Director of Information Security Risk Management

  • Competitive
  • New York, NY, USA New York NY US
  • Permanent, Full time
  • S&P Global
  • 18 Jul 18 2018-07-18

Director of Information Security Risk Management

JobDescription :
We are looking for a pro-active and forward thinking Director of Information Security Risk Management that is well versed in information security management principles and comes from a technical hands on background and can manage multiple parallel projects. This is a leadership position within the S&P Global Platts business unit focusing on establishing best practices and driving security practices within the business unit. The Director will work across the Platts technology business unit and become intimately familiar with access controls, certificate management, infrastructure hardening, SDLC, security monitoring and all security practices. This position will also interface with the S&P Global's corporate information security group.

The Director will help to formulate, define, and implement security procedures that are necessary to ensure the safety of information system assets, protecting them from intentional or inadvertent access or destruction. Will interface with peers in the Information Technology Department and business unit managers to understand their privacy and security needs and will implement procedures and solutions to accommodate those requirements consistent with industry standards, statutory guidelines and regulations. Performs any functions, within scope of authority and expertise, to provide the highest level of service and responsiveness to customers and co-workers.

Responsibilities:
• Develop and implement global security policies, standards and procedures with an emphases on SDLC, application security and network/server risk management
• Own all security risk items and remediation
• Conduct periodic security audits to monitor compliance with objectives
• Recommend security improvements by assessing currents needs, evaluating trends and anticipating future requirements
• Investigate security breaches and insure compliance with applicable reporting directives. Provide on-going communication with senior management during the investigation
• Coordinate information security training for employees and other third parties as required
• Develop and conduct security awareness programs for all users
• Coordinate information technology risk assessments and issue report of findings including recommendations for corrective actions
• Coordinate with third party security vendors the design and execution of vulnerability assessments, penetration tests and security audits
• Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks or threats

Qualifications:
• Experience with security management, access controls, auditing and monitoring, network security, cloud security, application security, PKI and cryptography, security models, BCP, DR and incident management
• CISSP is a MUST no exception (non-expired)
• Prior experience as a software engineer or systems/network engineer
• Prior experience working for a software company
• Prior experience with PII
• Bachelor's degree, preferably in Computer Sciences or Technology
• Preferably at least 8+ years of security experience