Skip to content
BISO - Technical Specialist (GRC)
Location
New York
Business Area
Legal, Compliance, and Risk
Ref #
10052656

Description & Requirements

Our Team: 

We protect Bloomberg. The Bloomberg Information Security Office team is dedicated to making our products and technologies as secure as possible through design, development, and operation. We report into the Chief Information Security Office while working closely with regulated businesses, key lines of business, and development/engineering across Bloomberg L.P. Our colleagues depend on us to help design, run, and improve our most important security programs — strengthening our cyber resilience and security posture across an evolving threat landscape. 

What’s in it for you: 

The Bloomberg BISO team focuses on identifying opportunities to improve the security of Bloomberg, our products and services, and the security of our customers’ data. In this role, you will be the owner, manager, and developer of multiple security and cyber GRC programs, each with unique challenges and in a global setting. You will be responsible for setting strategic direction, driving cyber risk governance, evangelizing security and compliance efforts, and influencing the direction of Bloomberg L.P.’s business efforts — all in a day’s work. 

We’ll trust you to: 

  • Develop a deep understanding of your business domains, keeping abreast of new technologies, the evolving threat landscape, regulatory changes, and industry best practices as you design, lead, and oversee the information security and cyber GRC programs for your lines of business. 

  • Work with stakeholders to effectively manage cyber risk including consulting on security controls, risk quantification, mitigation strategies, and incident response planning and management. 

  • Foster cross-functional relationships between teams to improve all aspects of our security program, driving a culture of security by design and continuous compliance. 

  • Define and develop management information, including key risk indicators, program maturity indicators, and key performance indicators to enable data-driven risk reporting and executive decision-making. 

  • Establish and review information security policies, standards, and procedures in your line of business — ensuring alignment with the firm’s risk appetite and regulatory obligations. 

  • Become a trusted voice to senior management, reporting on the status of information security programs, cyber risk posture, and GRC maturity to boards and various governance forums. 

  • Lead in the development and delivery of scenario testing such as Tabletop Exercises and Threat Led Penetration Testing to validate our cyber resilience. 

  • Lead remediation efforts and support transformational change initiatives across the broader organization, including zero trust adoption, third-party risk management, and operational resilience programs. 

We’d love to see: 

  • 7+ years of experience in information security, cyber GRC, cyber security risk management, data security, and cyber security regulation. 

  • Demonstrated ability to influence internal and external stakeholders to achieve success in a complex, global, and highly regulated setting. 

  • Proven delivery of complex projects involving cross-functional teams, with a track record of driving measurable improvements in security posture. 

  • Ability to proactively identify and manage cyber security risks — including third-party and supply chain risk — to deliver services and meet business objectives in a secure and compliant way. 

  • Strong technical knowledge in key cyber security domains such as cloud security, network security and architecture, application security, secure software development lifecycle (SSDLC), vulnerability management, and attack surface management. 

  • Proven experience in delivering Threat Led Penetration Tests such as CBEST or equivalent TLPT regimes. 

  • Good knowledge of key technologies such as Operating Systems, Software Development Build Pipelines and Processes, Security Tooling, O365 Suite, and Business Intelligence Tools. 

  • Experience with industry standards and frameworks such as NIST CSF, ISO 27001, and FAIR/cyber risk quantification methodologies. 

  • Knowledge and experience with regulation pertaining to Information Security such as DORA, Operational Resilience, UK CTP Regime, and GDPR. 

  • Excellent written and oral communication skills, with the ability to translate complex cyber risk into clear business language for executive audiences. 

  • Demonstrated ability to perform under pressure and consistently meet program deadlines. 

  • An industry recognized certification such as CISSP, GIAC, CISM, CRISC, or ISO 27001 Lead Implementor/Auditor. 

If This Sounds Like You: 

Apply if you think we’re a good match. We’ll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at: https://www.bloomberg.com/company/what-we-do/ 

If indicated, please note that years of experience are a guide; we will consider applications from all candidates who can demonstrate the skills necessary for the role. 

Discover what makes Bloomberg unique — watch our podcast series for an inside look at our culture, values, and the people behind our success. 


Salary Range = 215,000 - 290,000 USD Annual + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.


We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

Discover what makes Bloomberg unique - watch our podcast series for an inside look at our culture, values, and the people behind our success.
Apply Now