Business Information Security Officer - Finance

Job Description:

Business Information Security Officer - Finance

Location
New York

Business Area
Legal, Compliance, and Risk

Ref #
10052010

Description & Requirements

What's the Role?
As a Business Information Security Officer (BISO) for Finance, you will protect the confidentiality, integrity, and availability of the Finance department's information assets. You will identify and assess security risks and vulnerabilities, enforce security policies and controls, and partner with Finance leadership to ensure a secure posture that supports business needs and critical activities while aligning with the organization's risk appetite and regulatory obligations.
This role extends beyond a traditional advisory BISO model, with end-to-end ownership of DLP and surveillance controls, including active monitoring, investigation of data events, and escalation of policy violations and high-risk activity within the Finance environment.
In doing so, you serve as the accountable security control lead for Finance, responsible for ensuring controls are effective today and continuously enhancing and scaling these capabilities as business risk, workflows, and technology evolve. This position requires a leader who can operate strategically with senior stakeholders while driving operational rigor and measurable control effectiveness.
We'll Trust You To:
* Serve as the Business Information Security Officer (BISO) representative for the Finance organization, aligning information security strategy with business objectives, risk tolerance, and regulatory requirements
* Partner with Finance leadership to identify, assess, and prioritize information security risks, translating technical findings into clear business impact and actionable mitigation strategies
* Provide security oversight to ensure secure configuration and governance across collaboration platforms, including Microsoft 365, across single-tenant and multi-tenant environments
* Advise on secure data sharing practices for highly sensitive financial, regulatory, and strategic data across internal teams and third parties
* Lead and support risk assessments and security reviews for Finance systems, workflows, and third-party vendors, and effectively and succinctly communicate identified risks, recommended mitigation strategies, or formal risk acceptance requirements to business leadership for decision and implementation
* Oversee and administer Data Loss Prevention (DLP) and surveillance controls, including policy tuning and alert review to reduce risk of data exfiltration and policy violations
* Investigate data events and potential incidents, escalate high-risk findings to appropriate leadership and drive remediation to closure
* Review and interpret security monitoring logs, alerts, and metrics to identify trends, emerging risks, and control gaps
* Collaborate cross-functionally with Security, Technology, Legal & Compliance, Risk and Finance stakeholders to provide cohesive security support to the Finance secure environment
* Synthesize complex datasets (e.g. metrics, event trends, audit findings) into actionable insights using Excel, Qlik, or similar dashboarding tools, and present findings in a concise, executive-ready format
* Create tailored cybersecurity trainings and tabletop sessions for the Finance population
* Deliver concise, executive-ready reporting and presentations that clearly articulate risk exposure, control effectiveness, and recommended remediation strategies
* Provide security oversight when introducing new business workflows, including SaaS applications and/or AI tools, ensuring appropriate risk assessment and control implementation prior to deployment, in partnership with Security, Technology, and Risk teams as appropriate
You'll Need To Have:
* Experience in information security, technology risk, or cyber risk management, preferably within a financial services or highly regulated environment
* Strong understanding of Microsoft 365 architecture, including identity and access management, tenant configurations (single and multi-tenant models), and secure collaboration controls
* Experience implementing or governing secure cloud collaboration environments at scale
* Hands-on experience with DLP technologies, surveillance programs, data classification frameworks, and secure data handling practices
* Experience conducting and documenting risk assessments, control testing, and gap analyses
* Familiarity with security monitoring, log analysis, and incident response processes
* Demonstrated ability to work across business, technology, and security stakeholders to influence risk-based decisions
* Strong analytical skills with the ability to synthesize large data sets using Excel, Qlik, or similar reporting tools

* Excellent written and verbal communication skills, with the ability to present complex risk concepts clearly to senior business leaders
* Ability to balance multiple projects at once, prioritize work, develop and communicate timelines
* Ability to excel at working in fast-paced environment both independently and collaboratively with the broader teams
* Strong analytical and creative problem-solving skills with the ability to develop innovative data driven solutions that address business needs
* Strong attention to detail
* Ability to balance multiple projects at once, prioritize work, develop and communicate timelines
We'd Love To See:
* Professional certifications such as CISSP, CISM, or similar
* Experience supporting Finance, Treasury, or Regulatory Reporting functions
* Knowledge of financial regulations impacting data protection and recordkeeping (e.g. SOX, SEC, FINRA, DORA or global equivalents)
* Background in surveillance monitoring programs or insider threat risk management
* A proactive, solutions-oriented mindset with a strong sense of ownership and accountability
* Advanced systems experience: SQL databases, Python

Salary Range = 215,000 - 290,000 USD Annual + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

Discover what makes Bloomberg unique - watch our podcast series for an inside look at our culture, values, and the people behind our success