Cybersecurity Compliance and Controls Analyst The Location
: Denver, CO (Hybrid); Remote- US Grade
: 12 The Impact:
This position provides support and guidance to the Market Intelligence organization SOC program across numerous product areas specifically focused on control areas of the enterprise, cybersecurity and IT operational controls. Oversight will also be provided for internal audits as well as other associated compliance frameworks. Responsibilities:
What We're Looking For: Basic Qualifications:
- Develops controls, identifying gaps and tracking items to resolution for the MI Division.
- Identify process gaps and facilitate improvements by working across groups and other departments.
- Monitor the work with stakeholders and staff to maintain the remediation plans and produce periodic status and compliance reports.
- Develop and provide knowledge, knowledge resources, and guidance to MI staff regarding control activities.
- Establish relationships and interact with all levels within multiple groups to ensure compliance activities are understood and completed appropriately, building consistent and accurate responses for audits.
- Perform various control assessments as required to test compliance capabilities for various processes and systems.
- Manages the overall control framework documentation as it relates to SOC and owns the associated evidence for virtual data library.
- Develops a self-service model for various product groups for common evidence.
- Work closely with Internal Audit in control areas that support SOC audits as well as for product audits.
- Standardized the SOC controls across products and auditors.
- Provide ongoing support and guidance to the product areas in all aspects of SOC reporting and audits.
- Partners with the audit firms through the lifecycle of the various audits and manages their overall performance as well as the point for escalations.
- Preliminarily assess 3rd party providers to the product areas.
- Ensure that training and coaching programs are developed, implemented and effective for targeted staff to understand and support the control environment.
- Function as a strong contributor to the MI Cyber Risk and Compliance team, participating in special projects and task forces as required. Support, communicate, reinforce, and defend the mission, values, philosophy and culture of the organization.
- Assist in maintaining compliance documentation including policies, standards, and procedures, reports, etc.
- Undertake additional work as directed.
Compensation and Benefits Information:
- Minimum 10+ years overall business experience showing flexibility and broad exposure to various areas
- Minimum 10+ years' experience in IT/Information Security roles involving execution or oversight of controls, program management or other compliance activities.
- Significant experience in cloud technology
- Strong knowledge of application development, infrastructure, and cyber security.
- Knowledge of technology/security related regulations and standards like ISO 27001 and 27002, SOX, and SOC Type 2 reports
- Bachelor Degree, or equivalent prior work experience
- Good interpersonal skills - must be able to work effectively as part of or leading a virtual project/program team and foster team cooperation.
- Desire to learn about and stay current with a complex and rapidly changing environment.
- Problem-solving skills, creative and collaborative in finding solutions related to complex and multilayered problems.
- Critical thinking with the ability to use logic and reasoning to identify strengths and weaknesses of alternative solutions, conclusion, or approaches.
- Ability to work in a geographically dispersed team and independently with minimum supervision.
- Ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems while remaining well organized.
- Sound business judgment and ability to make independent decisions
- Attention to detail
- Microsoft Office Suite, particularly Excel and SharePoint
S&P Global states that the anticipated base salary range for this position is $103,800 - $206,350. Base salary ranges may vary by geographic location.
In addition to base compensation, this role is eligible for an annual incentive bonus.
This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, visit
https://www.spgbenefitessentials.com/newhires About S&P Global Market Intelligence:
At S&P Global Market Intelligence, we know that not all information is important-some of it is vital. Accurate, deep and insightful. We integrate financial and industry data, research and news into tools that help track performance, generate alpha, identify investment ideas, understand competitive and industry dynamics, perform valuation and assess credit risk. Investment professionals, government agencies, corporations and universities globally can gain the intelligence essential to making business and financial decisions with conviction.
----------------------------------------------------------- Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only:
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID:
283333 Posted On:
Virtual, Colorado, United States