Lead InfoSec Engineer, Vulnerability Management
New York City, NY - USA
Job Summary
About the Role:
Grade Level (for internal use):
11The Team:
Our Information Security team is a growing corporate enterprise function that operates cross-divisionally to enable business success through proactive security practices. Were transforming our approach from reactive response to proactive risk management building technology-enabled environments that support innovation while maintaining a strong security posture. As a collaborative team we partner across all divisions to ensure security becomes an enabler rather than a barrier to business objectives.
Responsibilities and Impact:
Lead enterprise-wide vulnerability management lifecycle across infrastructure cloud and application environments providing strategic oversight and risk-based prioritization to protect critical business assets
Drive cross-functional collaboration with application teams IT managers and business stakeholders to ensure timely vulnerability remediation while balancing security requirements with business priorities
Develop comprehensive reporting and metrics programs using multiple data sources to provide executive leadership with clear visibility into organizational security posture and risk trends
Mentor and guide junior security professionals while contributing to program maturity through process improvements governance frameworks and tooling strategy development
Support regulatory compliance and audit activities by ensuring alignment with enterprise security policies industry standards and emerging technology risk management requirements
Establish and monitor key performance indicators for vulnerability remediation creating accountability frameworks that drive measurable improvements in security outcomes
What Were Looking For:
Basic Required Qualifications:
7 years of operational security experience in vulnerability management application security testing or technical project management within large-scale distributed enterprise environments
Deep expertise in vulnerability assessment frameworks including CVE CVSS CWE and experience with enterprise vulnerability management platforms such as Qualys Tanium Rapid7 or similar solutions
Strong application security knowledge with ability to assess risk map vulnerabilities to exploitation techniques and translate complex technical findings into actionable business recommendations
Experience with application security testing tools including DAST/SAST platforms such as Fortify Checkmarx Veracode or equivalent application security testing solutions
Bachelors degree in Computer Science Cybersecurity Information Technology or equivalent professional experience in information security roles
Proven leadership and influence capabilities with demonstrated ability to drive cross-functional initiatives and stakeholder alignment without direct authority
Excellent analytical and communication skills with the ability to present security risks and recommendations to both technical teams and executive audiences
Relevant information security certifications such as CISSP CISM CEH GCIH or equivalent industry-recognized credentials
Additional Preferred Qualifications:
Advanced vulnerability management expertise with experience leading complex assessments across on-premises and cloud environments including network application and configuration scanning with a deep understanding of remediation strategies
Proficiency in security reporting and analytics tools such as Power BI Tableau or similar platforms for developing executive-level dashboards and security metrics visualization
Strong knowledge of information security frameworks including NIST Cybersecurity Framework ISO 27001 and risk management methodologies with experience supporting audit and regulatory compliance activities
Foundational understanding of emerging technologies including cloud platforms AI/ML systems and associated security risks such as model vulnerabilities and data protection considerations
Compensation/Benefits Information:(This section is only applicable to US candidates)
S&P Globalstatesthat theanticipatedbase salary range for this position is $125000 to $145000. Final base salary for this role will be based on the individuals geographic location as well as experience level skill set traininglicensesand certifications.
In addition to base compensation this role is eligible for an annual incentive plan.
This role is eligible to receiveadditionalS&P Global benefits. For more information on thebenefitswe provide to our employees please clickhere.
Whats In It For You
Our Mission:
Advancing Essential Intelligence.
Our People:
Were more than 35000 strong worldwideso were able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. Were committed to a more equitable future and to helping our customers find new sustainable ways of doing business. Join us and help create the critical insights that truly make a difference.
Our Values:
Integrity Discovery Partnership
Throughout our history the worlds leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do bring a spirit of discovery to our work and collaborate in close partnership with each other and our customers to achieve shared goals.
Benefits:
We take care of you so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global.
Our benefits include:
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay retirement planning a continuing education program with a company-matched student loan contribution and financial wellness programs.
Family Friendly Perks: Its not just about you. S&P Global has perks for your partners and little ones too with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awardssmall perks can make a big difference.
For more information on benefits by country visit: Hiring and Opportunity at S&P Global:
At S&P Global we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills experience and contributions. Our hiring practices emphasize fairness transparency and merit ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration we drive innovation and power global markets.
Recruitment Fraud Alert:
If you receive an email from a domain or any other regionally based domains it is a scam and should be reported to. S&P Global never requires any candidate to pay money for job applications interviews offer letters pre-employment training or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines fraudulent domains and how to report suspicious activityhere.
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity color religion sex sexual orientation gender identity national origin age disability marital status military veteran status unemployment status or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability please send an email to:and your request will be forwarded to the appropriate person.
US Candidates Only:Know Your Rights: Workplace discrimination is illegal
Required Experience:
IC
About Company
We provide Essential Intelligence: a combination of the right data, connected technologies and experts to enable our customers to make decisions with conviction.