S&P Global Corporate
Senior Vendor Cyber Risk Analyst
As part of Corporate Risk Management / Business Delivery Risk Management, the Vendor Cyber Risk Management team manages the Supply Chain Cyber risks by performing risk assessments of third-party engagements to identify and reduce the risks posed by third parties. This is an extremely important role, considering the fact that 63% of data breaches happen due to third parties. It involves working with internal stake holders as well as third parties to achieve the results.
This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors.
Whatâ€™s In It For You
Third party risk management is one of the fast-growing areas in financial services companies. The rapid pace of adoption of cloud applications (SaaS) and Business Process Outsourcing (BPO) has made this even more critical as regulators pay a lot of attention as to how companies manage third-party risk.
What Weâ€™re Looking For:
- Bachelorâ€™s degree in Computer Science or engineering or equivalent
- Experience: Minimum 8 years of experience in Information Technology or Risk Management, out of which a minimum of 4 years with Information Security or Technology Risk Management
- Experience with Information Security and/or Technology Risk Management, servicing US-based large financial services companies
- Ability to assess controls with respect to cloud applications as well as organization-wide controls
- Demonstrable understanding of the concepts of technology controls and information security controls
- Strong communication skills are a must. The resource should be able to effectively communicate with cross-functional teams and external vendors, both written and oral communication is critical
- The candidate is required to act as a â€œGo toâ€ person for rest of the team.
- The candidate is also expected to perform complex risk assessments of cloud service providers.
- Ability to come up with risk metrics, to enhance our existing procedures is highly desired.
- This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours
- Exposure to cloud technologies and cloud security is highly desired; the familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Microsoft Azure or Google Cloud is highly preferred
Any prior exposure to vendor risk management is a plus
- Certifications: Information Security and risk management certification (e.g. ISACA/CRISC, SANS/GIAC, ISC2 CISSP, ISACA/CISA) is desirable but not a must
Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors
Return to Work:
Have you taken time out for caring responsibilities and are now looking to return to work? As part of our Return to Work initiative (link to career site page when available), we are encouraging enthusiastic and talented returners to apply, and will actively support your return to the workplace.
The Grade :
About Company Statement:
S&P Global delivers essential intelligence that powers decision making
. We provide the worldâ€™s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, youâ€™ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to:
and your request will be forwarded to the appropriate person.
US Candidates Only:
The EEO is the Law Poster
describes discrimination protections under federal law.
20 – Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 – Middle Professional Tier I (EEO Job Group)