S&P Global
Associate Director - Lead Application Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About S&P Global
S&P Global Inc. is a prominent American corporation based in Manhattan, New York, specializing in financial information, analytics, credit ratings, benchmarks, and intelligence in energy and commodities. Founded in 1860 by Henry Varnum Poor, the company has evolved significantly, particularly after the merger that created Standard & Poor's in 1941. It has grown from a niche provider of railroad data to a global leader serving various markets. The company offers Essential Intelligence®, which combines data, technology, and expertise to provide insights for risk management and opportunities across global markets. Its divisions include Market Intelligence, Ratings, Commodities and Energy, and Private Markets, serving a diverse clientele that includes 100% of Fortune Global 100 and 80% of Fortune Global 500 companies. S&P Global operates in over 150 countries and is committed to integrity, discovery, and partnership in its operations.
Security at S&P Global
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- S&P Global's AppSec philosophy is centered on a proactive, "shift-left"approach, integrating security throughout the SDLC and fostering collaboration with developers.
- Their mission, led by the CISO, is to manage and enhance the enterprise security structure to prevent cybersecurity incidents and increase system resilience.
- They aim to enable developers to efficiently address vulnerabilities and adopt a multi-layered approach to risk management, continuously updating strategies to mitigate threats.
- Key goals include transitioning from reactive to proactive security postures and building a remediation support team that developers are eager to work with.
Security Team
The S&P Global AppSec team includes key leaders such as Pardhiv Reddy, Head of Application Security, and Krishna Chaganti, Associate Director of AppSec. The Head of Security Engineering reports to the VP of Business Information Security Officer (EDO BISO). While the exact team size is not publicly available, recent job postings indicate a focus on roles like Head of Security Engineering and Cloud & Application Security Engineer. Common skills sought include cloud security (AWS, GCP, Azure), application security (OWASP Top 10, SAST/DAST/SCA), container and API security, AI/ML security, threat modeling, red teaming, incident response, Python/Go scripting, secure SDLC, DevSecOps, and shift-left practices.
Key Initiatives
S&P Global actively integrates security testing earlier in the Software Development Lifecycle (SDLC) as part of its "shift-left"strategy. The team conducts threat modeling, red team exercises, and adversarial simulations, particularly for generative AI, to promote secure SDLC adoption. Their vulnerability management process involves handling dynamic and static assessments, coordinating vulnerability triage across thousands of assets, and contributing to community initiatives like DVDB and bug bounty programs. They also focus on building and mentoring security engineering teams for vulnerability management and unify application, cloud, and infrastructure security using Application Security Posture Management (ASPM). Furthermore, S&P Global leverages Agentic AI, including ArmorCode's Virtual Security Champion (Anya), to streamline access to security metrics and contextual data. There is no public evidence found regarding a Security Champions Program.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.