Senior Manager, Continuous Controls Monitoring and Assurance

Leads a team that provides expert technical expertise and consultation on the development and support of all activities processes and tools used for assessing validating and ensuring the vulnerability integrity of systems architectures and configurations. Oversees security assessments risk analyses and contingency plans for Vanguard business applications systems networks and websites. Assesses adherence to information security policies procedures and operational controls to manage cyber security risks within tolerances satisfy regulatory obligations and address expanding controls testing requirements with exceptional stakeholder experience

Global Risk and Security(GR&S) at Vanguard enables business strategy protects client and Vanguard interests (e.g. assets and data) and stewards a strong risk culture. Our teams leverage enterprise-wide insights deep expertise and trusted advice so that across Vanguard leaders and crew drive faster stronger risk-informed decisions.

Within GR&S theEnterprise Security and Fraud(ES&F) sub-division is responsible for the global protection of Vanguard crew property data and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged passionate and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care work-life balance and an investment in your future at its core.

The Senior Manager Cybersecurity Continuous Controls Monitoring and Assurance is a key leadership member of Vanguards Global Enterprise Securitys Governance Risk Compliance and Strategic Operations team. This position will oversee a team responsible for continuous controls monitoring and assurance to safeguard information and assets. The scope of this role is to assess adherence to information security policies procedures and operational controls to manage cyber security risks within tolerances satisfy regulatory obligations and address expanding controls testing requirements with exceptional stakeholder experience. Data-driven approaches will be used to predict risk issues develop solutions and partner with key control owners and stakeholders.

Position Summary includes:

• Leads team of controls and assurance testers and analysts. Provides guidance and training as necessary to develop crew. Sets performance standards reviews performance and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.
• Defines and executes the vision strategy and roadmap for continuous monitoring and assurance of cybersecurity and fraud controls to support the overall risk objectives and priorities.
• Develops automations and data driven insights from automations measurement and appropriate scoring algorithms.
• Ensures the development and implementation of the internal control framework leads complex control identification design implementation testing and reporting.
• Implements and manages continuous monitoring solutions and automations to reduce time to risk discovery and reduce testing cycle time.
• Leads the identification and resolution of complex control gaps and ensures effective design implementation and operation of controls across divisions and regions. Identifies and implements actions to increase effectiveness and reduce friction.
• Briefs leadership on the state of critical cybersecurity and fraud controls including providing insights into trends and impact of strategic business technology and cybersecurity investments.
• Owns relationships with key internal and external stakeholders. Drives strategic alignment between cybersecurity and technology teams control owners and risk leads.

Core Responsibilities

1. Hires evaluates and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards reviews performance and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.

2. Develops and leads security assessments to measure the adequacy of existing information security controls. Identifies and advises on potential and actual system vulnerabilities integration requirements and ramifications and emerging strategic security needs and recommends corrective measures.

3. Leads and oversees reporting on information security risks and works with IT sub-divisions third party partners and business units in identifying the impact of technology implementation on IT and business unit operations.

4. Leads and maintains the evaluation and assessment process of security requirements for data systems networks or websites. Leads identification of enterprise technical security solutions and coordinates and leads adoption of new security initiatives and solutions.

5. Leads the team in developing and defining best practices for assessments of assets risks and the implementation of appropriate data security procedures and products to ensure security requirements are met. Determines integration requirements oversees the maintenance of security standards documents with feedback from relevant security and technology teams identifies security gaps and evaluates and implements enhancements.

6. Validates functionality and effectiveness of development testing and implementation processes for security plans risk assessments products and control techniques. Conducts system security and vulnerability analyses and risk assessments.

7. Leads the evaluation of Vanguard technical acquisitions infrastructure and development processes and investigates complex potential or actual information security violations to ensure that adequate security measures are established and maintained according to established policies.

8. Leads develops and oversees security assessment plans participates in the security vulnerability mitigation and acceptance process and manages vendor relationships.

9. Acts as an industry expert in emerging security practices and standards. Maintains expert knowledge of industry policies and trends.

10. Participates in special projects and performs other duties as assigned.

Qualifications

• Minimum twelve years related work experience and five years of management experience. Experience in cybersecurity in required.
• Undergraduate degree in related field or equivalent combination of training and experience.
• One or more of CISSP CISM CISA CIA CPA or other relevant certifications required as per the role.
• Proven leadership experience leading global cross-functional teams.
• Demonstrated experience building and running automation and monitoring of cybersecurity controls for high volume transaction processing such as in the Banking industry.
• In-depth knowledge of relevant frameworks and control standards (i.e. NIST CSF NIST 800-53 CIS Controls ISO 27002) and financial services industry cyber regulations and guidelines and considered an expert in the domain.
• Proficient developing effective cybersecurity GRC OKRs and risk-based controls dashboards.
• Excellent communication and influencing skills.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.