SOC Program Strategy Lead

Bloomberg’s Risk and Compliance functions play a critical role in supporting the firm’s businesses, clients, and global operations. We partner closely with Technology, Engineering, Legal, and Business stakeholders to manage complex risk and control environments in a fast-paced, highly regulated landscape. Our teams value collaboration, clear accountability, and pragmatic risk management, and we work together to deliver outcomes that scale with the firm.

The Risk and Compliance Shared Services (RCSS) team supports firmwide programs that require strong coordination, governance, and senior stakeholder engagement. We are seeking a SOC Program Strategy Lead to own the strategy, governance, and delivery of Bloomberg’s System and Organization Controls (SOC) reporting program, ensuring sustained audit readiness and alignment with regulatory and client expectations.

What’s the Role?

As the SOC Program Strategy Lead, you will be accountable for the end-to-end strategy, governance, and orchestration of Bloomberg’s SOC reporting program, along with related high-profile, firmwide initiatives. You will ensure that operational risks, controls, and supporting artifacts are clearly understood, consistently documented, and effectively integrated to meet audit and regulatory expectations. This includes shaping how Bloomberg approaches SOC reporting over time—not just execution in a single cycle. This is a senior, strategic, and highly cross-functional role. You will focus on forward-looking risk and resilience considerations, governance design, and executive-level decision support. You will partner closely with Technology, Engineering, Legal, Product, Risk, Compliance, Internal Audit and external auditors, and you will provide direction, prioritization, and quality oversight across internal teams and third-party audit partners.

We’ll Trust You To:

• SOC Reporting Program Leadership

• Own the overall strategy and multi-year roadmap for Bloomberg’s SOC reporting program, including defining approach, scope, and product coverage based on client expectations, control maturity, and opportunities to consolidate horizontal or thematic controls.
• Develop and manage the annual SOC plan, aligning timelines and scope across control domains while accounting for other assurance activities and firmwide initiatives.
• Partner with Technology, Engineering, and subject matter experts to assess control environments, policies, system boundaries, dependencies, and supporting artifacts to inform SOC readiness.
• Lead the end-to-end execution of SOC reporting, coordinating across internal stakeholders and external auditors to ensure timely, high-quality delivery.
• Serve as the primary point of accountability for SOC program status, proactively communicating progress, risks, issues, and trade-offs to senior management.
• Identify emerging risks, execution challenges, or control gaps early, and provide clear, actionable recommendations to support informed decision-making.
• Act as the central point of coordination with external auditors, including scope discussions, timelines, expectations, issue escalation, and resolution.
• Ensure clear ownership, governance, reporting, and escalation for remediation activities identified through SOC assurance reports.

• Translate complex audit, regulatory, control, and technical topics into clear, concise messaging for senior and executive-level stakeholders.
• Manage and mentor a team of individual contributors, setting priorities, providing guidance, and ensuring consistent, high-quality execution.
• Continuously identify opportunities to strengthen governance, documentation, planning, and operational resilience across programs.
• Operate as a trusted advisor to senior leadership, providing forward-looking insights rather than reactive updates.

You’ll Need To Have:

• Bachelor’s degree in Business, Finance, Technology, Risk Management, or a related field.
• 15+ years of experience in risk management, compliance, audit, technology risk, operational resilience, or related leadership roles within complex, regulated organizations.
• Deep understanding of SOC 1 and SOC 2 reporting, including controls aligned to the Trust Services Criteria (security, availability, processing integrity, confidentiality, and privacy).
• Experience with intragroup services, service governance, outsourcing risk, or third-party/intragroup frameworks.
• Strong familiarity with operational resilience, continuity, and regulatory expectations.
• Demonstrated experience partnering effectively with Technology and Engineering teams.
• Proven ability to engage, influence, and advise senior stakeholders, including through formal governance forums.
• Experience managing external auditors or service providers.
• Excellent written and verbal communication skills.
• Experience managing or leading direct reports.

We’d Love to See:

• Experience leading firmwide assurance, risk, or resilience programs.
• Experience supporting regulatory exams or supervisory engagements.
• Familiarity with data-intensive, or highly integrated technology environments.
• Comfort operating in ambiguity and advising at executive levels.
• Experience as a SOC auditor or designing a SOC program.
• Experience in Financial Services or FinTech.

If This Sounds Like You: Apply if you think we’re a good match. We’ll get in touch to let you know what the next steps are.