of Agile methodologies TDD, Scrum, Kanban
A minimum of a Bachelor s Degree in Information Systems, Computer Science, Engineering, or equivalent experience
- CISSP and - or SANS certification preferred
Networking certification (CCIE) a plus