Bloomberg

CRO - Information Security & Risk Oversight Lead

Bloomberg$215K — $290K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's Degree required.
  • 10+ years in Information Security.
  • 10+ years in IT or Cyber Risk Management.
  • Experience in a Second Line of Defense or independent risk oversight.
  • Strong understanding of cybersecurity control frameworks (e.g., NIST CSF, ISO 27001).
  • Experience engaging with Boards and regulatory bodies.
  • Authorized to work in the United States.

Responsibilities

  • Serve as the primary Second Line risk advisor for cybersecurity-related risks.
  • Identify and measure threat-actor initiated risks that could affect information systems.
  • Evaluate effectiveness of security controls in complex technology initiatives.
  • Quantify risk and control posture to aid executive decisions.
  • Review security programs for alignment with risk appetite and regulatory standards.
  • Collaborate with Information Security and Engineering to enhance risk awareness.
  • Identify root causes of security incidents and propose preventative measures.
  • Present risk oversight materials to senior leadership and regulatory bodies.

Benefits

  • Comprehensive and generous benefits plan.
  • Merit-based salary increases.
  • Incentive compensation for exempt roles.
  • Paid holidays and time off.
  • Medical, dental, and vision insurance.
  • Short and long term disability benefits.
  • 401(k) with matching contributions.
  • Life insurance and wellness programs.
Full Job Description
Description & Requirements

About the Role:
We're looking for an Information Security Risk Oversight Lead who can translate cybersecurity risk into executive insight and action. Sitting in the Company's Second Line of Defense , the Chief Risk Office and reporting directly to our Head of Technology Risk , you will provide independent oversight and credible challenge across the firm's enterprise-wide information security program. Operating at the intersection of technology, risk management , cybersecurity, governance, and strategy, you will partner with the Chief Information Security Office , Engineering, and CTO teams to ensure cyber risks are appropriately identified , measured, monitored , and aligned with the firm's risk appetite. The "so what" is critical: your oversight will enable leadership to understand not only what the risks are, but whether they are being managed effectively-and where decisive action is required to strengthen the firm's overall security posture.

Key Responsibilities

* Serve as the primary Second Line risk advisor for cybersecurity - related risks and lead independent oversight and credible challeng e of First Line of Defense activities.

* Identify and measure threat-actor initiated risks and risk scenarios that may impact the confidentiality, integrity, and availability of information systems .

* Evaluate the design and operating effectiveness of security controls, particularly across complex, high-risk, or enterprise-scale technology initiatives.

*Quantify risk and control posture to support executive decision-making through scenario analysis and metrics (e.g., KRIs, KPIs, SLA/SLOs , ALE ).

* Review and challenge security-driven programs and initiatives to ensure alignment with enterprise risk appetite , industry control frameworks, and regulatory expectations.
* Partner closely with Information Security and Engineering teams to enhance risk awareness, accountability, and control ownership.

* Identify root causes of control failures, security incidents, or systemic weaknesses and support the development of actionable, preventative recommendations.
* Prepare and present risk oversight materials to senior leadership committees, internal audit, Board of Directors , and regulatory bodies as required.
* Act as a strategic thought partner to senior leaders by advising on emerging threats, evolving regulatory requirements, and industry best practices.

Required Qualifications

* Bachelor's Degree required.
* 10+ years of experience in Information Security.
* 10+ years of experience in IT or Cyber Risk Management.
* Demonstrated experience operating within a Second Line of Defense or independent risk oversight function.
* Strong understanding of cybersecurity control frameworks (e.g., NIST CSF, NIST 800-53, M I TRE ATT& CK, ISO 27001, COBIT, CIS).
* Experience interacting with Boards, regulators, internal audit , and /or executive governance forums.
* Authorized to work in the United States.

Preferred Qualifications

* Relevant professional certifications (e.g., FAIR, CISSP, CISM, CRISC, CISA).
* Experience in regulated industries (e.g., financial services).
* Strong understanding of cloud security, application security, identity and access management, and cyber resilience.
* Familiarity with enterprise risk management methodologies and risk appetite frameworks.

Core Competencies

* Strong analytical and critical thinking skills with the ability to provide constructive challenge .
* Executive-level communication and presentation skills.
* Ability to influence without direct authority.
* Strategic mindset with strong attention to detail.
* High integrity and independent judgment.

Salary Range = 215,000 - 290,000 USD Annual + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

About Bloomberg

Bloomberg L.P. is a privately held financial, software, data, and media company headquartered in Midtown Manhattan, New York City. It was founded by Michael Bloomberg in 1981, with the help of Thomas Secunda, Duncan MacMillan, Charles Zegar, and a 12% ownership investment by Merrill Lynch. Bloomberg L.P. provides financial software tools and enterprise applications such as analytics and equity trading platform, data services, and news to financial companies and organizations through the Bloomberg Terminal (via its Bloomberg Professional Service), its core revenue-generating product. Bloomberg L.P. also includes a wire service (Bloomberg News), a global television network (Bloomberg Television), digital websites, a radio station (WBBR), subscription-only newsletters, and three magazines: Bloomberg Businessweek, Bloomberg Markets, and Bloomberg Pursuits.
Learn more about Bloomberg
Size
20,000 employees
Industry
Founded
1981

Similar Jobs

More Jobs at Bloomberg

More Information Technology Jobs

Find similar CRO - Information Security & Risk Oversight Lead jobs: