Location

New York

Business Area

Legal, Compliance, and Risk

Ref

10049190

Description & Requirements

The energy of a newsroom, the pace of a trading floor, the buzz of a recent tech breakthrough; we work hard, and we work fast - while keeping up the quality and accuracy we're known for. It's what keeps us inventing and reinventing, all the time. Our culture is wide open, just like our spaces. We bring out the best in each other through collaboration. Through our countless volunteer projects, we also help network with the communities around us, too. You can do amazing work here. Work you couldn't do anywhere else. It's up to you to make it happen.

Bloomberg’s Chief Risk Office (CRO) Department plays a critical role in supporting our businesses and operations around the world. We move quickly and thoughtfully to help address the risks that are inherent with being the world’s leading financial news and information company. Our team is made up of talented and hardworking professionals who think creatively and work collaboratively in an open environment to deliver results, drive innovation, and solve difficult problems. Diversity and inclusion are essential to our success, and we strive to maintain an environment where our employees are empowered to make an impact. We also recognize the value of diversity and inclusion in cultivating a supportive workplace and the importance of giving back to our communities.

The CRO team provides coverage of both Bloomberg's regulated entities and products, and Bloomberg's non-regulated products and services. Our focus is to address risks and related issues by providing risk management as a service, focusing on providing and delivering value to help businesses and departments thoughtfully incorporate risk into decision making. Vendor Risk Management (VRM) or third-party risk is part of the Company’s Chief Risk Office (CRO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation, and continuous monitoring of risks introduced by vendors and other third-party service providers.

What’s the Role?

We are seeking a Third Party Risk Oversight Lead to drive the design, implementation, and continuous improvement of Bloomberg’s third-party risk framework. This individual contributor role is critical to ensuring that our vendor risk methodology provides comprehensive coverage across the vendor lifecycle, as well as across risk types, and aligns with Bloomberg’s broader enterprise risk framework. You will help set the standards and processes that our team of vendor risk analysts follow. You will collaborate with cross-functional stakeholders to define assessment standards, translate that into actionable processes, and generally ensure our framework remains responsive to evolving regulatory expectations and business needs. This role requires a strategic mindset, deep subject matter expertise, and the ability to translate complex risk concepts into actionable guidance for our operational teams.

We’ll Trust You To

Framework Design & Governance:

- Lead the development and refinement of Bloomberg’s third-party risk framework, ensuring alignment with enterprise risk management principles.
- Define and maintain risk coverage standards across the vendor lifecycle, including onboarding, due diligence, monitoring, and offboarding.
- Establish thematic risk assessment methodologies to streamline risk identification and reporting across similar vendor types or services.
- Ensure the framework supports consistent evaluation across key risk domains (e.g., Information Security, Privacy, BCP/DR and Exit Planning, Regulatory, Geographic, ESG etc).

Stakeholder Engagement & Advisory:

- Partner with business units, Legal, Compliance, Enterprise Risk, and CISO teams to ensure the framework meets subject matter experts’ needs.
- Serve as a subject matter expert on third-party risk governance, providing guidance on emerging risks and regulatory developments (e.g., DORA, EU AI Act, GDPR).
- Support the development of executive-ready reporting and risk dashboards that reflect framework coverage and effectiveness.
- Represent Vendor Risk in cross-functional working groups, risk committees, and regulatory response initiatives.

Continuous Improvement & Enablement:

- Monitor industry trends and regulatory changes to proactively update framework components and guidance.
- Collaborate with operational VRM teams to ensure consistent application of the framework and identify opportunities for simplification or enhancement.
- Develop training materials and documentation to support adoption and understanding of the framework across the organization.

You’ll Need To Have

- Bachelor’s or Master’s degree in Risk Management, Information Security, Business Administration, or equivalent industry experience.
- Extensive experience in Risk Management, Information Security, Technology Audit, or related fields, with a focus on governance, frameworks, or policy development.
- Strong understanding of third-party risk management principles and lifecycle processes.
- Familiarity with key frameworks (NIST 800-53, ISO/IEC 27001/2, COBIT, HITRUST, PCI DSS, CSA, CIS CSC).
- Deep knowledge of Data Privacy regulations (GDPR, CCPA, HIPAA) and operational resilience regulations (DORA).
- Experience designing or implementing risk frameworks, governance models, or control standards.
- Excellent written and verbal communication skills, including the ability to influence and advise senior stakeholders.
- Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GIAC, etc.).
- Please note we use years of experience as a guide but we certainly will consider applications from all candidates who are able to demonstrate the skills necessary for the role.

We’d Love To See

- Experience aligning third-party risk frameworks with enterprise risk management programs.
- Familiarity with vendor risk platforms and assessment tools (e.g., SIG, VSAQ).
- Experience responding to regulatory inquiries or audits related to third-party risk.
- Ability to translate complex risk concepts into practical guidance and tools.

Salary Range

185000 - 245000 USD Annually + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

Discover what makes Bloomberg unique - watch our for an inside look at our culture, values, and the people behind our success.