Cybersecurity Governance, Risk And Compliance Specialist

Our Team:

We protect Bloomberg. Are you a motivated professional who has a passion for cybersecurity? Bloomberg’s Cybersecurity Governance, Risk, and Compliance (GRC) team works across Bloomberg to drive a proactive and systematic approach to protecting against cyber threats. We report into the CISO while working closely with other security and Risk and control partners within Bloomberg L.P. Our colleagues depend on us to drive a consistent approach to managing cybersecurity Risk and helping to provide assurance that we comply with our related policies and procedures.

What's in it for you:

We are seeking a Cybersecurity GRC Specialist to join our team. This role will focus on maturing and enhancing Bloomberg’s Cybersecurity Governance, risk, and Compliance program. This strategic position is crucial for ensuring our cybersecurity posture aligns with best practices and regulatory standards. As the Cybersecurity GRC Specialist, you will play an integral role in maintaining the integrity and confidentiality of all of Bloomberg’s data. The ideal candidate will be a proactive individual who can identify potential threats, implement strategies to mitigate Risk and has a strong background in cybersecurity with a passion for safeguarding information.

We'll trust you to: 

• Partner with the GRC leaders to provide guidance and develop solutions that protect Bloomberg, our products, customers, and employees
• Support the GRC leadership to build a GRC strategy and roadmap to continuously improve Bloomberg’s GRC function
• Strengthen CISO’s mission to keep Bloomberg’s technology infrastructure safe through Coverage, Visibility, and Scale
• Develop and maintain information security policies and procedures
• Build out Bloomberg’s GRC risk management framework, leveraging industry standards such as NIST-CSF, ISO-27001, CIS, and others
• Monitor and analyze changes in relevant regulations and industry standards such as the EU’s DORA, and UK’s CTP regime
• Partner with Engineering, our Chief Technology Office, and our Chief Risk Office to identify GRC capability gaps, and drive mitigation of cyber risks
• Liaise with Risk Management and Internal Audit to support assurance reviews while streamlining day to day stakeholder impact
• Develop, measure, and report on Key Risk Indicators, Key Performance Indicators, Risk Appetite and Tolerance
• Mature the risk-based prioritization of resources across CISO
• Help build a risk aware culture by maturing existing risk management processes to monitor, track, measure and report cyber risks
• Become a trusted voice to upper management and evangelize the benefits and strategic vision associated with our GRC program
• Develop visualizations / management intelligence to show areas of risk that need to be addressed

You’ll need to have:

• 10+ years of experience in a cybersecurity GRC role or equivalent experience
• Proven ability to identify, assess, and prioritize cybersecurity risks in a dynamic environment
• Understand how to practically implement cybersecurity industry standards and frameworks
• Demonstrated ability to influence internal and external stakeholders to achieve success
• Highly developed relationship management and partnership skills across business functions
• Be comfortable with driving business collaboration and adoption of internal tools and dashboards
• Proven delivery of projects involving cross-functional teams
• Excellent written and oral communication skills
• Demonstrated ability to perform under pressure and consistently meet program deadlines
• Strong problem-solving skills, initiative, and attention to detail

We’d love to see:

• Familiarity with various GRC tools, such as Archer, AuditBoard, and Workiva
• Understanding of Engineering and/or Security processes and tools
• Experience with cybersecurity GRC programs in a matrixed environment
• A passion for identifying and working with stakeholders to develop practical approaches to mitigating cybersecurity risks
• Good conceptual knowledge of probability and statistics
• Program and/or project management background with the ability to liaise with business partners in a way that demonstrates the value of cybersecurity risk management
• Security Certifications, such as CISSP, CISM, CRISC, CISA and / or Risk Management certifications, such as CGRC, PRM, CERA

If this sounds like you, please apply!

Bloomberg is an equal opportunity employer, and we value diversity at our company. We do not discriminate based on age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law. 

Bloomberg provides reasonable adjustment/accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable adjustment/accommodation to apply for a job or to perform your job. Examples of reasonable adjustment/accommodation include but are not limited to making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment. If you would prefer to discuss this confidentially, please email AMER_recruit@bloomberg.net (Americas), EMEA_recruit@bloomberg.net (Europe, the Middle East and Africa), or APAC_recruit@bloomberg.net (Asia-Pacific), based on the region you are submitting an application for.