Business Information Security Officer

Our Team: We protect Bloomberg. The Bloomberg Information Security Office team is dedicated to making our products and technologies as secure as possible through design, development, and operation. We report into the Chief Information Security Office while working closely with regulated businesses, key lines of business, and development/engineering across Bloomberg L.P. Our colleagues depend on us to help design, run, and improve our most important security programs.

The Bloomberg BISO team focuses on identifying opportunities to improve the security of Bloomberg, our products and services, and the security of our customers' data. In this role, you will be the owner, manager, and developer of multiple security programs, each with unique challenges and in a global setting. You will be responsible for setting strategic direction, evangelizing security and compliance efforts, and influencing the direction of Bloomberg L.P.'s business efforts all in a day's work.

• Develop a deep understanding of your business domains, keeping abreast of new technologies, regulatory changes, and industry best practices as you design, lead, and oversee the information security programs for your lines of business.
• Work with stakeholders to effectively manage cyber risk including consulting on security controls, mitigation strategies, and incident response planning and management.
• Foster cross-functional relationships between teams to improve all aspects of our security program.
• Define and develop management information, including key risk indicators, program maturity indicators, and key performance indicators for use in reporting.
• Establish and review information security policies and procedures in your line of business.
• Become a trusted voice to senior management, report on the status of information security programs to boards and various governance forums.
• Lead in the development and delivery of scenario testing such as Tabletop Exercises and Threat Led Penetration Testing.
• Lead remediation efforts and support transformational change initiatives across the broader organization.

• 7+ years of experience in information security, cyber security risk management, data security and cyber security regulation.
• Demonstrated ability to influence internal and external stakeholders to achieve success in a complex global setting.
• Proven delivery of complex projects involving cross-functional teams.
• Ability to proactively identify and manage cyber security risks to deliver services and meet business objectives in a secure and compliant way.
• Strong technical knowledge in key cyber security domains such as cloud security, network security and architecture, application security, secure software development lifecycle (SSDLC) and vulnerability management.
• Proven experience in delivering Threat Led Penetration Tests such as CBEST or equivalent TLPT regimes.
• Good knowledge of key technologies such as Operating Systems, Software Development Build Pipelines and Processes, Security Tooling, O365 Suite, and Business Intelligence Tools.
• Experience with industry standards such as NIST CSF and ISO 27001.
• Knowledge and experience with Regulation pertaining to Information Security such as DORA, Operational Resilience, UK CTP Regime, GDPR.
• Excellent written and oral communication skills.
• Demonstrated ability to perform under pressure and consistently meet program deadlines.
• An industry recognized certifications such as CISSP, GIAC, CISM, ISO 27001 Lead Implementor/Auditor.

Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at: Discover what makes Bloomberg unique - watch our podcast series for an inside look at our culture, values, and the people behind our success.