Application Security Lead

Segment: S&P Global Sustainable1
The Role: Lead, Application Security

The Team: Part of the Sustainable1 Technology group and reporting to the Head of DevOps and SRE who is also responsible for driving security strategy across Sustainable1. This team would instill values of enablement, accountability, and shared responsibility throughout the division. The group would be global, with members in the USA, EMEA, and Asia.

The Impact: The Lead, Application Security will be a lead resource building and expanding our security champions program across Sustainable1 Technology group. This individual will work with the software development, cloud architecture, and operations teams to build a security-first culture. Additionally, this role will coordinate with security champions leaders in other divisions and the corporate Information Security team to build a community of champions that share information and work collaboratively on common application security challenges.

What's in it for you:

• The role engages with a broad range of technologists and business professionals allowing you to develop an experience with emerging cloud-native technology and Sustainable technology roadmap
• As your technology and organizational experience grows, there is an opportunity to grow your role by working broadly in collaboration with other divisional teams to help increase the overall security maturity of the firm.
• This role will provide the ability to demonstrate leadership in both the security and developer communities as you'll be helping shape the security champions program from the ground up.

Responsibilities:

• Work closely with the Technology Leadership to help deliver the technology vision and technology strategy. The position will be responsible for developing, implementing, and expanding a security champions program that embeds security-minded engineers within the software development, architecture, and operational teams.
• Build an Application Security champions program by working with the scrum teams to define an effective strategy for engaging software developers interested in serving as Application security subject matter experts
• Share expertise of tools and best practices that empower Developers to seamlessly meet requirements for security across all phases of the DevSecOps cycle
• Drive behavioural change and inspire a security culture through advocacy and awareness campaigns targeting the engineering teams
• Identify and collaborate with security champions to broaden the security reach within the scrum teams.
• Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computer-based training) to reach a diverse audience of resources
• Assist the Head of DevOps and SRE with continuous refinement and implementation of the division's cyber security strategy by providing feedback gathered from the engineering teams via the security champions
• Produce periodic, high-quality reports illustrating program status, areas for improvement, and success attributes aligning to the business
• Remain current with new security threats and DevSecOps best practices
• Demonstrate security expertise both within the firm and in the industry at large
• Perform other duties as assigned

What We're Looking For:
Skills and Experience

• Demonstrated skill in application security and/or software development with a focus on secure design and coding practices
• Exhibit detailed understanding of security threats especially within a cloud-native environment
• Proven capability to advocate for security best practices in terms of business value and enablement
• Established experience successfully leading large-scale projects across global functions
• Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure
• Strong project management and personal organizational skills
• Ability to work in a constantly changing environment under tight deadlines
• Ability to work independently
• Excellent interpersonal skill

Basic Qualifications:

• Bachelor's degree from an accredited university or college
• 3-5 years' experience in application security and/or software development roles
• 1-3 years in a leadership position (team lead, manager, etc.)
• Experience with any one cloud provider AWS, Azure, or GCP.
• Experience conducting application security assessments, threat modeling, or secure code reviews
• Working knowledge of OWASP Top 10, OWASP SAMM, or BSIMM
• Working knowledge of Windows, Linux, and Unix
• Strong Communication skills

Preferred Qualifications:

• Working knowledge of CI/CD tools and cloud-native development practices
• Highly trustworthy; leads by example
• CISM, CSSLP, Security+ or other industry certification a plus

About Company Statement:
S&P Global Market Intelligence

At S&P Global Market Intelligence, we know that not all information is important-some of it is vital. Accurate, deep and insightful. We integrate financial and industry data, research and news into tools that help track performance, generate alpha, identify investment ideas, understand competitive and industry dynamics, perform valuation and assess credit risk. Investment professionals, government agencies, corporations and universities globally can gain the intelligence essential to making business and financial decisions with conviction.

S&P Global Market Intelligence is a division of S&P Global (NYSE: SPGI), which provides essential intelligence for individuals, companies and governments to make decisions with confidence. For more information, visit www.spglobal.com/marketintelligence .

S&P Global has a Securities Disclosure and Trading Policy ("the Policy") that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policy's requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy.

Equal Opportunity Employer:

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

-----------------------------------------------------------

Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.

-----------------------------------------------------------

20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group)

Job ID: 268538
Posted On: 2022-05-16
Location: Virtual, United Kingdom