Business Information Security Officer - Enterprise Data Organization
other jobs eFinancial Careers
Added before 3 Days
- England,London,City of London
- full-time
- Competitive salary
Job Description:
About the Role:
Grade Level (for internal use):
14
We are looking for a pro-active and forward-thinking Business Information Security Officer that is well versed in information security management principles and comes from a technical hands-on background and can manage multiple parallel projects. This is a leadership position within the S&P Enterprise Data Organization (EDO) focusing on establishing best practices and driving security practices within the business unit.
As the Business Information Security Officer, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization’s overall security objectives.
Responsibilities: *Design, implement, and maintain global security policies, standards, and procedures focused on protecting data across all environments, ensuring alignment with business and IT priorities.
*Ensure the divisional security strategy aligns with broader organizational goals, particularly data privacy and protection regulations (e.g., GDPR, CCPA).
*Own and manage all data-related security risks, performing risk assessments specific to data storage, processing, and transfer.
*Identify, assess, and prioritize data security vulnerabilities, ensuring effective remediation plans are in place and executed.
*Conduct periodic audits of data security controls to ensure compliance with internal policies and external regulations.
*Ensure adherence to data protection laws and implement robust measures for data privacy, security, and retention.
*Work closely with software development teams to ensure secure data handling throughout the software development lifecycle (SDLC), embedding security in data processing systems and applications.
*Ensure that data security requirements are incorporated into all phases of technology systems, from design through deployment.
*Lead investigations into data security breaches, ensuring proper reporting and communication with senior management during incidents.
*Work with the Cyber Incident Response Team (CIRT) to address and mitigate cybersecurity incidents, ensuring appropriate remediation of data breaches.
*Develop and deliver targeted security training programs for employees, contractors, and third parties on best practices for data protection.
*Implement ongoing data security awareness initiatives, ensuring all stakeholders understand the importance of safeguarding organizational data.
*Coordinate with third-party security vendors to conduct vulnerability assessments, penetration tests, and security audits focused on data protection.
*Stay current on emerging data security trends, threats, and technologies, recommending updates to security measures as needed.
*Establish and maintain a strong data security posture, continuously monitoring the effectiveness of controls and processes.
*Represent EDO security to external stakeholders.
*Regularly evaluate the organization’s data security safeguards, ensuring they provide robust protection against evolving threats and data-related risks.
Qualifications & Experience: *Bachelor’s degree in computer science, Information Systems, Engineering, or a related field (master’s preferred).
*CISSP (Certified Information Systems Security Professional) is a MUST (non-expired).
*OWASP Membership and CRISC (Certified in Risk and Information Systems Control) preferred.
*8- 10+ years of experience in security-focused roles, particularly in technology-heavy industries (e.g., Software, Financial Services).
*Prior experience as a software engineer or systems/network engineer.
*Proven track record of securing cloud-based services, ensuring scalability, performance, and reliability.
*Experience with PII (Personally Identifiable Information) and security compliance regulations.
*Expertise in a wide range of security domains: access controls, network security, cloud security, PKI and cryptography, application security, security models, and incident management.
*Experience in cloud computing architectures, common open-source technologies (e.g., Kafka, Spark, Hadoop), and web application development (e.g., Java, PHP, Python).
*Strong understanding of NIST security controls frameworks, risk assessment, and risk management.
*Experience in secure software design, security testing, and vulnerability remediation.
*Familiarity with service control frameworks such as SOC 1 and 2.
*Knowledge of threat modeling and risk management practices.
*Solid experience in security engineering, system and network security, authentication, cryptographic protocols, and application security.
*Strong ability to design secure architectures and review security in development processes.
*Familiarity with common security testing tools, vulnerability scanners, and security code reviews.
*Strong project management skills with experience leading cross-functional teams in large, complex security projects.
*Demonstrated ability to mentor and lead security engineers and managers, fostering a culture of high morale and agility.
*Experience with usage and Risk around use of AI in the enterprise a definite bonus
Compensation/Benefits Information: (This section is only applicable to US candidates)
S&P Global states that the anticipated base salary range for this position is $152,600 to $285,000. Final base salary for this role will be based on the individual’s geographic location, as well as experience level, skill set, training, licenses and certifications. In addition to base compensation, this role is eligible for an annual incentive plan. This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, please click here .
What’s In It For You?
Our Purpose:
Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology-the right combination can unlock possibility and change the world.
Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.
Our People:
We’re more than 35,000 strong worldwide-so we’re able to unde
Grade Level (for internal use):
14
We are looking for a pro-active and forward-thinking Business Information Security Officer that is well versed in information security management principles and comes from a technical hands-on background and can manage multiple parallel projects. This is a leadership position within the S&P Enterprise Data Organization (EDO) focusing on establishing best practices and driving security practices within the business unit.
As the Business Information Security Officer, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization’s overall security objectives.
Responsibilities: *Design, implement, and maintain global security policies, standards, and procedures focused on protecting data across all environments, ensuring alignment with business and IT priorities.
*Ensure the divisional security strategy aligns with broader organizational goals, particularly data privacy and protection regulations (e.g., GDPR, CCPA).
*Own and manage all data-related security risks, performing risk assessments specific to data storage, processing, and transfer.
*Identify, assess, and prioritize data security vulnerabilities, ensuring effective remediation plans are in place and executed.
*Conduct periodic audits of data security controls to ensure compliance with internal policies and external regulations.
*Ensure adherence to data protection laws and implement robust measures for data privacy, security, and retention.
*Work closely with software development teams to ensure secure data handling throughout the software development lifecycle (SDLC), embedding security in data processing systems and applications.
*Ensure that data security requirements are incorporated into all phases of technology systems, from design through deployment.
*Lead investigations into data security breaches, ensuring proper reporting and communication with senior management during incidents.
*Work with the Cyber Incident Response Team (CIRT) to address and mitigate cybersecurity incidents, ensuring appropriate remediation of data breaches.
*Develop and deliver targeted security training programs for employees, contractors, and third parties on best practices for data protection.
*Implement ongoing data security awareness initiatives, ensuring all stakeholders understand the importance of safeguarding organizational data.
*Coordinate with third-party security vendors to conduct vulnerability assessments, penetration tests, and security audits focused on data protection.
*Stay current on emerging data security trends, threats, and technologies, recommending updates to security measures as needed.
*Establish and maintain a strong data security posture, continuously monitoring the effectiveness of controls and processes.
*Represent EDO security to external stakeholders.
*Regularly evaluate the organization’s data security safeguards, ensuring they provide robust protection against evolving threats and data-related risks.
Qualifications & Experience: *Bachelor’s degree in computer science, Information Systems, Engineering, or a related field (master’s preferred).
*CISSP (Certified Information Systems Security Professional) is a MUST (non-expired).
*OWASP Membership and CRISC (Certified in Risk and Information Systems Control) preferred.
*8- 10+ years of experience in security-focused roles, particularly in technology-heavy industries (e.g., Software, Financial Services).
*Prior experience as a software engineer or systems/network engineer.
*Proven track record of securing cloud-based services, ensuring scalability, performance, and reliability.
*Experience with PII (Personally Identifiable Information) and security compliance regulations.
*Expertise in a wide range of security domains: access controls, network security, cloud security, PKI and cryptography, application security, security models, and incident management.
*Experience in cloud computing architectures, common open-source technologies (e.g., Kafka, Spark, Hadoop), and web application development (e.g., Java, PHP, Python).
*Strong understanding of NIST security controls frameworks, risk assessment, and risk management.
*Experience in secure software design, security testing, and vulnerability remediation.
*Familiarity with service control frameworks such as SOC 1 and 2.
*Knowledge of threat modeling and risk management practices.
*Solid experience in security engineering, system and network security, authentication, cryptographic protocols, and application security.
*Strong ability to design secure architectures and review security in development processes.
*Familiarity with common security testing tools, vulnerability scanners, and security code reviews.
*Strong project management skills with experience leading cross-functional teams in large, complex security projects.
*Demonstrated ability to mentor and lead security engineers and managers, fostering a culture of high morale and agility.
*Experience with usage and Risk around use of AI in the enterprise a definite bonus
Compensation/Benefits Information: (This section is only applicable to US candidates)
S&P Global states that the anticipated base salary range for this position is $152,600 to $285,000. Final base salary for this role will be based on the individual’s geographic location, as well as experience level, skill set, training, licenses and certifications. In addition to base compensation, this role is eligible for an annual incentive plan. This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, please click here .
What’s In It For You?
Our Purpose:
Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology-the right combination can unlock possibility and change the world.
Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.
Our People:
We’re more than 35,000 strong worldwide-so we’re able to unde
Job number 1824737
metapel
Company Details:
eFinancial Careers
From simple beginnings in 1995, Talent has been on a journey to redefine the world of recruitment through creating the most empowering customer and ca...