Team Lead - Vendor Risk Management - Chief Risk Office

Team Lead - Vendor Risk Management - Chief Risk Office

Location: London

Business Area: Legal, Compliance, and Risk

Vendor Risk Management (VRM) is part of the Chief Risk Office (CRO) and is responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of risks introduced by vendors and other third-party service providers.

• Operational Leadership
  • Supervise and mentor a team of Vendor Risk Managers, ensuring high-quality delivery of assessments, monitoring, and reporting.
  • Oversee execution of inherent risk assessments, vendor due diligence, control testing, and remediation tracking.
  • Maintain accuracy and completeness of vendor and engagement inventories, ensuring risk profiles are current and actionable.
  • Guide the team in conducting due diligence across risk domains (information security, privacy, operational resilience, concentration, regulatory, geographic).
  • Monitor industry trends and regulatory updates to ensure operational assessments reflect current risk landscapes.
• Strategic & Advisory Responsibilities
  • Contribute to the ongoing design, enhancement, and implementation of Bloomberg's Vendor Risk Management framework.
  • Serve as a trusted advisor to senior stakeholders, including business leaders, CISO, Legal, Compliance, and Enterprise Risk, on third-party risk exposure and mitigation strategies.
  • Provide risk insights and recommendations that balance business objectives with security and resilience requirements.
  • Develop and deliver actionable, executive-ready risk reporting to inform decision-making across departments.
  • Represent Vendor Risk in risk committees, working groups, and cross-functional initiatives.
  • Help shape Bloomberg's response to emerging regulatory requirements (e.g., DORA, EU AI Act, GDPR) and evolving third-party risk management expectations.

• Bachelor's or Master's degree in Computer Science, Information Security, Business Management, or equivalent industry experience.
• 10+ years of experience in Risk Management, Information Security, Technology Audit, or related fields, with at least 4 years in a leadership or supervisory capacity.
• Proven experience managing and mentoring teams to deliver high-quality risk assessments and projects.
• Strong understanding of Cloud Computing risks and third-party service provider oversight.
• Familiarity with key frameworks (NIST 800-53, ISO/IEC 27001/2, COBIT, HITRUST, PCI DSS, CSA, CIS CSC).
• Deep knowledge of Data Privacy regulations (GDPR, CCPA, HIPAA) and operational resilience regulations (DORA).
• Experience leveraging Vendor Risk Assessment frameworks and tools (SIG, VSAQ, etc.).
• Ability to balance operational oversight with strategic influence, making complex business/risk trade-offs.
• Senior-level written and verbal communication skills, including the ability to present to executive audiences.
• Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GIAC, etc.).

• Experience in building and scaling a vendor risk team or function.
• Familiarity with supplier agreements, contractual terms, and service level agreements.
• Experience developing and using operational performance metrics to measure vendor risk effectiveness.
• Expertise in cloud-based IT architectures and related security practices.

Apply if you think we're a good match. We’ll get in touch to let you know what the next steps are.