Team Lead - Vendor Risk Management - Chief Risk Office

Location: London

Business Area: Legal, Compliance, and Risk

Ref #: 10046761

The energy of a newsroom, the pace of a trading floor, the buzz of a recent tech breakthrough; we work hard, and we work fast—while keeping up the quality and accuracy we9re known for. It9s what keeps us inventing and reinventing, all the time. Our culture is wide open, just like our spaces. We bring out the best in each other through collaboration. Through our countless volunteer projects, we also help network with the communities around us, too. You can do amazing work here. Work you couldn9t do anywhere else. It9s up to you to make it happen.

Vendor Risk Management (VRM) is part of the Chief Risk Office (CRO) and responsible for assisting Bloomberg departments and select subsidiaries of Bloomberg LP in the selection, assessment, mitigation and continuous monitoring of risks introduced by vendors and other third-party service providers.

We are seeking a Team Leader, Vendor Risk Management, to guide and develop a team of vendor risk professionals while driving both the execution of vendor assessments and the strategic advancement of our Vendor Risk program. You will manage a portfolio of vendor engagements, oversee critical risk assessments, and help design, refine, and implement frameworks that strengthen Bloomberg9s third-party risk resilience.

This role requires balancing hands-on oversight of operational activities with strategic advisory responsibilities, ensuring Bloomberg departments and subsidiaries can confidently manage vendor risks throughout the vendor lifecycle.

• Bachelor9s or Master9s degree in Computer Science, Information Security, Business Management, or equivalent industry experience.
• 10+ years of experience in Risk Management, Information Security, Technology Audit, or related fields, with at least 4 years in a leadership or supervisory capacity.
• Proven experience managing and mentoring teams to deliver high-quality risk assessments and projects.
• Strong understanding of Cloud Computing risks and third-party service provider oversight.
• Familiarity with key frameworks (NIST 800-53, ISO/IEC 27001/2, COBIT, HITRUST, PCI DSS, CSA, CIS CSC).
• Deep knowledge of Data Privacy regulations (GDPR, CCPA, HIPAA) and operational resilience regulations (DORA).
• Experience leveraging Vendor Risk Assessment frameworks and tools (SIG, VSAQ, etc.).
• Ability to balance operational oversight with strategic influence, making complex business/risk trade-offs.
• Senior-level written and verbal communication skills, including the ability to present to executive audiences.
• Please note we use years of experience as a guide but we certainly will consider applications from all candidates who are able to demonstrate the skills necessary for the role.

• Experience in building and scaling a vendor risk team or function.
• Familiarity with supplier agreements, contractual terms, and service level agreements.
• Experience developing and using operational performance metrics to measure vendor risk effectiveness.
• Expertise in cloud-based IT architectures and related security practices.

Apply if you think we9re a good match. We9ll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: https://www.bloomberg.com/company/