S&P Global Director, InfoSec Ops in Glen Allen, Virginia
The Director of Infosec Ops will be accountable for building, enforcing and reporting on the information security maturity across all S&P Global MI and DTI products by adopting Corporate standards and tools. This is a unique management opportunity to drive a SecOps team with a primary focus on our product offerings including both DevOps and AWS-based cloud infrastructures. This role will be a critical influencer to help drive the overall enterprise information assurance strategy with visibility and direct exposure to executive management.
You have led a security operations team and have also been a seasoned and senior individual contributor in the past. You are focused on demonstrating leadership skills and driving security practices through automated CI - CD pipelines, working with service providers like Wipro and translating Corporate standards into actionable projects. You know how to prioritize solutions and work with the application owners to plan and implement those solutions. You are not unwilling to roll up your sleeves and lead by example. You have strong troubleshooting and problem resolution skills. You have strong written and verbal communications skills to effectively manage contending priorities in a fast moving environment. You are a self-motivated initiative with drive and passion for getting things done, and have the ability to translate ambiguity into meaningful actions. You pride yourself in being an energetic self starter who shows personal initiative to lead a team and show them the way to success.
An applicant should have
A bachelor s in computer science (or equivalent) degree with 10 years of documented information security work experience
Prior demonstrated senior leadership and management in an enterprise security role with 5 years minimum of management experience. (Certifications such as CISSP, ISSAP, CRISC, and SANS preferred.)
Strong knowledge of NIST standards and the NIST Cybersecurity Framework.
Strong sense of project management, prioritization and ability to resolve or mitigate blockers.
A strong level of technical depth in the information security domain and is focused on driving metrics-driven results
Experience with complex SaaS and Corporate IT services environments
Expertise with administering security technology controls (firewalls, orchestration platforms, anti-malware, forensics, IAM, IDS, DLP, open-source, etc.)
- Consistent track record of developing and implementing security automation and technology and process integrations with CI - CD pipelines.
Experience managing security in DevOps and SaaS environments.
Experience with AWS and best practices for monitoring an IaaS environment
Experience working with a Corporate Cyber Security Team that declares the standards; your job is to implement and enforce them while also working in partnership to help improve the Corporate standards.
Familiarity with operating enterprise security technologies and establishing enterprise security processes.
Familiarity and experience with standards and compliance frameworks ISO, SANS, OWASP, NIST, SSAE SOC, ITIL, etc.
Development of detailed SecOps metrics and reporting for executive management.
Excellent written visualization and verbal communication skills.
About the Role
Provide regular executive level visibility into the health and maturity of our Infosec Operations.
Responsible for the successful operations of all security tools and technologies and participates in or drives security reviews for new products and services.
Partners closely with the scrum teams, DevOps leads, Product Development managers, and Product Managers to improve the operating risk posture, improve security maturity, and mitigate risks.
Aggressively but realistically eliminate technical debt that leads to security vulnerabilities.
Lead risk assessments and remediation plans for identified risks.
Documents wiki, run books, and trains others to help operationalize and automate DevSecOps.
Works across engineering teams to prioritize flaws and with external entities to respond to security issues and concerns.
Continuously identifies areas needing improvement, creates action plans, and executes to implement changes in a timely manner
To all recruitment agencies:
S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race - ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to:
EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.