Assistant Director Cyber Risk and Compliance

Department overview

The Cyber Risk and Compliance office partners closely with the Market Intelligence technology and business teams to facilitate interactions with, and deliverables to, corporate departments. This group enables our technology teams and product business areas by providing oversight to various assessment and risk areas. The team combines strong technical skills with advanced compliance capabilities.

Market Intelligence is the largest division within S&P Global. The Division creates, markets, sells, delivers, and supports financial and risk related products.

Position Summary

This position within the Cyber Risk and Compliance team designed to provide support to the Market Intelligence division with internal and external security audits and assessments. The candidates time will be divided between working directly with a several stakeholder groups to collect, analyse and present evidence. This position will allow candidate to utilize their security knowledge to help strengthen the security posture of individual product teams and Market Intelligence as a whole.

• Form partnerships and work closely with customer and divisional product groups.
• Become familiar with Market Intelligence processes and overall company and divisional cyber security policies, standards, processes, and controls.
• Work with individual product teams to gain understanding of products, supporting technologies and existing compliance approach and documentation.
• Manage the collection of evidence from security groups and individual product teams.
• Assist with production and review of required control evidence as appropriate to meet compliance requirements.
• Present and explain evidence as required to internal and external stakeholders.
• Make recommendations and provide guidance to business and technical teams through the performance of internal assessments and audit processes. Drive best outcome for Market Intelligence division.
• Track assessment and audit outcomes.
• Respond to emerging requests and compliance requirements as they arise.
• Identify and drive opportunities to highlight Markit Intelligences compliance position and activities.
• Perform additional tasks and take additional responsibility as directed by team manager.

Education and Experience

• Minimum 10+ years experience in IT/Information Security roles involving execution or oversight of controls, program management or other compliance activities.
• Significant experience in cloud technology (AWS preferred).
• Demonstrate progressively more responsible roles with several years of considerable experience conducting or responding to technical audits. Experience in a major financial institution or in the financial products industry preferred.
• A strong comprehension of Information/Cyber Security and the curiosity to maintain knowledge as the industry advances. Understanding of industry-specific regulations, standards and frameworks (e.g., DORA, GDPR, SOX, SOC, ISO 27001, ISO and how these apply to an enterprise context will be beneficial.
• Proven record of successful relationship building leading to successful outcomes.
• Ability to collaborate effectively with a global team across multiple time zones.

Personal Competencies

• Excellent communication and people skills with the ability to engage and influence stakeholders both internal and external. Ability to remain flexible and negotiate appropriate outcomes. Cultivate strong working relationships with internal colleagues.
• Capable of managing multiple concurrent projects efficiently while maintaining flexibility as priorities shift. Demonstrates persistence in arriving at solutions.
• Strong analytical and critical thinking skills with the ability to assess complex information and develop creative solutions.
• Ability to work in a geographically dispersed team and independently with minimum supervision.