Lead DevSecOps

Grade - 12, for internal purposes only

Location - NYC, NY or London, UK

Department overview:

Commodity Insights is a division of S&P Global (NYSE: SPGI). S&P Global is the world's foremost provider of credit ratings, benchmarks, analytics, and workflow solutions in the global capital, commodity, and automotive markets. With every one of our offerings, we help many of the world's leading organizations navigate the economic landscape so they can plan for tomorrow, today.

Environmental Solutions group is a dynamic team developing solutions for carbon trading infrastructure. The products in this group include Environmental Registry, Auctions Platform and other applications providing functionalities in the commodity logistics and sustainability space.

Summary:

This position provides technical capabilities to Environmental Solutions projects, regarding best practices in cyber security.

The successful candidate will have a knowledge of automation tools and deep understanding of cyber security of distributed systems. Knowledge of cloud based systems and their architecture is also going to play a key role in the day to day activities.

The position will provide support to the program as the program develops. The successful candidate will work closely between the engineering group and other groups involved in the program through all stages as the program continues to grow and develop (anticipated to be multi-year) to ensure appropriate security controls are designed and implemented.

In addition, the candidate will function as an integral member of the Environmental Solutions team and may assist with other department security risk and compliance activities. The candidate may provide guidance to team members to enhance their growth, suggest and implement process improvements, contribute to risk and compliance management activities, and other responsibilities as assigned by management.

General Job Duties:

• Implement and document security/technology control requirements for the products in Environmental Solutions, using current control environment to the extent possible.
• Develop methods to meet new and developing cyber security and compliance needs and requirements as needed.
• Drive/contribute to the development and implementation of short term and long term plans to continue the maturation of a compliant environment.
• Implement and monitor security controls setup for the division
• Implement automation tools for testing implementation of security controls
• Function as a strong contributor to the Environmental Solutions team, participating in special projects and task forces as required. Support, communicate, reinforce and defend the mission, values, philosophy and culture of the organization.
• Possess technical knowledge of modern, cloud based application architecture (AWS, Google Cloud, MS Azure)
• Perform other duties as required.

Specific Job Duties:

• Participate in compliance and audit activities with other groups within Environmental Solutions and centralized services.
• Develop and provide knowledge, knowledge resources, and guidance to Environmental Solutions staff regarding control activities.
• Automate implementation of regular security control verification process
• Integrate the applications with company’s internal security monitoring tools
• Establish relationships and interact with all levels within multiple groups to ensure compliance activities are understood and completed appropriately.
• Assist in maintaining compliance documentation including policies, standards, and procedures, reports, etc.
• Undertake additional work as directed.

Required Experience/Education:

• Minimum 4+ years’ experience in IT/Information Security roles involving implementation and automation of security controls.
• Significant experience in cloud technology
• Strong knowledge of application development, infrastructure, and cyber security.
• Knowledge of technology/security related regulations and standards like ISO 27001 and 27002SOX, and SOC II Type 2 reports
• Bachelor’s degree, or equivalent prior work experience

Required Soft Skills:

• Good interpersonal skills – must be able to work effectively as part of or leading a project/program team and foster team cooperation.
• Desire to learn about and stay current with a complex and rapidly changing environment.
• Problem-solving skills, creative and collaborative in finding solutions related to complex and multilayered problems.
• Critical thinking with the ability to use logic and reasoning to identify strengths and weaknesses of alternative solutions, conclusion or approaches.
• Ability to work in a geographically dispersed team and independently with minimum supervision.
• Ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems while remaining well organized.
• Sound business judgment and ability to make independent decisions

• Attention to detail

Travel:

Less than 10% travel may be required.

Organizational Relationships:

This position reports to (title only): Executive Director

Compensation/Benefits Information:

S&P Global states that the anticipated base salary range for this position is $100,200 - $185,000. Base salary ranges may vary by geographic location.

This role is eligible to receive S&P Global benefits.

For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires .

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.

20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group)