Our Team:
We protect Bloomberg.
The Bloomberg Information Security Officer team is dedicated to making our products and technologies as secure as possible through design, development, and operation. We report into the Chief Information Security Office while working closely with regulated businesses, key lines of business, and development/engineering across Bloomberg L.P. Our colleagues depend on us to help design, run, and improve our most important security programs.
What's in it for you:
The Bloomberg BISO team focuses on identifying opportunities to improve the security of Bloomberg, our products and services, and the security of our customers' data. In this role, you will be the owner, manager, and developer of multiple security programs, each with unique challenges and in a global setting. You will be responsible for setting strategic direction, evangelizing security and compliance efforts, and influencing the direction of Bloomberg L.P.'s business efforts all in a day's work.
We'll trust you to:
- Develop a deep understanding of your business domains, keeping abreast of new technologies, regulatory changes, and industry best practices as you design, lead, and oversee the information security programs for your lines of business.
- Work with stakeholders to effectively manage cyber risk including consulting on security controls, mitigation strategies, and incident response planning.
- Foster cross-functional relationships between teams to improve all aspects of our security program.
- Define and develop management information, including key risk indicators, program maturity indicators, and key performance indicators for use in reporting.
- Establish and review information security policies and procedures in your line of business.
- Become a trusted voice to senior management, report on the status of information security programs to boards and various governance forums.
- Lead in the development and delivery of scenario testing such as Tabletop Exercises and Threat Led Penetration Testing.
- Lead remediation efforts and support transformational change initiatives across the broader organization.
We'd love to see:
- 10+ years of experience in information security, cyber risk management and data security.
- Demonstrated ability to influence internal and external stakeholders to achieve success.
- Proven delivery of complex projects involving cross-functional teams.
- Ability to manage cyber security risks to deliver services and meet business objectives in a secure and compliant way.
- Strong technical knowledge in key cyber security domains such as cloud security, network security and architecture, application security, secure software development lifecycle (SSDLC) and vulnerability management.
- Good knowledge of key technologies such as Operating Systems, Software Development Build Pipelines and Processes, Security Tooling, O365 Suite, and Business Intelligence Tools.
- Experience with industry standards such as NIST CSF and ISO 27001.
- Knowledge and experience with Regulation pertaining to Information Security such as DORA, Operational Resilience, UK CTP Regime, GDPR.
- Excellent written and oral communication skills.
- Demonstrated ability to perform under pressure and consistently meet program deadlines.
- An industry recognized certification such as CISSP, GIAC, CISM, ISO 27001 Lead Implementor/Auditor.