S&P Global Director, Security Architecture in Charlottesville, Virginia


Director, Security Architecture


Denver, CO, Charlottesville, VA, or virtual

The Team:

As the global Cyber Security team, we value the integrity of protecting SPGI's Digital Infrastructure and Web applications. We work collaboratively and proactively with our business segments to create secure architectures to mitigate risks and cyber-attacks.

The Impact:

By being in the role, you will help in protecting our computing systems, securing sensitive data, solving business risk problems, implementing security technologies that will benefit the organization, and mitigate the risk of threats.

What s in it for you?

  • You will have direct impact and oversight in implementing the appropriate security controls needed to protect the confidentiality, integrity and availability of SPGI's Digital Infrastructure.


  • Perform security architecture reviews, implement and track the effectiveness of security measures deployed for the protection of computer systems, networks and information services.

  • Review proposed application and infrastructure security architectures to identify security gaps and define the desired system security requirements that align with company policies and industry regulatory requirements.

  • Collaborate with business and technology managers to assess needs, identify security risks and promote adoption of solutions through sponsorships in pilot and prototyping activities.

  • Provide sound security guidance on all aspects of the OSI 7 layer stack (Physical to Application Layer)

  • Define and document computer security architecture for newly acquired technology tools; design security architecture elements to mitigate threats as they emerge.

  • Build effective solutions that balance business requirements with information and cybersecurity requirements.

  • Identify and document security design gaps in existing architectures, data security encryption measures, mobile platform security, cloud computing security architectures and recommend any changes or improvements.

  • Develop technical solutions and implement new security tools to help mitigate security vulnerabilities and reduce overall enterprise risk.

  • Write comprehensive reports to include including security review based findings, outcomes and propose further platform security measures and enhancements.

  • Keep abreast of information security controls, practices, and capabilities in the industry.

WhatWe reLookingFor:


  • Bachelor s degree in Engineering, Computer Science, related discipline, or equivalent.

  • You have at least 7 years of experience in IT information security, with at least a minimum of 5 years in security architecture and application, infrastructure security.

    • Hands on experience in deploying security technologies such as Firewalls, Intrusion prevention, DDoS mitigation technologies, Anti-malware, Anti-virus, endpoint security technologies, SIEM, authentication systems, log collection - management, content filtering, Wireless Access controls, Network Access Control, identity management technologies, cloud security technologies, data encryption technologies, virtualization security, mobile application security
  • Analytical skills, problem solving skills, ability to work under stress and multi-task.

  • Your ability to carry high-level conversations; have the gravitas to present to senior leadership; have good verbal, written, and interpersonal skills.

  • Experience and in depth understanding of the latest security principles, application security architecture, security technologies, techniques, standards and protocols.

  • Deep understanding of Web related technologies deployment (web application security design, mobile application security, service oriented architecture, SAML, identity federation, cloud (public, private).

    • Scripting skills (i.e.:*

    Ruby, Python, Perl, shell scripts).

    • Maintained information security - cybersecurity certifications (e.g. CEH, CISSP, CISM).
  • Experience with financial regulatory bodies (i.e., SEC) a plus.

  • Experience with cloud IaaS security operations, a plus

At S&P Global, we don t give you intelligencewe give you essential intelligence. The essential intelligence you need to make decisions with conviction. We re the world s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit www.spglobal.com

To all recruitment agencies:

S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race - ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to:

EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

The EEO is the Law

Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.