Manager - Infrastructure and Cloud Security Audit
S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Global Head - Technology Audit & Data Analytics, you will be part of a global and diverse team with coverage for enterprise-wide Technology. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, Malaysia & Taiwan. The Technology Audit & Analytics team is a critical unit of the global Audit function and performs audits focusing on S&P Global Technologies (IT Infrastructure, Applications, Cyber Security).
This role will be part of technology audit team, focusing on audit plan management and execution of Technology audits globally. Further, this role will provide senior executives a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity.
What’s in it for you:
The role provides extraordinary learning opportunities and the ability to work with senior management across the Company. If you’re right for this role, you will meet and work with people across the Company in interesting and meaningful engagements. You’ll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities and data analytics practices to improve the audit testing techniques. The role provides opportunities to be flexible by adopting Agile methodology to perform audits. This role will be primarily accountable for S&P Global internal audits execution (planning, fieldwork, and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Infrastructure and Cloud Security and the associated risks for the SPGI Technologies across the globe. The incumbent will be expected to oversee independent audit and work effectively with members of the Audit Leadership team.
Assist in execution of Infrastructure & Cloud Security Audit with responsibility of ensuring the efficient and timely delivery of the approved Audit Plan.
Execute end-to-end audits as per the annual audit plan in the timely manner.
Review the outcomes and audit results, interface with key auditees for the agreement of remedial action plans and help enable smooth audit execution.
Partnering with the S&P Global Divisions/Corporate Technology functions to deepen stakeholder engagement.
Assist the Global Head - Technology Audit in development of the Annual Audit Plan by ensuring appropriate risk assessment of Technology Infrastructure, Cloud Technologies, IT Process, Operating Systems, Databases, Network Devices, Platforms and supporting technology systems in the enterprise.
Utilize digital next generation auditor capabilities, adopt agile practices, data analytics and automation to improve efficiency and quality of Audit execution.
Participate in external as well as Internal forums for staying up to date on Information and Cyber Security strategy, Compliance, Forensics, Internal Auditing, emerging trends, and successful practices in audits related to Information Security reviews.
Assist others in identifying and solving complex problems using audit expertise, judgment, and precedents.
Works with senior management of the business, external auditors, regulators, and professional counterparts to complete audits.
What We’re Looking For:
8+ years of experience handling large audit projects working with multi-function teams across diverse geographical regions.
Experience in financial services industry with deep industry knowledge and best practices in audit execution
Knowledge of risk management frameworks, regulatory requirements, Cloud Deployment Model (IaaS, PaaS, SaaS) and proficiently carrying out IT Cloud Architecture and Security Controls audit.
Experience of establishing an IT Process, Infrastructure, Cloud Architecture and Security Professionals function with responsibility of setting up audit practices, resources needed, team members required, etc.
Experience and deep understanding of vulnerability assessment / penetration testing tools such as Burpsuite, Metasploit, NMAP, Nessus, etc.
Use of data analytics tools such as Alteryx and Tableau is a plus.
Excellent report writing skills a must; good understanding of technology and proficient spreadsheet skills
Strong work ethic, initiative, teamwork, and flexibility to assist IA department in meeting organizational goals.
Excellent team collaboration skills and ability to work with people in a way that inspires, develops, and delivers results; demonstrated track record of integrity, innovation, and excellence.
A bachelor’s/master’s degree in Computer Science, Information Technology or related major
Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional – CISSP, Cloud Architect, Cloud Security, Cloud Audit and Compliance, Cloud Security Professional, Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC)
About S&P Global Corporate:
At S&P Global, we don’t give you intelligence—we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit www.spglobal.com
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: [email protected]
and your request will be forwarded to the appropriate person.
US Candidates Only:
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)
Mumbai, Maharashtra, India