Lead,InformationSecurity

# **About the Role:** **Grade Level (for internal use):** 11 About the Role: The Team: The SPGI Market Intelligence InfoSec team works to increase value in our products through strong security posture. When we can show our customers their information is well protected with us, they are more apt to bring new opportunities. Additionally, our work to reduce risk contributes to the value returned to our customers and shareholders. We engage closely with product teams to deliver security practices, capabilities, and advisory services to continually improve and ensure security is incorporated throughout the product lifecycle. Responsibilities and Impact: * Responsible AI * Secure AI and Agentic AI system development * Build and drive a coherent, scalable application security and SecDevOps program across the division, ensuring alignment with the corporate security strategy, capabilities, and policies. * Champion the adoption of security practices within the DevOps cycle to proactively address risks and enhance the security posture of development projects. * Design and promote secure coding practices, training and assets for application development teams. * Implement threat modeling practices to identify and assess potential security threats early in the development lifecycle. This proactive approach will facilitate the design of robust security controls, ensuring that applications are resilient against emerging threats. * Manage and report on application security performance, metrics, and KPIs. Required Qualifications: Hands on Experience & ability to run: * AI and Agentic AI Security reviews * Cloud Security * Dynamic vulnerability assessments (DAST) * Static vulnerability assessments (SAST) – Code reviews * Software composition analysis (SCA) * Mobile vulnerability Assessments (MVA) – IOS & Android * Penetration Testing * Product engagement * Engage closely with business units to understand their security requirements and align security capabilities accordingly. * Identi