Who we are?
The Vendor Information Risk Management team within the Risk/Compliance Department is a key control function within the overall Risk Management process at Bloomberg. We are responsible for reviewing and assessing security controls of third parties to ensure the security and integrity of our data while in the possession of our vendors and partners. As part of the ongoing third party assessments performed, we identify issues, assigns appropriate risk ratings, and documents them according to Risk/Compliance Department’s Issue Management process.
What's the role?
We are looking for a Senior Information Security professional with a solid background in Information Security and Risk Management to help improve the overall Vendor Information Risk Management program and drive assessment and remediation activities across our vendor population.
You will be responsible for ensuring Bloomberg data remains secure and that all risks, vulnerabilities and defects are managed, tracked, and remediated according to policy and/or best practices. You should have experience with risk management concepts and processes and a background in IT risk, security architecture or external/internal audit, as well as a significant understanding of widely accepted security frameworks and standards (e.g. NIST, ISO, etc.).
We'll trust you to:
- Conduct risk assessments for vendors, identify and document control gaps, and present results to support management action, escalation and risk acceptance processes
- Partner with businesses across the enterprise to evaluate the information security risks associated with their vendor engagements.
- Review vendor due diligence materials ( i.e. SSAE 16 reports, penetration testing reports, etc.), identify potential issues and follow up for unresolved issues
- Interpret, identify, and prioritize risk based on impact and likelihood
- Work directly with key business leaders to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information risk management.
- Partner with various support groups and the vendors to resolve appropriate risk remediation activities to address identified risks
- Validate evidence from vendors prior to closing out remediation plans
- Develop Senior Management reports including defining and tracking program based metrics (e.g., assessments completed within SLA, challenges, etc.)
- In partnership with key partners across the enterprise (Vendor Management, Procurement, Legal, etc.), identify process and technology enhancements to drive efficiencies Ensure close coordination with Bloomberg Risk Management on aligning risks, issues, enterprise reporting, etc.
You’ll need to have:
- Bachelor’s degree in Information Technology, Information Security, Business or Risk Management (or equivalent experience) with a minimum of 7+ years related work experience required
- Comprehensive Knowledge of Information Security standards and frameworks (NIST CSF, 800-53, Shared Assessments, ISO, etc.) with an understanding of the ‘’why’ behind the controls and not just the controls themselves.
- Experience assessing cloud based service providers
- CISSP, CISM or other relevant Information Security certification
- Technical and/or IT audit background and practical knowledge of a variety of technologies including operating systems, server, network and web infrastructure, database architectures, intrusion detection and prevention systems
- Solid experience in one of the following: firewall, system, and network architectures and other security best practices, Understanding of software development life-cycle and application security, Infrastructure-as-a-Service and Software-as-a-Service security concepts
- Organized, detail-oriented with ability to understand big picture and make risk appropriate tradeoffs.
- Experience with Governance Risk and Compliance tools (e.g. Archer, MetricsStream, etc.)
- Strong interpersonal and oral/written communication skills with the ability to build relationships at all levels
- Experience handling client/partner relationships and expectations
- Ability to negotiate
- Able to work independently
- Strong analysis and problem solving skills
If this sounds like you:
Apply - If we believe you are a good match we'll get in touch to let you know the next steps.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status
To learn more, visit our YouTube channel “Inside Bloomberg” www.youtube.com/InsideBloomberg