Application Security Lead Full Time

About the job
Segment: S&P Global Sustainable1

The Role: Lead, Application Security

The Team: Part of the Sustainable1 Technology group and reporting to the Head of DevOps and SRE who is also responsible for driving security strategy across Sustainable1. This team would instill values of enablement, accountability, and shared responsibility throughout the division. The group would be global, with members in the USA, EMEA, and Asia.

The Impact: The Lead, Application Security will be a lead resource building and expanding our security champions program across Sustainable1 Technology group. This individual will work with the software development, cloud architecture, and operations teams to build a security-first culture. Additionally, this role will coordinate with security champions leaders in other divisions and the corporate Information Security team to build a community of champions that share information and work collaboratively on common application security challenges.

What’s In It For You
The role engages with a broad range of technologists and business professionals allowing you to develop an experience with emerging cloud-native technology and Sustainable technology roadmap
As your technology and organizational experience grows, there is an opportunity to grow your role by working broadly in collaboration with other divisional teams to help increase the overall security maturity of the firm.
This role will provide the ability to demonstrate leadership in both the security and developer communities as you’ll be helping shape the security champions program from the ground up.
Responsibilities
Work closely with the Technology Leadership to help deliver the technology vision and technology strategy. The position will be responsible for developing, implementing, and expanding a security champions program that embeds security-minded engineers within the software development, architecture, and operational teams.
Build an Application Security champions program by working with the scrum teams to define an effective strategy for engaging software developers interested in serving as Application security subject matter experts
Share expertise of tools and best practices that empower Developers to seamlessly meet requirements for security across all phases of the DevSecOps cycle
Drive behavioural change and inspire a security culture through advocacy and awareness campaigns targeting the engineering teams
Identify and collaborate with security champions to broaden the security reach within the scrum teams.
Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computer-based training) to reach a diverse audience of resources
Assist the Head of DevOps and SRE with continuous refinement and implementation of the division’s cyber security strategy by providing feedback gathered from the engineering teams via the security champions
Produce periodic, high-quality reports illustrating program status, areas for improvement, and success attributes aligning to the business
Remain current with new security threats and DevSecOps best practices
Demonstrate security expertise both within the firm and in the industry at large
Perform other duties as assigned
Skills And Experience

What We’re Looking For:
Demonstrated skill in application security and/or software development with a focus on secure design and coding practices
Exhibit detailed understanding of security threats especially within a cloud-native environment
Proven capability to advocate for security best practices in terms of business value and enablement
Established experience successfully leading large-scale projects across global functions
Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure
Strong project management and personal organizational skills
Ability to work in a constantly changing environment under tight deadlines
Ability to work independently
Excellent interpersonal skill
Basic Qualifications
Bachelor’s degree from an accredited university or college
7-9 years’ experience in application security and/or software development roles
3-5 years in a leadership position (team lead, manager, etc.)
Experience with any one cloud provider AWS, Azure, or GCP.
Experience conducting application security assessments, threat modeling, or secure code reviews
Working knowledge of OWASP Top 10, OWASP SAMM, or BSIMM
Working knowledge of Windows, Linux, and Unix
Strong Communication skills
Preferred Qualifications
Working knowledge of CI/CD tools and cloud-native development practices
Highly trustworthy; leads by example
CISM, CSSLP, Security+ or other industry certification a plus
About Company Statement

S&P Global delivers essential intelligence that powers decision making. We provide the world’s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you’ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.

Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to:?EEO.Compliance@spglobal.com?and your request will be forwarded to the appropriate person.?

US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf?describes discrimination protections under federal law.

20 – Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 – Middle Professional Tier II (EEO Job Group)

Job ID: 279307

Posted On: 2022-12-08

Location: Hyderabad, Telangana, India