Counsel – Vendor Risk and Data Security
Posted Oct 7, 2021 - Requisition No. 96210
Bloomberg’s Legal & Compliance Department plays a critical role in supporting our businesses and operations around the world. We move quickly and thoughtfully to help address a variety of complex legal issues that come with being the world’s leading financial news and information company. Our team is made up of talented and hardworking professionals who think creatively and work collaboratively in an open environment to deliver results, drive innovation, and solve difficult problems. Diversity and inclusion are essential to our success, and we strive to maintain an environment where all our employees are empowered to make an impact. We also believe that helping those in need is a fundamental obligation of legal professionals, as evidenced by our award-winning pro bono program!
The Data Security team within Bloomberg's Legal Department advises the Company on cybersecurity, data use and governance, information security, data localization and sovereignty, telecommunications/transmission, electronic communications, voice services, and broadcast regulatory requirements on a global basis. Our team is involved in every stage of product development and data management processes, including vendor data and risk management, vendor and customer agreements, data center and networks management, product design, incident management, technical security, access controls, broadcast radio regulatory compliance, and employee matters. We work closely with Bloomberg’s Chief Technology, Chief Risk & Compliance, Vendor Risk Management, Cloud Governance, Information and Product Security, and TV and Radio teams to ensure awareness of and compliance with industry trends and regulations, implement global training programs, and manage cybersecurity and data risk across the business.
The Vendor Risk and Data Security counsel will focus on digital and technology transactions, supporting commercial counsel utilizing your subject matter expertise on data security, data use, cross-border data transfer, data localization, and related issues.
Be the responsible Legal subject matter expert on vendor cybersecurity and data use risk, which includes:
- Support the Commercial Contracts Legal team to negotiate information security, data governance, data location, cross-border data transfer, data transmission, and privacy language in vendor agreements, including SaaS agreements, software and technology licenses, MSAs, content licenses, e-commerce agreements, and GDPR SCCs.
- Support the Networks and Data Center teams to negotiate technology agreements, including connectivity, voice and telecommunications services and co-locations. You will advise the Vendor Incident Response team, advising on vendor incident events, remediation activities, and breach and incident notifications. You will:
- Ensure Bloomberg’s information security policy and regulatory compliance across vendor engagements
- Assist the Vendor Risk Team to maintain and update its vendor risk assessment process.
- Identify trends and developments in regulatory requirements and industry practices to improve vendor information security risk management and incident response processes
- Participate with the Vendor Risk team in tabletop and related exercises to test the vendor risk management program. Be a proactive and knowledgeable member of the team and assist to:
- Provide day-to-day cybersecurity, data risk management, and vendor agreement negotiations advice.
- Assisting to develop and deliver recorded and in-person trainings in connection with your practice areas
You’ll need to have:
- Membership in the New York State Bar or the necessary qualifications to register as in-house counsel, and willingness to work in New York, NY
- 4-8 years of legal experience in technology contracting involving information security (e.g. software, hardware, SaaS, IaaS, fintech, sponsorship, licensing, telecommunications)
- Subject matter expertise in transactional, cybersecurity, information security, data governance, data location, data transmission, privacy (eg, GDPR SCCs, data transfers), and incident response laws, rules, regulations, and industry standards
- Ability to respond quickly and pragmatically to urgent situations. Ability to prioritize and resolve issues promptly and effectively
- Ability to explain complex concepts, build consensus, think creatively, and collaborate to address company needs, including with security and risk professionals, engineers, data scientists, software developers, product developers, Human Resources, and other teams
- Curiosity, interest, engagement, and the ability to investigate and surface business needs, gaps, and risks in connection with vendor use
- Ability to adapt to a changing environment and willingness to develop new skills and expertise
- Desire to become a key contributor to the success of our team and company
We’d love to see:
- Experience advising on telecommunications and security issues related to managing data centers, network, and data transmission infrastructure
- Experience with telecommunications, broadcast, voice, ISP, and/or cloud usage regulatory requirements, licensing, and compliance.
- Experience working with regulated financial institutions, software, or other technology companies
- Experience negotiating data, privacy, and cybersecurity related terms in mergers & acquisitions, third party partnerships
- Law firm and In-house experience
If this sounds like you:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: http://www.bloomberg.com/professional
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.