Team Lead - Vendor Risk Management - Chief Risk Office
Bloomberg.com
Office
London
Full Time
Team Lead - Vendor Risk Management - Chief Risk Office
Location
London
Business Area
Legal, Compliance, and Risk
Ref #
10046761
Vendor Risk Management (VRM) is part of the Chief Risk Office (CRO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of risks introduced by vendors and other third-party service providers.
What’s the Role?
We are seeking a Team Leader, Vendor Risk Management, to guide and develop a team of vendor risk professionals while driving both the execution of vendor assessments and the strategic advancement of our Vendor Risk program. You will manage a portfolio of vendor engagements, oversee critical risk assessments, and help design, refine, and implement frameworks that strengthen Bloomberg’s third-party risk resilience. This role requires balancing hands-on oversight of operational activities with strategic advisory responsibilities, ensuring Bloomberg departments and subsidiaries can confidently manage vendor risks throughout the vendor lifecycle.
We’ll Trust You To:
Operational Leadership • Supervise and mentor a team of Vendor Risk Managers, ensuring high-quality delivery of assessments, monitoring, and reporting. • Oversee execution of inherent risk assessments, vendor due diligence, control testing, and remediation tracking. • Maintain accuracy and completeness of vendor and engagement inventories, ensuring risk profiles are current and actionable. • Guide the team in conducting due diligence across risk domains (information security, privacy, operational resilience, concentration, regulatory, geographic). • Monitor industry trends and regulatory updates to ensure operational assessments reflect current risk landscapes.
Strategic & Advisory Responsibilities
• Contribute to the ongoing design, enhancement, and implementation of Bloomberg’s Vendor Risk Management framework. • Serve as a trusted advisor to senior stakeholders, including business leaders, CISO, Legal, Compliance, and Enterprise Risk, on third-party risk exposure and mitigation strategies. • Provide risk insights and recommendations that balance business objectives with security and resilience requirements. • Develop and deliver actionable, executive-ready risk reporting to inform decision-making across departments. • Represent Vendor Risk in risk committees, working groups, and cross-functional initiatives. • Help shape Bloomberg’s response to emerging regulatory requirements (e.g., DORA, EU AI Act, GDPR) and evolving third-party risk management expectations.
You’ll Need to Have:
• Bachelor’s or Master’s degree in Computer Science, Information Security, Business Management, or equivalent industry experience. • 10+* years of experience in Risk Management, Information Security, Technology Audit, or related fields, with at least 4 years in a leadership or supervisory capacity. • Proven experience managing and mentoring teams to deliver high-quality risk assessments and projects. • Strong understanding of Cloud Computing risks and third-party service provider oversight. • Familiarity with key frameworks (NIST 800-53, ISO/IEC 27001/2, COBIT, HITRUST, PCI DSS, CSA, CIS CSC). • Deep knowledge of Data Privacy regulations (GDPR, CCPA, HIPAA) and operational resilience regulations (DORA). • Experience leveraging Vendor Risk Assessment frameworks and tools (SIG, VSAQ, etc.). • Ability to balance operational oversight with strategic influence, making complex business/risk trade-offs. • Senior-level written and verbal communication skills, including the ability to present to executive audiences. • Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GIAC, etc.).
*Please note we use years of experience as a guide but we certainly will consider applications from all candidates who are able to demonstrate the skills necessary for the role.
We’d Love to See:
• Experience in building and scaling a vendor risk team or function. • Familiarity with supplier agreements, contractual terms, and service level agreements. • Experience developing and using operational performance metrics to measure vendor risk effectiveness. • Expertise in cloud-based IT architectures and related security practices.
If this sounds like you:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: https://www.bloomberg.com/company/
Description & Requirements
The energy of a newsroom, the pace of a trading floor, the buzz of a recent tech breakthrough; we work hard, and we work fast—while keeping up the quality and accuracy we're known for. It's what keeps us inventing and reinventing, all the time. Our culture is wide open, just like our spaces. We bring out the best in each other through collaboration. Through our countless volunteer projects, we also help network with the communities around us, too. You can do amazing work here. Work you couldn’t do anywhere else. It’s up to you to make it happen.Vendor Risk Management (VRM) is part of the Chief Risk Office (CRO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of risks introduced by vendors and other third-party service providers.
What’s the Role?
We are seeking a Team Leader, Vendor Risk Management, to guide and develop a team of vendor risk professionals while driving both the execution of vendor assessments and the strategic advancement of our Vendor Risk program. You will manage a portfolio of vendor engagements, oversee critical risk assessments, and help design, refine, and implement frameworks that strengthen Bloomberg’s third-party risk resilience. This role requires balancing hands-on oversight of operational activities with strategic advisory responsibilities, ensuring Bloomberg departments and subsidiaries can confidently manage vendor risks throughout the vendor lifecycle.
We’ll Trust You To:
Operational Leadership • Supervise and mentor a team of Vendor Risk Managers, ensuring high-quality delivery of assessments, monitoring, and reporting. • Oversee execution of inherent risk assessments, vendor due diligence, control testing, and remediation tracking. • Maintain accuracy and completeness of vendor and engagement inventories, ensuring risk profiles are current and actionable. • Guide the team in conducting due diligence across risk domains (information security, privacy, operational resilience, concentration, regulatory, geographic). • Monitor industry trends and regulatory updates to ensure operational assessments reflect current risk landscapes.
Strategic & Advisory Responsibilities
• Contribute to the ongoing design, enhancement, and implementation of Bloomberg’s Vendor Risk Management framework. • Serve as a trusted advisor to senior stakeholders, including business leaders, CISO, Legal, Compliance, and Enterprise Risk, on third-party risk exposure and mitigation strategies. • Provide risk insights and recommendations that balance business objectives with security and resilience requirements. • Develop and deliver actionable, executive-ready risk reporting to inform decision-making across departments. • Represent Vendor Risk in risk committees, working groups, and cross-functional initiatives. • Help shape Bloomberg’s response to emerging regulatory requirements (e.g., DORA, EU AI Act, GDPR) and evolving third-party risk management expectations.
You’ll Need to Have:
• Bachelor’s or Master’s degree in Computer Science, Information Security, Business Management, or equivalent industry experience. • 10+* years of experience in Risk Management, Information Security, Technology Audit, or related fields, with at least 4 years in a leadership or supervisory capacity. • Proven experience managing and mentoring teams to deliver high-quality risk assessments and projects. • Strong understanding of Cloud Computing risks and third-party service provider oversight. • Familiarity with key frameworks (NIST 800-53, ISO/IEC 27001/2, COBIT, HITRUST, PCI DSS, CSA, CIS CSC). • Deep knowledge of Data Privacy regulations (GDPR, CCPA, HIPAA) and operational resilience regulations (DORA). • Experience leveraging Vendor Risk Assessment frameworks and tools (SIG, VSAQ, etc.). • Ability to balance operational oversight with strategic influence, making complex business/risk trade-offs. • Senior-level written and verbal communication skills, including the ability to present to executive audiences. • Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GIAC, etc.).
*Please note we use years of experience as a guide but we certainly will consider applications from all candidates who are able to demonstrate the skills necessary for the role.
We’d Love to See:
• Experience in building and scaling a vendor risk team or function. • Familiarity with supplier agreements, contractual terms, and service level agreements. • Experience developing and using operational performance metrics to measure vendor risk effectiveness. • Expertise in cloud-based IT architectures and related security practices.
If this sounds like you:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: https://www.bloomberg.com/company/
Team Lead - Vendor Risk Management - Chief Risk Office
Office
London
Full Time
September 30, 2025