Vendor Information Risk Manager

Similar jobs

New York, NY

Posted Jun 18, 2021 - Requisition No. 91596

Our Team:

Vendor Risk Management (VRM) is part of the Chief Risk and Compliance Office (CRCO). We are responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of Information Security, Operational Resilience and Data Privacy risks introduced by vendors and other third party service providers.

What's The Role?

We are looking for a Vendor Information Security Risk Manager with a background in Information Security and Risk Management. You will drive assessment and remediation activities across our vendor population while contributing to strategic initiatives to enhance the overall Vendor Risk program in line with our transformation roadmap. Your work will add value to business units that use third parties to achieve their goals, by helping them appropriately manage vendor risk.

We'll Trust You To:

Conduct assessments, monitoring and reporting on Vendor Information risks for one or more Business Units to which you will be assigned coverage.
Drive risk decision-making, monitoring and alerting when risk thresholds are breached.
Interpret, train and enforce compliance with Bloomberg VIRM Standards and Procedures
Cultivate and leverage relationships with CISO, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives.
Lead key VIRM activities and demonstrate understanding of the top and material information risks affecting Bloomberg and our clients.
Acts as subject matter expert on VIRM matters supporting Business Unit(s) for which you are responsible.
Provide guidance on information risks for new vendor products and services under consideration
Provide and coordinate input to key compliance, legal and regulatory initiatives.
Demonstrate existing or develop targeted material to deliver actionable risk reporting to Business Units as needed.
Participate in select risk committees / working groups.

You’ll Need To Have:

Bachelor’s degree or Master’s degree in Computer Science, Information Security, Business Management or equivalent industry experience.
6+ years of experience working in the field of Risk Assurance, Risk Management, Internal Audit or other Compliance-related experience
3+ years of Technical Program Management experience.
Demonstrated experience with project and stakeholder management.
Familiarity with Information Risk Frameworks (NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS)
Technical knowledge in multiple risk domain areas such as application, architecture, system and network security, identity/access management etc.
Security knowledge on current threats, trends, and mitigations.
Skilled in risk management, technical risk analysis, and making complex business/risk trade-off recommendations and decisions.
Understanding of impact of financial, technology and privacy regulations on Fintech products and services
Demonstrated ability to lead and influence others.

Familiarity with Vendor Risk Assessment Frameworks/Tools (e.g. SIG/SIG Lite, CAIQ, CIS20, VSAQ, NIST 800-171)
Familiarity with Data Privacy regulations and industry standards (e.g. HIPAA, GDPR, CCPA)
Senior-level written and verbal communication skills.
Demonstrated leadership, teamwork and collaboration skills.
Experience in generating automated metrics to measure IT security effectiveness and operational resilience.
Experience with Cloud-based IT architectures and security products.

Is independently driven, resourceful, and able to deliver results with minimal direction.
Is able to communicate clearly and effectively with engineering, product management, and senior business leaders.
Has a strong sense of ownership, urgency, and drive.
Possesses Industry certifications (CISSP, CISM, CCSP, CRISC, CISA e.t.c.)
Has an Inquisitive mindset with interest in continuous learning and development

https://www.bloomberg.com/company/