Information Security Compliance Manager (INDG)

As a Manager of Information Security Compliance, you will support Bloomberg Industry Group’s Governance, Risk, and Compliance (GRC) programs. You will be part of a team that delivers customer trust, vendor risk oversight, and compliance with regulatory and industry standards. This role requires balancing hands-on expertise with enabling cross-functional teams to achieve security and privacy objectives, and serving as a key representative to clients, auditors, and regulators.

What you will do:

• Strategy:Support ownership of the information security compliance roadmap, ensuring alignment with organizational priorities.Act as a trusted advisor to senior leadership, providing insights on security risk, compliance obligations, and emerging regulations.
• Program Execution:Support all security & privacy compliance efforts including but not limited to, SOC, GDPR, CCPA, privacy by design, etc. Develop, maintain, and enforce internal information security compliance policies, standards, and controls across diverse systems and platforms.Manage the vendor risk management lifecycle: onboarding, due diligence, and ongoing monitoring. Interface with vendors and business leads to clearly understand their risk profile.Represent Information Security in customer security assessments, RFPs, and compliance discussions.Conduct investigations of data security risks and provide consultation to internal and external stakeholders to mitigate risk.Develop and implement companywide information security training and awareness programs.Define and drive risk management and compliance goals for the organizationParticipate in both internal and external audit activities; aid in compliance audits in support of ISO 27001/2, SOC, etc.Collaborate with teams across the organization to ensure continued compliance to policies and security standards.
• Innovation & Emerging RiskMonitor and assess risks related to emerging technologies such as Artificial Intelligence, data governance platforms, and cloud-native architectures.Support development of AI governance policies and frameworks that align with regulatory expectations and customer trust requirements.Raise organizational awareness of new and evolving security risks, and ensure controls evolve to address them.

You need to have:

• Bachelor’s Degree or equivalent experience; advanced degree or industry certifications (CISM, CISA, CISSP, ISO 27001 Lead Auditor/Implementer) a plus.

• 4 years of progressive experience in Risk Management, Compliance, Information Security or Technology Management role.

• Experience with common Information Security Compliance standards and frameworks (such as, ISO 27001/2, PCI, SOC 1/2/3, and NIST etc.).

• Demonstrated security assessment, risk analysis, gap analysis, auditing, causal analysis, corrective action planning, and compliance assessment experience.

• Strong communication and presentation skills, with the ability to influence executives and collaborate with technical teams.

• Demonstrated success in managing customer trust initiatives, vendor risk processes, and audit readiness.

• Ability to balance strategic program oversight with hands-on execution when necessary.

Equal Opportunity

Bloomberg Industry Group maintains a continuing policy of non-discrimination in employment. It is Bloomberg Industry Group’s policy to provide equal opportunity and access for all persons, and the Company is committed to attracting, retaining, developing, and promoting the most qualified individuals without regard to age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law (“Protected Characteristic”). Bloomberg prohibits treating applicants or employees less favorably in connection with the terms and conditions of employment, in all phases of the employment process, because of one or more Protected Characteristics (“Discrimination”).