What’s the role?
The Vendor Information Risk Management team within the CRCO is a key control function within the overall Vendor Risk Management process at Bloomberg. The team is responsible for reviewing and assessing security controls of third parties to ensure the security and integrity of Bloomberg data while in the possession of our vendors and partners. As part of the ongoing third party assessments performed, the team identifies issues, assigns appropriate risk ratings, and documents them according to CRCO’s Issue Management process.
Bloomberg is looking for a Senior Information Security professional with a strong background in Information Security and Risk Management to help enhance the overall Vendor Information Risk Management program and drive assessment and remediation activities across the vendor population at Bloomberg.
The individual will be responsible for ensuring Bloomberg data remains secure and that all risks, vulnerabilities and defects are managed, tracked and remediated according to policy and/or best practices. The individual selected for this role must have experience with risk management concepts and processes and a background in IT risk, security architecture or external/internal audit as well as a significant understanding of widely accepted security frameworks and standards (e.g. NIST, ISO, etc.).
We'll trust you to:
- Conduct risk assessments for vendors, identify and document control gaps, and present results to support management action, escalation and risk acceptance processes Partner with businesses across the enterprise to evaluate the information security risks associated with their vendor engagements.
- Review vendor due diligence materials ( i.e. SSAE 16 reports, penetration testing reports, etc.), identify potential issues and follow up for unresolved issues
- Interpret, identify, and prioritize risk based on impact and likelihood
- Work directly with key business leaders to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regards to information risk management.
- Partner with various support groups and the vendors to determine appropriate risk remediation activities to address identified risks
- Validate evidence from vendors prior to closing out remediation plans
- Develop Senior Management reports including defining and tracking program based metrics (e.g., assessments completed within SLA, challenges, etc.)
- In partnership with key stakeholders across the enterprise (Vendor Management, Procurement, Legal, etc.), identify process and technology enhancements to drive efficiencies Ensure close coordination with Bloomberg Risk Management on aligning risks, issues, enterprise reporting, etc.
You’ll need to have:
- Bachelor’s degree in Information Technology, Information Security, Business or Risk Management (or equivalent experience) with a minimum of 7+ years related work experience required
- Comprehensive Knowledge of Information Security standards and frameworks (NIST CSF, 800-53, Shared Assessments, ISO, etc.) with an understanding of the ‘’why’ behind the controls and not just the controls themselves.
- Experience assessing cloud based service providers
- CISSP, CISM or other relevant Information Security certification
- Strong technical and/or IT audit background and practical knowledge of a variety of technologies including operating systems, server, network and web infrastructure, database architectures, intrusion detection and prevention systems
- Strong experience in one of the following: firewall, system, and network architectures and other security best practices, Understanding of software development life-cycle and application security, Infrastructure-as-a-Service and Software-as-a-Service security concepts,
- Organized, detail-oriented with ability to understand big picture and make risk appropriate tradeoffs.
- Experience with Governance Risk and Compliance tools (e.g. Archer, MetricsStream, etc.)
- Strong interpersonal and oral/written communication skills with the ability to build relationships at all levels
- Experience managing client/partner relationships and expectations
- Ability to negotiate
- Able to work independently
- Strong analysis and problem solving skills
If this sounds like you: Apply! If we believe you are a good match we'll get in touch to let you know the next steps.
To learn more, visit our YouTube channel “Inside Bloomberg” www.youtube.com/InsideBloomberg
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status