Vendor Information Risk Manager
New York, NY
Posted May 31, 2022 - Requisition No. 102179
Vendor Risk Management (VRM) is part of the Chief Risk and Compliance Office (CRCO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of Information Security, Operational Resilience and Data Privacy risks introduced by vendors and other third party service providers.
What's The Role?
We are looking for a Vendor Information Security Risk Manager with a background in Information Security and Technology Risk Management. You will drive assessment and remediation activities across our vendor population while contributing to strategic initiatives to enhance the overall Vendor Risk program in line with our transformation roadmap. Your work will add value to business units that use third parties to achieve their goals, by helping them appropriately manage vendor risk.
We'll Trust You To:
- Conduct assessments, continuously monitor and report on Vendor Information risks for one or more Business Units to which you will be assigned coverage
- Coordinate risk mitigation activities with vendors and Bloomberg Business Units
- Interpret, train and enforce compliance with Bloomberg Vendor Risk Management Standard and Procedures
- Cultivate and leverage relationships with CISO, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives.
- Lead key VIRM activities and demonstrate understanding of the top and material information risks affecting Bloomberg and our clients
- Act as subject matter expert on VIRM matters supporting Business Unit(s) for which you are responsible
- Provide advisory support to Business Unit(s) on risk
- Provide and coordinate input to key compliance, legal and regulatory initiatives.
- Demonstrate existing or develop targeted material to deliver actionable risk reporting to Business Units as needed
- Participate in select risk committees / working groups
You’ll Need To Have:
- Bachelor’s degree or Master’s degree in Computer Science, Information Security, Business Management or equivalent industry experience
- 6+ years of experience working in the field of Risk Assurance, Risk Management, Internal Audit or other Compliance-related experience
- An understanding of Cloud Computing and how to assess cloud-related risks
- Familiarity with Federal regulations regarding third-party service providers
- Familiarity with Information Risk Frameworks (NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS)
- Familiarity with Data Privacy regulations and industry standards (e.g. HIPAA, GDPR, CCPA)
- Familiarity with Vendor Risk Assessment Frameworks/Tools (e.g. SIG/SIG Lite, CAIQ, CIS20, VSAQ, NIST 800-171)
- Technical knowledge in multiple risk domain areas such as application, architecture, system and network security, identity/access management etc.
- Security knowledge on current threats, trends, and mitigations
- Skilled in risk management, technical risk analysis, and making complex business/risk trade-off recommendations and decisions
- Understanding of impact of financial, technology and privacy regulations on Fintech products and services
- Demonstrated ability to lead and influence others
We’d Love to See (pluses):
- An understanding of supplier agreements, contractual terms and service level agreements
- Senior level written and verbal communication skills
- Demonstrated leadership, teamwork and collaboration skills
- Experience in generating automated metrics to measure IT security effectiveness and operational resilience
- Experience with Cloud-based IT architectures and security products
- Is independently driven, resourceful, and able to deliver results with minimal oversight
- Is able to develop and maintain internal and external relationships
- Is able to communicate clearly and effectively with Procurement, Engineering, Product management, and senior business leaders
- Has a strong sense of ownership, urgency, and drive
- Possesses industry certifications (CISSP, CISM, CTPRP, CIPP, CISA, GSEC, GIAC e.t.c.)
- Has an inquisitive mindset with interest in continuous learning and development
If This Sounds Like You:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:
Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.
Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to
discuss this confidentially, please email firstname.lastname@example.org.