Information Security Risk Oversight Lead - Second Line of Defense

Information Security Risk Oversight Lead - Second Line of Defense) - 18805 - Bloomberg

Skip to content

Bloomberg

• Our Company
• Events
• Search Jobs
• Login

Information Security Risk Oversight Lead - Second Line of Defense)

Location

New York

Business Area

Legal, Compliance, and Risk

Ref #

10050628

Description & Requirements

Position Overview

The energy of a newsroom, the pace of a trading floor, the buzz of a recent tech breakthrough; we work hard, and we work fast - while keeping up the quality and accuracy we're known for. It's what keeps us inventing and reinventing, all the time. Our culture is wide open, just like our spaces. We bring out the best in each other through collaboration. Through our countless volunteer projects, we also help network with the communities around us, too. You can do amazing work here. Work you couldn't do anywhere else. It's up to you to make it happen.

About the Role:

We're looking for an Information Security Risk Oversight Lead who can translate cybersecurity risk into executive insight and action. Sitting firmly in the Second Line of Defense, you will provide independent oversight and credible challenge across the firm's enterprise-wide information security program. Operating at the intersection of technology, risk governance, and strategy, you will partner with Information Security, Engineering, and Risk teams to ensure risks are appropriately identified, measured, monitored, and aligned with the firm's risk appetite. The "so what" is critical: your oversight will enable leadership to understand not only what the risks are, but whether they are being managed effectively-and where decisive action is required to strengthen the firm's overall security posture.

Key Responsibilities

• Lead independent review, oversight, and credible challenge of enterprise-wide information security risk assessments, control testing results, and key risk metrics.
• Serve as the primary Second Line risk advisor for cybersecurity and technology-related risks.
• Partner closely with Information Security and Engineering teams to enhance risk awareness, accountability, and control ownership.
• Evaluate the design and operating effectiveness of security controls, particularly across complex, high-risk, or enterprise-scale technology initiatives.
• Review and challenge security-driven programs and initiatives to ensure alignment with enterprise risk appetite and regulatory expectations.
• Monitor information security findings, remediation plans, and validation activities to ensure timely and sustainable risk reduction.
• Identify root causes of control failures, security incidents, or systemic weaknesses and support the development of actionable, preventative recommendations.
• Prepare and present risk oversight materials to senior leadership committees, internal audit, and regulatory bodies as required.
• Contribute to the integration and maturation of information security within the firm's enterprise risk management framework.
• Maintain governance documentation, including policies, standards, and procedures related to information security oversight.
• Act as a strategic thought partner to senior leaders by advising on emerging threats, evolving regulatory requirements, and industry best practices.

Required Qualifications

• Bachelor's Degree required.
• 10+ years of experience in Information Security.
• 10+ years of experience in IT Risk Management.
• Demonstrated experience operating within a Second Line of Defense or independent risk oversight function.
• Strong understanding of cybersecurity control frameworks (e.g., NIST CSF, ISO 27001, COBIT, CIS).
• Experience interacting with regulators, internal audit, and executive governance forums.
• Authorized to work in the United States.

Preferred Qualifications

• Relevant professional certifications (e.g., CISSP, CISM, CRISC, CISA).
• Experience in regulated industries (e.g., financial services).
• Strong understanding of cloud security, application security, identity and access management, and cyber resilience.
• Familiarity with enterprise risk management methodologies and risk appetite frameworks.

Core Competencies

• Strong analytical and critical thinking skills with the ability to provide constructive challenge.
• Executive-level communication and presentation skills.
• Ability to influence without direct authority.
• Strategic mindset with strong attention to detail.
• High integrity and independent judgment.

Salary Range = 185000 - 245000 USD Annually + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

Discover what makes Bloomberg unique - watch our podcast series for an inside look at our culture, values, and the people behind our success.

Apply Now

• Back to Job Search

Apply Now Save this Job

Accommodations

Bloomberg provides reasonable adjustment/accommodation to individuals with disabilities. Please tell us if you require a reasonable adjustment/accommodation to apply for a job. Examples of reasonable adjustment/accommodation include but are not limited to making a change to the application process or work procedures, providing documents in an alternate format or using specialized equipment. To request an adjustment/accommodation to apply for a job, please email AMER_recruit@bloomberg.net (Americas), EMEA_recruit@bloomberg.net (Europe, the Middle East and Africa), or APAC_recruit@bloomberg.net (Asia-Pacific), based on the region you are submitting an application for. We may share your information with a third party provider of accommodations services who may use this information to reach out to you for the purposes of accommodating your application.

Equal Opportunity

Bloomberg is an equal opportunity employer and prohibits discrimination in employment. It is Bloomberg's policy to provide equal opportunity and access for all persons, and the Company is committed to attracting, retaining, developing, and promoting the most qualified individuals without regard to age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, self-identified or perceived sex, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy, childbirth or related medical conditions, or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law (each, a "Protected Characteristic"). Bloomberg prohibits treating applicants or employees less favorably in connection with the terms and conditions of employment, in all phases of the employment process, because of one or more Protected Characteristics.

2026 Bloomberg Finance L.P. All rights reserved.

Privacy | Legal | Accommodations & EEO Policy | Additional Policies | Cookie Preferences