Lead Information Security Engineer

As a Lead Information Security Engineer at S&P Global Market Intelligence, you will strengthen AI, cloud, application, and development security. This role involves acting as a key liaison between security operations and product engineering teams, driving the design and implementation of secure solutions and remediation across various environments. You will define security standards, conduct risk assessments, manage incident response, and embed security into product development, ensuring compliance and fostering a security-first culture. This position offers significant impact and influence across the enterprise.

Must Have

• Liaise between centralized security and product/infrastructure teams.
• Define and maintain security standards, patterns, and best practices, including secure AI development.
• Advise on secure architecture, IAM, AI model/data protections, and cloud configurations.
• Enforce security policies, standards, and procedures.
• Conduct risk assessments, threat modeling, and security posture evaluations.
• Communicate security requirements and risks to stakeholders.
• Support security assessments and recommend risk mitigation.
• Align security practices with NIST CSF, ISO 27001, CIS Controls, COBIT.
• Ensure compliance with GDPR, HIPAA, SOC 2, PCI DSS, SOX.
• Monitor, detect, and respond to threats using SOC and SIEM tools.
• Manage the incident response lifecycle.
• Perform vulnerability scanning, penetration testing, and red/blue team exercises.
• Integrate AI-driven threat intelligence and anomaly detection.
• Partner with engineering for security remediation activities.
• Secure networks, endpoints, databases, and cloud-native workloads.
• Apply encryption, DLP, and secure coding standards.
• Support DevSecOps pipelines, IaC security, container/Kubernetes hardening.
• Oversee patch management and configuration compliance.
• Embed security into system design, development, and deployment, including AI features.
• Educate employees and tech teams on emerging threats and secure practices.
• Run phishing simulations, security workshops, and compliance training.
• Promote a security-first culture.
• Summarize security posture data for leadership.
• Track KPIs like MTTD, MTTR, SLA adherence.
• Provide dashboards and reports for leadership, clients, and regulators.
• Conduct root cause analysis and implement lessons learned.
• Drive continuous improvement via automation, AI adoption, and process optimization.
• Possess 10+ years of IT security experience.

Perks & Benefits

• Health & Wellness: Health care coverage designed for the mind and body.
• Flexible Downtime: Generous time off helps keep you energized for your time on.
• Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
• Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
• Family Friendly Perks: Perks for partners and little ones, with best-in-class benefits for families.
• Beyond the Basics: From retail discounts to referral incentive awards.

About the Role:

Grade Level (for internal use):

13

The Role: Lead Information Security Engineer

The Team: We are seeking a Senior IT Security Engineer to strengthen our AI, cloud, application, and development security posture. This role will serve as a key liaison between the centralized Enterprise Solutions security operations team and product engineering teams, driving the design and implementation of secure solutions and remediation activities across AI, cloud, infrastructure, and application environments.

The Impact: This is an excellent opportunity to join Enterprise Solutions as we transform and harmonize our infrastructure into a unified place while also developing your skills and furthering your career as we plan to power the markets of the future.

What’s in it for you: In this role, you’ll have the opportunity to shape the Enterprise Solutions AI, cloud, and application security strategy, directly influence product design and remediation efforts, and collaborate across engineering teams to strengthen our overall security posture. You’ll play a critical role in bridging security with product development, giving you visibility, impact, and influence across the enterprise.

Responsibilities: This role is responsible for partnering with product engineering teams to design and implement security remediation activities, while serving as the bridge between centralized security and development. The position focuses on applying cloud, application, and development security principles to ensure secure architectures, effective risk mitigation, and consistent adoption of security best practices across product environments.

• Governance & Risk Management
• Act as a liaison between the centralized security function and product development and infrastructure support teams.
• Contribute to defining and maintaining security standards, patterns, and best practices, including secure AI development guidelines.
• Review and advise on secure architecture, identity and access management, AI model/data protections, and cloud configurations.
• Define and enforce security policies, standards, and procedures.
• Conduct risk assessments, threat modeling, and security posture evaluations.
• Communicate security requirements and risks effectively to both technical and non-technical stakeholders.
• Support security assessments and provide recommendations for risk mitigation across cloud, application, and AI workloads.
• Align security practices with frameworks (NIST CSF, ISO 27001, CIS Controls, COBIT).
• Ensure compliance with regulations (GDPR, HIPAA, SOC 2, PCI DSS, SOX).

• Security Operations (SecOps)
• Monitor, detect, and respond to threats via SOC and SIEM tools (e.g., Splunk, Sentinel).
• Manage incident response lifecycle: detection, containment, eradication, recovery, and lessons learned.
• Perform vulnerability scanning, penetration testing, and red/blue team exercises.
• Integrate AI-driven threat intelligence, anomaly detection, and exploit likelihood scoring (e.g., EPSS).
• Partner with engineering teams to design and implement security remediation activities.

• Infrastructure & Application Security
• Secure networks, endpoints, databases, and cloud-native workloads.
• Apply encryption, data loss prevention (DLP), and secure coding standards.
• Support DevSecOps pipelines: automated scanning, IaC security, container/Kubernetes hardening.
• Oversee patch management and configuration compliance processes.
• Collaborate with product engineers to embed security into system design, development, and deployment, including AI-enabled features.
• Awareness & Training
• Educate employees, tech teams, and clients on emerging threats and secure practices.
• Run phishing simulations, security workshops, and compliance training.
• Promote a culture of security-first thinking across the enterprise.

• Metrics, Reporting & Continuous Improvement
• Understand and be able summarize security posture data for a large application and infrastructure portfolio to senior level leadership.
• Track KPIs such as mean-time-to-detect (MTTD), mean-time-to-respond (MTTR), SLA adherence.
• Provide dashboards and reports for leadership, clients, and regulators.
• Conduct root cause analysis post-incident and implement lessons learned.
• Drive continuous improvement through automation, AI adoption, and process optimization.

What we’re looking for:

• Strong knowledge of cloud security, with emphasis on AWS services and architecture.
• Experience with AI security frameworks and guidance (e.g., NIST AI RMF, OWASP Top 10 for LLM Applications, MITRE ATLAS).
• Experience in application and development security, including secure coding practices and CI/CD integration.
• Working knowledge of IAM, container security, AI/ML security considerations, SAST/DAST tooling, and DevSecOps practices.
• Understanding of AI risk areas (model misuse, data poisoning, privacy leakage, prompt/content manipulation) and emerging mitigation strategies.
• Proven ability to collaborate with engineering teams to deliver security solutions and remediation.
• Broad understanding of security domains, with the ability to evaluate and recommend tools and processes, including those supporting AI workloads.
• Strong problem-solving, communication, and cross-functional collaboration skills.
• 10+ years of IT security experience, with demonstrated success in senior or strategic security engineering roles.

About S&P Global Market Intelligence

At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, and make decisions with conviction.

For more information, visit www.spglobal.com/marketintelligence.

What’s In It For You?

Our Purpose:

Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world.

Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.

Our People:

We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.

From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference.

Our Values:

Integrity, Discovery, Partnership

At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals.

Benefits:

We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.

Our benefits include:

• Health & Wellness: Health care coverage designed for the mind and body.
• Flexible Downtime: Generous time off helps keep you energized for your time on.
• Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
• Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
• Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
• Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries

Global Hiring and Opportunity at S&P Global:

At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets.