Bloomberg
Vendor Risk Manager - Chief Risk Office
Bloomberg, New York, New York, us, 10261
The energy of a newsroom, the pace of a trading floor, the buzz of a recent tech breakthrough; we work hard, and we work fast - while keeping up the quality and accuracy we're known for. It's what keeps us inventing and reinventing, all the time. Our culture is wide open, just like our spaces. We bring out the best in each other through collaboration. Through our countless volunteer projects, we also help network with the communities around us, too. You can do amazing work here. Work you couldn't do anywhere else. It's up to you to make it happen.
Vendor Risk Management (VRM) is part of the Chief Risk Office (CRO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of risks introduced by vendors and other third-party service providers.
What's The Role?
We are looking for a Vendor Risk Manager with a strong background in Information Security, Operational Resilience, Technology Audit and/or Risk Management. You will work with Bloomberg departments and subsidiaries to perform the inherent risk assessment of their vendor engagements, create and maintain the risk profile of vendors and vendor products / services, and drive control assessment and risk remediation activities across our vendor population while contributing to strategic initiatives to enhance the overall Vendor Risk program in line with our transformation roadmap. Your work will add value to Bloomberg departments and subsidiaries that use third parties to achieve their goals, by helping them appropriately manage vendor risk throughout the vendor lifecycle.
We'll Trust You To:
Liaise with business and technology teams to understand their use of vendor services and products and appropriately assess the inherent risks related to information security, privacy, resiliency, concentration, regulatory compliance, subcontracting, location / geography, among others.
Maintain the vendor and vendor engagement inventory and risk profiles
Conduct due diligence control assessments, continuously monitor and report on Vendor and vendor engagement risks
Coordinate risk mitigation activities with vendors and Bloomberg departments and subsidiaries
Interpret, train and enforce compliance with Bloomberg’s Vendor Risk Management Policy
Cultivate and leverage relationships with CISO, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives
Lead key VRM activities and demonstrate understanding of the top and material risks affecting Bloomberg, our supply chains, and our clients
Act as subject matter expert on VRM matters supporting Bloomberg departments for which you are responsible
Provide advisory support to Bloomberg departments on risk
Provide and coordinate input to key compliance, legal and regulatory initiatives
Demonstrate existing or develop targeted material to deliver actionable risk reporting to Bloomberg departments as needed
Participate in select risk committees / working groups
You’ll Need to Have:
Bachelor’s or master’s degree in Computer Science, Information Security, Business Management or equivalent industry experience
7+ years of experience working in the field of Risk Assurance, Risk Management, Internal Audit or other Compliance-related experience
An understanding of Cloud Computing and how to assess cloud-related risks
Familiarity with international regulations regarding third-party service providers
Familiarity with Industry Frameworks (NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS, CSA CAIQ and CCM, CIS CSC, NIST 800-171) and Data Privacy regulations/standards
Familiarity with Data Privacy regulations and industry standards (e.g., GDPR, Schrems II, CCPA, HIPAA)
Familiarity with the Digital Operational Resilience Act (DORA) and the European Union Artificial Intelligence (EU AI) Act
Familiarity with Vendor Risk Assessment Frameworks/Tools (e.g., SIG, VSAQ)
Technical knowledge in multiple risk domain areas such as application, architecture, system and network security, identity/access management, etc.
Knowledge of current Information Security threats, trends, and mitigations
Skilled in risk management, technical risk analysis, and making complex business/risk trade-off recommendations and decisions
Understanding of impact of financial, technology and privacy regulations on Fintech products and services
Demonstrated ability to lead and influence others
Senior level written and verbal communication skills
Demonstrated leadership, teamwork and collaboration skills
Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GSEC, GIAC, etc.)
We’d Love to See:
An understanding of supplier agreements, contractual terms and service level agreements
Experience in developing and deploying operational performance metrics to measure IT security effectiveness and operational resilience
Experience with Cloud-based IT architectures and security products
Does this sound like you?
Apply if you think we're a good match. We'll get in touch to let you know that the next steps are, but in the meantime feel free to have a look at: https://www.bloomberg.com/company/what-we-do/
Salary: 130000,180000,USD,Annual
Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.
Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email amer_recruit@bloomberg.net
Vendor Risk Management (VRM) is part of the Chief Risk Office (CRO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of risks introduced by vendors and other third-party service providers.
What's The Role?
We are looking for a Vendor Risk Manager with a strong background in Information Security, Operational Resilience, Technology Audit and/or Risk Management. You will work with Bloomberg departments and subsidiaries to perform the inherent risk assessment of their vendor engagements, create and maintain the risk profile of vendors and vendor products / services, and drive control assessment and risk remediation activities across our vendor population while contributing to strategic initiatives to enhance the overall Vendor Risk program in line with our transformation roadmap. Your work will add value to Bloomberg departments and subsidiaries that use third parties to achieve their goals, by helping them appropriately manage vendor risk throughout the vendor lifecycle.
We'll Trust You To:
Liaise with business and technology teams to understand their use of vendor services and products and appropriately assess the inherent risks related to information security, privacy, resiliency, concentration, regulatory compliance, subcontracting, location / geography, among others.
Maintain the vendor and vendor engagement inventory and risk profiles
Conduct due diligence control assessments, continuously monitor and report on Vendor and vendor engagement risks
Coordinate risk mitigation activities with vendors and Bloomberg departments and subsidiaries
Interpret, train and enforce compliance with Bloomberg’s Vendor Risk Management Policy
Cultivate and leverage relationships with CISO, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives
Lead key VRM activities and demonstrate understanding of the top and material risks affecting Bloomberg, our supply chains, and our clients
Act as subject matter expert on VRM matters supporting Bloomberg departments for which you are responsible
Provide advisory support to Bloomberg departments on risk
Provide and coordinate input to key compliance, legal and regulatory initiatives
Demonstrate existing or develop targeted material to deliver actionable risk reporting to Bloomberg departments as needed
Participate in select risk committees / working groups
You’ll Need to Have:
Bachelor’s or master’s degree in Computer Science, Information Security, Business Management or equivalent industry experience
7+ years of experience working in the field of Risk Assurance, Risk Management, Internal Audit or other Compliance-related experience
An understanding of Cloud Computing and how to assess cloud-related risks
Familiarity with international regulations regarding third-party service providers
Familiarity with Industry Frameworks (NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS, CSA CAIQ and CCM, CIS CSC, NIST 800-171) and Data Privacy regulations/standards
Familiarity with Data Privacy regulations and industry standards (e.g., GDPR, Schrems II, CCPA, HIPAA)
Familiarity with the Digital Operational Resilience Act (DORA) and the European Union Artificial Intelligence (EU AI) Act
Familiarity with Vendor Risk Assessment Frameworks/Tools (e.g., SIG, VSAQ)
Technical knowledge in multiple risk domain areas such as application, architecture, system and network security, identity/access management, etc.
Knowledge of current Information Security threats, trends, and mitigations
Skilled in risk management, technical risk analysis, and making complex business/risk trade-off recommendations and decisions
Understanding of impact of financial, technology and privacy regulations on Fintech products and services
Demonstrated ability to lead and influence others
Senior level written and verbal communication skills
Demonstrated leadership, teamwork and collaboration skills
Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GSEC, GIAC, etc.)
We’d Love to See:
An understanding of supplier agreements, contractual terms and service level agreements
Experience in developing and deploying operational performance metrics to measure IT security effectiveness and operational resilience
Experience with Cloud-based IT architectures and security products
Does this sound like you?
Apply if you think we're a good match. We'll get in touch to let you know that the next steps are, but in the meantime feel free to have a look at: https://www.bloomberg.com/company/what-we-do/
Salary: 130000,180000,USD,Annual
Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.
Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email amer_recruit@bloomberg.net