CRO - Business Continuity & Resilience Risk Lead , NY Posted
Listed on 2026-07-13
-
IT/Tech
Disaster Recovery IT, Business Continuity
Location: New York
CRO - Business Continuity & Resilience Risk Lead
Location
New York
Business Area
Legal, Compliance, and Risk
#
Description & RequirementsBloomberg is seeking a seasoned professional to join its second line of defense (2
LoD) Risk function, providing independent oversight, challenge, and governance of the firm's Resilience program — encompassing Business Continuity(BC), Disaster Recovery (DR), and Operational Resilience.
The ideal candidate is a technically grounded practitioner who can credibly engage with engineers, infrastructure teams, and product teams — not just assess documentation — and translate technical recovery capabilities into meaningful risk judgments. They bring the seniority to influence senior stakeholders and the hands‑on depth to ask the right questions when it matters most. This leader will be expected to work closely with key executives, including the Company’s central Business Continuity Management (BCM) lead, ENG leaders overseeing the Company’s DR program, and the Company’s Operational Resilience leadership team, among others, as a key risk adviser.
Critically, this is someone who operates with a genuine risk‑based mindset — prioritizing effort, scrutiny, and escalation in proportion to actual risk exposure rather than applying uniform oversight for its own sake. They are thoughtful and deliberate in how they form views, practical in how they communicate and embed findings, and pragmatic enough to distinguish between issues that matter and noise that doesn’t.
Key ResponsibilitiesProvide robust independent oversight and challenge of Bloomberg’s BC, DR and broader resilience programs and practices operated by the first line of defense. This will include, for example, assessment, oversight, and challenge of the adopted frameworks and strategies for BC, DR, and OpRes.
Assess the technical adequacy of the firm’s recovery posture —including disaster recovery architecture, failover mechanisms, data replication strategies, backup integrity, and system recovery tiering — not just the documentation surrounding them.
Evaluate alignment between business continuity plans, disaster recovery capabilities, and impact tolerance thresholds to ensure end‑to‑end recoverability of critical services under realistic failure scenarios.
Identify gaps, weaknesses, and emerging risks across the resilience framework and escalate findings with clear, evidence‑based remediation recommendations.
Own and maintain the 2
LoD resilience policy and standards suite, ensuring they reflect both industry best practice and Bloomberg’s complex, technology‑intensive operating environment.Drive periodic reviews and updates to frameworks in response to technology change, infrastructure evolution, and lessons learned from incidents and exercises.
Oversee the 2
LoD review of resilience testing programs, including business continuity exercises, disaster recovery failover tests, tabletop simulations, and scenario‑based resilience stress tests.Ensure testing scenarios are technically realistic, covering cyber incidents (including ransomware and destructive attacks), infrastructure failures, data corruption events, third‑party outages, and geographic disruptions.
Verify that lessons learned from tests and live incidents result in tangible improvements to resilience capabilities.
Evaluate third‑party and vendor disaster recovery capabilities where they underpin critical Bloomberg services, with particular attention to concentration risk and recovery interdependencies.
Report on the firm’s recovery posture against defined impact tolerances, flagging where resilience capability gaps could prevent the firm from remaining within tolerance during a severe but plausible disruption.
Contribute to operational risk appetite frameworks as they relate to resilience and recoverability risks.
Build trusted relationships with the 1
LoD resilience teams, Technology Infrastructure, Site Reliability Engineering, Cyber/Information Security, Third Party Risk, and business leadership.Serve as a technically credible challenge partner to Engineering and Product teams on resilience architecture decisions — able to engage substantively on design trade‑offs,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).