S&p global corporate
technology control officer
the team: digital solutions (ds) is an enterprise-shared technology service enabling people, functions, and divisions. We drive s&p global to power the markets of the future by working as trusted partners delivering secure, scalable, resilient, and innovative services and solutions that enable seamless experiences for our people and customers.
responsibilities:
exception management
- oversee the filing, tracking, and closure of exceptions within the organization's risk framework.
* ensure timely resolution of exceptions while maintaining compliance with internal policies and external regulations.
audit coordination
- serve as the primary point of contact for all internal and external audits related to technology controls.
* coordinate audit activities, including preparation of documentation, facilitating meetings, and addressing audit findings.
* ensure successful completion of audits by validating corrective actions and issue remediation.
issue management
- manage the issue management process (e.g., maps), including filing, tracking progress, and ensuring timely closure of issues.
* conduct root cause analyses for identified issues and implement corrective actions to prevent recurrence.
* develop structured resolution plans for high-priority issues and monitor their execution.
vulnerability management
- prioritize and track all identified vulnerabilities across the organization's it systems.
* collaborate with it teams to ensure timely remediation of vulnerabilities based on severity and risk impact.
self-assessments
- execute regular self-assessments to evaluate the effectiveness of existing controls.
* identify gaps or weaknesses in controls and recommend improvements to mitigate risks.
disaster recovery (dr) & business continuity (bc) testing
- plan, execute, and document dr/bc testing exercises to ensure organizational resilience during disruptions.
* identify gaps during testing and implement strategies to enhance recovery capabilities.
control management & sox testing
- oversee the lifecycle of controls, including designing new controls or modifying/retiring existing ones.
* conduct sox (sarbanes-oxley) testing to ensure compliance with financial reporting requirements.
* collaborate with stakeholders to maintain adherence to it general controls (itgcs) and other regulatory standards.
what we're looking for:
basic required qualifications:
- bachelor's degree in a relevant field such as engineering, business, or information technology.
* 6+ years of experience in technology risk management and internal controls implementation, including both building and operating a function.
* proven ability to convey complex risk topics to varied audiences, including executive leadership and technical teams.
* successful track record in a global environment, with strong relationship-building and communication skills.
* exceptional analytical skills and problem-solving abilities, with experience in high-pressure environments.
certifications (preferred)
- cisa (certified information systems auditor)
* cissp (certified information systems security professional)
* crisc (certified in risk and information systems control)
* cism (certified information security manager)
location: cdmx - santa fe (2-3 days onsite a week)