The Vendor Information Risk Management (VIRM) is part of the Chief Risk and Compliance Office (CRCO) and is responsible for identifying, remediating and monitoring information risks associated with people, process and technology-related services provided to Bloomberg by Vendors. Our goal is to ensure that due diligence is performed at every stage of the engagement process in order to maintain information security, data privacy and regulatory compliance while ensuring continuity of excellent service to our clients and employees globally.
What's The Role?
We are looking for an Information/Operational Risk Manager with a proven background in Third Party Risk Management. You will drive due diligence activities across our vendor population while contributing to strategic initiatives to enhance the overall VIRM program in line with our transformation roadmap.
We'll Trust You To:
- Conduct assessments, monitoring and reporting on Vendor risks for one or more Business Units to which you will be assigned coverage
- Drive risk decision making, monitoring and alerting when risk thresholds are breached.
- Interpret, train and enforce compliance with Bloomberg VIRM Standards and Procedures
- Cultivate and leverage relationships with CISO, Business Continuity, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives.
- Lead key Vendor Risk Management activities and demonstrate understanding of the top and material risks impacting Bloomberg and our clients.
- Act as subject matter expert on vendor risk matters supporting Business Unit(s) for which you are responsible.
- Provide consultancy on information risks for new vendor products and services under consideration
- Provide and coordinates input to key compliance, legal and regulatory initiatives.
- Leverage existing or develop targeted material to deliver actionable risk reporting to Business Units as needed.
- Participate in select risk committees / working groups.
You'll Need To Have:
- Bachelor's degree in Information Technology, Information Security, Business or Risk Management (or equivalent experience)
- 5+ years' experience in Technology Risk/Controls, Information Security or Operational Risk Management
- Experience with IT Risk frameworks e.g. ISO, NIST, CoBIT
- Understanding of regulations that apply to the business such as PCI, HIPAA, GDPR, CCPA regulations and examination guidance
- Ability to solve moderate to complex problems with minimum assistance / escalation points
- Ability to effectively challenge status quo, influence positive change and deliver on an aggressive transformation agenda
- Able to cultivate and leverage relationships with Cyber, Legal/Compliance, VM and other partners / stakeholders when necessary to accomplish objectives
We'd Love to See (pluses):
- Master's or MBA Degree
- One or more industry certifications e.g. CISM, CISSP, CISA, CRISC, CTPRP
- Analytical skills using Qlik/Tableau, MS Access, Excel
- Independent / Critical Thinker – leadership skills
- Strong analytical skills and an inquisitive mindset
- Emotional Intelligence, interpersonal skills
- Excellent communication across all levels of the organization; presentation skills
- Familiar with applicable financial, technology and privacy regulations and how they impact Bloomberg