S&P Global Corporate The Role
: Senior Vendor Cyber Risk Analyst The Team:
As part of Third-Party Risk Management (TPRM) program, the "TPRM - Cyber Risk" team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and mitigate the risks posed by third parties. This is an extremely important role, considering the fact that 63% of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results. The Impact:
This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors. What's in it for you:
Third Party Risk Management is one of the areas in financial services companies that are fast gaining prominence. The rapid pace of adoption of cloud applications (SaaS) and Business Process Outsourcing (BPO) has increased the Third-Party risks and made this even more critical as regulators pay a lot of attention as to how companies manage third-party risk. What We're Looking For: Basic Qualifications:
- Bachelor's degree in Computer Science or engineering or equivalent
- Experience: Minimum 5 years of experience in Information Technology or Cybersecurity, or Risk Management, out of which a minimum of 3 years with Information Security or Risk Management
- Experience with Information Security and/or Technology Risk Management, servicing US-based large financial services companies
- Ability to assess controls with respect to cloud applications as well as organization-wide controls
- Demonstrable understanding of the concepts of technology controls and information security controls
- Strong communication skills are a must. The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical
- This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours
- Exposure to cloud technologies and cloud security is highly desired; expertise with public cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred
- Any prior exposure to Third Party Risk Management is a plus
- Certifications: Information Security and risk management certification (e.g., ISACA/CRISC, SANS/GIAC, ISC2 CISSP, ISACA/CISA) is desirable but not a must
- Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors
: Kuala Lumpur OR Penang About Company Statement: S&P Global delivers essential intelligence that powers decision-making.
We provide the world's leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you'll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape. S&P Global Corporate:
At S&P Global, we don't give you intelligence-we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit www.spglobal.com .
S&P Global has a Securities Disclosure and Trading Policy ("the Policy") that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policy's requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. Equal Opportunity Employer:
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com
and your request will be forwarded to the appropriate person. US Candidates Only:
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.