Business Information Security Officer (BISO) - Cyber GRC Associate

Our Team:

We protect Bloomberg. The Bloomberg Information Security Office team is dedicated to making our products and technologies as secure as possible through design, development, and operation. We report into the Chief Information Security Office while working closely with regulated businesses, key lines of business, and development/engineering across Bloomberg L.P. Our colleagues depend on us to help design, run, and improve our most important security programs — strengthening our cyber resilience and security posture across an evolving threat landscape.

What’s in it for you:

The Bloomberg BISO team focuses on identifying opportunities to improve the security of Bloomberg, our products and services, and the security of our customers’ data. In this role, you will contribute to the development and execution of multiple security and cyber GRC programs, each with unique challenges and in a global setting. You will play a key role in supporting cyber risk governance, evangelizing security and compliance efforts, and helping to shape the direction of Bloomberg L.P.’s business efforts \- all in a day’s work.

We’ll trust you to:

• Build a strong understanding of your business domains, staying current with new technologies, the evolving threat landscape, regulatory changes, and industry best practices as you support and contribute to the information security and cyber GRC programs for your lines of business.


• Work with stakeholders to effectively manage cyber risk including supporting the assessment of security controls, risk identification, mitigation strategies, and incident response planning.


• Build cross\-functional relationships between teams to improve all aspects of our security program, contributing to a culture of security by design and continuous compliance.


• Support the development of management information, including key risk indicators, program maturity indicators, and key performance indicators to enable data\-driven risk reporting.


• Contribute to the review and maintenance of information security policies, standards, and procedures in your line of business \- ensuring alignment with the firm’s risk appetite and regulatory obligations.


• Develop into a trusted advisor to management, supporting the reporting of information security programs, cyber risk posture, and GRC maturity to governance forums.


• Support the development and delivery of scenario testing such as Tabletop Exercises and Threat Led Penetration Testing to validate our cyber resilience.


• Support remediation efforts and contribute to transformational change initiatives across the broader organization, including zero trust adoption, third\-party risk management, and operational resilience programs.

• 3\-5 years of experience in information security, cyber GRC, cyber security risk management, data security, or cyber security regulation.


• Demonstrated ability to work effectively with stakeholders across a complex, global, and highly regulated environment.


• Experience contributing to cross\-functional projects with a strong attention to detail and follow\-through.


• Ability to identify and escalate cyber security risks — including third\-party and supply chain risk — and support the delivery of services in a secure and compliant way.


• Solid foundational knowledge across key cyber security domains such as cloud security, network security and architecture, application security, secure software development lifecycle (SSDLC), or vulnerability management.


• Familiarity with Threat Led Penetration Testing (TLPT) frameworks such as CBEST or equivalent TLPT regimes.


• Familiarity with key technologies such as Operating Systems, Software Development Build Pipelines and Processes, Security Tooling, O365 Suite, and Business Intelligence Tools.


• Exposure to industry standards and frameworks such as NIST CSF, ISO 27001, or cyber risk quantification methodologies.


• Awareness of regulation pertaining to Information Security such as DORA, Operational Resilience, UK CTP Regime, and GDPR.


• Strong written and oral communication skills, with a desire to develop the ability to translate cyber risk into clear business language.


• Demonstrated ability to perform under pressure and consistently meet deadlines.


• An industry recognized certification such as CISSP, CISM, CRISC, CompTIA Security\+, or ISO 27001 Lead Implementor/Auditor — or working towards one.

Apply if you think we’re a good match. We’ll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at: https://www.bloomberg.com/company/what\-we\-do/

If indicated, please note that years of experience are a guide; we will consider applications from all candidates who can demonstrate the skills necessary for the role.

Discover what makes Bloomberg unique — watch our podcast series for an inside look at our culture, values, and the people behind our success.

If indicated, please note that years of experience are a guide; we will consider applications from all candidates who can demonstrate the skills necessary for the role.
Discover what makes Bloomberg unique \- watch our podcast series for an inside look at our culture, values, and the people behind our success.

ACCOMMODATIONS
------------------

Bloomberg provides reasonable adjustment/accommodation to individuals with disabilities. Please tell us if you require a reasonable adjustment/accommodation to apply for a job. Examples of reasonable adjustment/accommodation include but are not limited to making a change to the application process or work procedures, providing documents in an alternate format or using specialized equipment. To request an adjustment/accommodation to apply for a job, please email AMER\_recruit@bloomberg.net (Americas), EMEA\_recruit@bloomberg.net (Europe, the Middle East and Africa), or APAC\_recruit@bloomberg.net (Asia\-Pacific), based on the region you are submitting an application for. We may share your information with a third party provider of accommodations services who may use this information to reach out to you for the purposes of accommodating your application.

EQUAL OPPORTUNITY
---------------------

Bloomberg is an equal opportunity employer and prohibits discrimination in employment. It is Bloomberg’s policy to provide equal opportunity and access for all persons, and the Company is committed to attracting, retaining, developing, and promoting the most qualified individuals without regard to age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, self\-identified or perceived sex, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy, childbirth or related medical conditions, or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law (each, a “Protected Characteristic”). Bloomberg prohibits treating applicants or employees less favorably in connection with the terms and conditions of employment, in all phases of the employment process, because of one or more Protected Characteristics.

This listing is from indeed. View original listing ↗