Vendor Information Risk Manager
The Vendor Information Risk Management (VIRM) is part of the Chief Risk and Compliance Office (CRCO) and is responsible for identifying, remediating and monitoring information risks associated with people, process and technology-related services provided to Bloomberg by Vendors. Our goal is to ensure that due diligence is performed at every stage of the engagement process in order to maintain information security, data privacy and regulatory compliance while ensuring continuity of excellent service to our clients and employees globally. What's The Role?
We are looking for an Information/Operational Risk Manager with a proven background in Third Party Risk Management. You will drive due diligence activities across our vendor population while contributing to strategic initiatives to enhance the overall VIRM program in line with our transformation roadmap. We'll Trust You To:
You'll Need To Have:
- Conduct assessments, monitoring and reporting on Vendor risks for one or more Business Units to which you will be assigned coverage
- Drive risk decision making, monitoring and alerting when risk thresholds are breached.
- Interpret, train and enforce compliance with Bloomberg VIRM Standards and Procedures
- Cultivate and leverage relationships with CISO, Business Continuity, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives.
- Lead key Vendor Risk Management activities and demonstrate understanding of the top and material risks impacting Bloomberg and our clients.
- Act as subject matter expert on vendor risk matters supporting Business Unit(s) for which you are responsible.
- Provide consultancy on information risks for new vendor products and services under consideration
- Provide and coordinates input to key compliance, legal and regulatory initiatives.
- Leverage existing or develop targeted material to deliver actionable risk reporting to Business Units as needed.
- Participate in select risk committees / working groups.
We'd Love to See (pluses):
- Bachelor's degree in Information Technology, Information Security, Business or Risk Management (or equivalent experience)
- 5+ years' experience in Technology Risk/Controls, Information Security or Operational Risk Management
- Experience with IT Risk frameworks e.g. ISO, NIST, CoBIT
- Understanding of regulations that apply to the business such as PCI, HIPAA, GDPR, CCPA regulations and examination guidance
- Ability to solve moderate to complex problems with minimum assistance / escalation points
- Ability to effectively challenge status quo, influence positive change and deliver on an aggressive transformation agenda
- Able to cultivate and leverage relationships with Cyber, Legal/Compliance, VM and other partners / stakeholders when necessary to accomplish objectives
- Master's or MBA Degree
- One or more industry certifications e.g. CISM, CISSP, CISA, CRISC, CTPRP
- Analytical skills using Qlik/Tableau, MS Access, Excel
- Independent / Critical Thinker - leadership skills
- Strong analytical skills and an inquisitive mindset
- Emotional Intelligence, interpersonal skills
- Excellent communication across all levels of the organization; presentation skills
- Familiar with applicable financial, technology and privacy regulations and how they impact Bloomberg
If This Sounds Like You:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:
Bloomberg is an equal opportunities employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.