S&P Global Manager, Technology Risk Management in New York, New York


Manager, Technology Risk Management (RCSA)

The Location:

Denver, Colorado

The Position:

S&P Global is seeking an experienced technology risk management manager that will work with our technology risk management team to develop and maintain key technology risk programs and activities for the second line of defense. The Technology Risk Management function is part of the Corporate Risk Management function. Specifically, the candidate will be responsible for with the design, development, implementation, and management of the Enterprise wide IT Risk and Controls Self-Assessment Framework and Process as part of the second line of defense. The candidate will collaborate with key information technology partners across the organization to understand the technology risk landscape, control environment, programs and activities. The candidate must have an understanding of technology risks and controls, risk management concepts, and information technology processes. Additionally, the candidate should be able to effectively collaborate with multiple stakeholders and have the ability to distill information for management and executive-level reporting.

Position Reporting:

reports to the Head of Technology Risk Management.

Key Responsibilities:

  • Design, develop, and implement the Enterprise wide IT Risk and Controls Self-Assessment (RCSA) Framework and Process.

  • Work with the first line of defense to operationalize the RCSA program and provide oversight over the program.

  • Support ongoing enhancement to the RCSA program.

  • Participate in risk working groups to help promote, champion the technology risk agenda across the organization and help enhance the overall risk culture.

  • Support the standardization of risk controls, risk management processes and procedures, and ensure adherence to company policy and procedures.

  • Partner with Enterprise Risk Management (ERM) to understand RCSA requirements and tailor requirements for IT.

  • Develop training, reference materials, and tools to support the IT RCSA program.

  • Provide program support to Division IT and Business during the RCSA assessment.

  • Develop applicable KRIs to monitor the RCSA program.

  • Develop RCSA dashboards and reporting mechanism to provide an aggregate and individual view of RCSA results and trends.

  • Perform post-mortem analysis on RCSA results to provide trends and improvement opportunities across our business lines and across the Enterprise.

    • Lead projects and - or activities that ensure continuous improvement and integration across our risk programs and risk management disciplines.

Basic Qualifications:

  • Experience in designing and developing, implementing, and managing technology risk programs and activities.

  • Experience knowledge of IT risks and controls.

  • Broad knowledge of relevant industry framework and technical standards (e.g. COBIT, RISK IT, ISO31000, NIST, COSO, etc.).

  • Knowledge of Cybersecurity (e.g. access management, data security, etc.), availability (e.g. incident and change management, capacity management), and business continuity risks and controls.

  • Strong knowledge of risk management processes.

  • Advance understanding and experience in MS Excel, MS access, SQL, Visual Basics.

  • Strong proficiency in PowerPoint and creating executive level dashboards.

  • Proficiency in data analysis, i.e. identifying relevant sources of data, performing analysis and report on findings.

  • Highly articulate with strong communication skills.

  • Consistently able to produce high quality deliverable's while working under pressure to tight deadlines and ambiguity.

  • Organized and self- motivated with ability to work independently, multi-task, and manage conflicting priorities

  • Ability to facilitate group discussions and debate across geographic, functional lines and levels.

  • 9 years plus of experience is Risk Management and 3 years plus information technology experience preferred

    • Bachelors - Undergraduate Degree

Preferred Skills - Experience:

  • Problem Solving:*

    Uses conceptual and innovative thinking (i.e., identifying new - different solutions) to solve issues. Looks beyond immediate problems for wider implications and determines best path forward.

  • Interpersonal Skills:*

    Ability to negotiate internally (fact based and credible). Needs to be a self-starter who can build relationships and uses judgement when working with key stakeholder and partners to gain consensus. Needs to have the qualities of a team player but be able to work independently.

    • Awareness of and experience with common Governance, Risk and Compliance (GRC) Platforms and tools used for data collection, aggregation and reporting.

    • Comfortable working with ambiguity and managing and resolving complex issues.

    • Experience in regulated industries or at Top 4 consulting firms is a plus.

Key Relationships:

  • Work with key stakeholder in Information Technology

  • Work with risk liaisons

  • Work with other control functions (Audit, BCM, Vendor Risk , ERM, Compliance)

  • Reporting to Head of Technology Risk Management

  • No direct reports, but strong influential skills required]

About S&P Global

At S&P Global, we don t give you intelligencewe give you essential intelligence. The essential intelligence you need to make decisions with conviction. We re the world s foremost provider of ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include:

  • S&P Global Ratings, which provides credit ratings, research and insights essential to driving growth and transparency.

  • S&P Global Market Intelligence, which provides insights into companies, markets and data so that business and financial decisions can be made with conviction.

  • S&P Dow Jones Indices, the world s largest resource for iconic and innovative indices, which helps investors pinpoint global opportunities.

  • S&P Global Platts, which equips customers to identify and seize opportunities in energy and commodities, stimulating business growth and market transparency.

To all recruitment agencies:

S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race - ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to:

EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.