Lead Information Security Engineer at S&P Global

Gurugram, Haryana, India

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Financial Services, TechnologyIndustries

Requirements

Experience in IT security engineering, particularly in AI, cloud, application, and development security
Ability to act as a liaison between centralized security operations and product engineering teams
Knowledge of security standards, patterns, and best practices, including secure AI development guidelines
Expertise in secure architecture, identity and access management, AI model/data protections, and cloud configurations
Proficiency in defining and enforcing security policies, standards, and procedures
Skills in conducting risk assessments, threat modeling, and security posture evaluations
Ability to communicate security requirements and risks to technical and non-technical stakeholders
Familiarity with security frameworks (NIST CSF, ISO 27001, CIS Controls, COBIT)
Knowledge of compliance regulations (GDPR, HIPAA, SOC 2, PCI DSS, SOX)
Experience with SOC and SIEM tools (e.g., Splunk, Sentinel) for threat monitoring, detection, and response
Expertise in incident response lifecycle, vulnerability scanning, penetration testing, and red/blue team exercises
Proficiency in AI-driven threat intelligence, anomaly detection, and exploit likelihood scoring (e.g., EPSS)
Skills in securing networks, endpoints, databases, and cloud-native workloads
Knowledge of encryption, data loss prevention (DLP), and secure coding standards
Experience with DevSecOps pipelines, automated scanning, IaC security, and container/Kubernetes hardening
Ability to oversee patch management and configuration compliance
Capability to educate teams on threats, run phishing simulations, workshops, and training
Skills in tracking and summarizing security posture metrics and KPIs for senior leadership

Responsibilities

Act as a liaison between centralized security function and product development/infrastructure teams
Contribute to defining and maintaining security standards, patterns, and best practices, including secure AI guidelines
Review and advise on secure architecture, identity/access management, AI protections, and cloud configurations
Define and enforce security policies, standards, and procedures
Conduct risk assessments, threat modeling, and security posture evaluations
Communicate security requirements and risks to stakeholders
Support security assessments and provide risk mitigation recommendations for cloud, application, and AI workloads
Align security practices with frameworks (NIST CSF, ISO 27001, CIS Controls, COBIT)
Ensure compliance with regulations (GDPR, HIPAA, SOC 2, PCI DSS, SOX)
Monitor, detect, and respond to threats using SOC and SIEM tools (e.g., Splunk, Sentinel)
Manage incident response lifecycle: detection, containment, eradication, recovery, lessons learned
Perform vulnerability scanning, penetration testing, and red/blue team exercises
Integrate AI-driven threat intelligence, anomaly detection, and exploit scoring (e.g., EPSS)
Partner with engineering teams to design and implement security remediation activities
Secure networks, endpoints, databases, and cloud-native workloads
Apply encryption, DLP, and secure coding standards
Support DevSecOps pipelines: automated scanning, IaC security, container/Kubernetes hardening
Oversee patch management and configuration compliance
Collaborate with product engineers to embed security into design, development, deployment, including AI features
Educate employees, tech teams, and clients on threats and secure practices
Run phishing simulations, security workshops, and compliance training
Promote security-first culture
Track and summarize security posture data and KPIs for senior leadership

Skills

Information Security

Cloud Security

Application Security

AI Security

Secure Architecture

Identity Management

Risk Management

Security Governance

DevSecOps

Security Standards

S&P Global

Provides financial information and analytics services

About S&P Global

S&P Global provides financial information and analytics to a wide range of clients, including investors, corporations, and governments. The company offers services such as credit ratings, market intelligence, and indices, which help clients understand and navigate the global financial market. S&P Global's products work by utilizing advanced data analytics and research to deliver insights that assist clients in making informed decisions and managing risks. Unlike many competitors, S&P Global has a diverse range of divisions, including S&P Global Ratings and S&P Dow Jones Indices, which allows it to cater to various financial needs. The company's goal is to support clients in driving growth while also committing to corporate responsibility and positive societal impact.

New York City, New YorkHeadquarters

1917Year Founded

IPOCompany Stage

Data & Analytics, Financial ServicesIndustries

10,001+Employees

Benefits

Health Insurance

Unlimited Paid Time Off

Professional Development Budget

401(k) Company Match

Family Planning Benefits

Employee Discounts

Risks

Integration challenges with new acquisitions like ProntoNLP may cause operational issues.

Increased competition from AI-driven platforms like Brooklyn Investment Group.

Dependence on volatile credit ratings market could impact revenue stability.

Differentiation

S&P Global integrates advanced AI tools for superior financial analytics capabilities.

The company offers comprehensive ESG solutions, meeting growing sustainability demands.

S&P Global's diverse divisions provide a wide range of financial services globally.

Upsides

Acquisition of ProntoNLP boosts data analytics and sentiment scoring capabilities.

Rising demand for ESG data enhances S&P Global's market position.

Expansion into India strengthens S&P Global's research and insights offerings.

Land your dream remote job 3x faster with AI

Try Jobo Free