Governance Risk Compliance Analyst Specialist

Global Risk and Security (GR&S) at Vanguard enables business strategy protects client and Vanguard interests (e.g. assets and data) and stewards a strong risk culture. Our teams leverage enterprisewide insights deep expertise and trusted advice so that across Vanguard leaders and crew drive faster stronger riskinformed decisions.

Within GR&S the Enterprise Security and Fraud (ES&F) subdivision is responsible for the global protection of Vanguard crew property data and client assets. We are the trusted advisors that protect the pride of Vanguard with stateoftheart security and fraud capabilities. We are a worldclass destination of highly engaged passionate and diverse talent expected to continuously learn and develop in an everchanging security landscape. Our crew are our greatest resource by joining our team you will build collaborative longterm relationships and enjoy a suite of benefits that includes comprehensive health and wellness care worklife balance and an investment in your future at its core.

This position is a senior cybersecurity continuous controls monitoring and assurance specialist on Vanguards Global Enterprise Securitys Governance Risk Compliance and Strategic Operations team. This position will drive proactive riskbased continuous monitoring to cost effectively scale operations to meet expanding security regulatory client and business requirements.

Position Summary includes:

• Delivers the cybersecurity continuous controls monitoring and assurance roadmap and capabilities to enable cybersecurity and fraud risk objectives and priorities.
• Builds and implements solutions to reduce time to risk discovery and testing cycle time.
• Develops automations and data driven insights from automations measurement and appropriate scoring algorithms.
• Modernizes the internal control framework and leads complex control identification design implementation testing and reporting.
• Leads the identification and resolution of complex control gaps and ensures effective design implementation and operation of controls across divisions and regions.
• Identifies and implements actions to increase effectiveness and reduce friction.

Governance Risk & Compliance Analyst Specialist:

• Works with IT subdivisions and business units as the technical authority regarding security of application and systems software equipment and related capabilities and performance characteristics to evaluate their effectiveness at meeting defined security requirements determining integration requirements and identifying ramifications on IT and business unit operations of their implementation.
• Supports the development and maintenance of a portfolio of global security policies and standards. Monitors and maintains the lifecycle of the portfolio. Responsible for oversight of management and decisions related to methodology and policy for all Security functions.
• Advises key stakeholders and security policy owners during policy discussions. Interfaces with clients on all inquiries related to Information and IT Security capabilities. Supports the review and approval of all RFP responses related to security as needed.
• Works with Compliance and Regional Security teams to understand global regulatory requirements for security develop global Security policies and standards and oversee implementation. Interfaces with external regulators for Information and IT Security.
• Conducts security assessments risk analyses and assesses contingency plans for Vanguard computer facilities telecommunications capabilities and installations to verify existence and effectiveness of safeguards.
• Reviews and analyzes current and proposed policy directives and IT technical issues which may affect the implementation of Information Security across the enterprise.
• Recommends develops implements and coordinates new security policies standards procedures and operating doctrine at all levels across the company. Interprets policy relating to Vanguard information security functions and provides guidance as required.
• Participates in special projects and performs other duties as assigned.

What it takes:

• Six years related work experience Information Security experience preferred.
• Undergraduate degree or equivalent combination of training and experience. Cyber Security or Computer Science degree preferred.
• Demonstrated experience building and running automation and monitoring of cybersecurity controls for high volume transaction processing such as in the Banking industry.
• Indepth knowledge of relevant frameworks and control standards (i.e. NIST CSF NIST 80053 CIS Controls ISO 27002 and financial services industry cyber regulations and guidelines and considered an expert in the domain.
• One or more of CISSP CISM CISA CIA CPA or other relevant certifications required is preferred.

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the longterm financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling inperson learning collaboration and connection. We believe our missiondriven and highly collaborative culture is a critical enabler to support longterm client outcomes and enrich the employee experience.