Senior Manager, Business Information Security Officer

Malvern, PA - USA

Monthly Salary: Not Disclosed

Posted on: 07-11-2025

Vacancies: 1 Vacancy

Job Summary

The BISO (Business Information Security Officer) Program serves as a trusted liaison between security and risk organizations and the business on cyber security and fraud matters. The BISO program leader is responsible for overseeing the program and driving key program initiatives. Evolving BISO program maturity enhancing program operational efficiency and serving as a cross-functional advisor for business risk and security are some of the key expectations of the BISO program leader.

The BISO program leader manages and provides subject matter expertise to address security issues within multiple or complex assigned business units. Manages key assets and processes identify and evaluate risks and controls and suggest and implement risk mitigation strategies.

The BISO program is part of the larger Secure Business Enablement team in Vanguards security organization. Secure Business Enablement (SBE) supports Vanguard through enabling security functions across enterprise programs and projects providing actionable insights to drive risk-focused strategic priorities and stewarding a security and risk minded culture.

Core Responsibilities

Manages a team in providing consulting services to the business to engage with and deliver security services. Builds and maintains strategic relationships within the business and security teams to ensure strategic initiatives are met.
Ensures security risk management practices are embedded into key business processes. Enables security risk reduction by working collaboratively with business partners and security programs to identify prioritize and mitigate security risks.
Advises coordinates and reports on the security risk posture security culture controls and assessments of the business. Communicates and presents relevant security metrics dashboards and executive reports to senior management.
Defines and develops security goals scenarios and selects use cases to develop acceptable parameters of security risks or guardrails. Recommends changes to processes software systems and platforms based uponsecurity risk.
Coordinates enterprise security policies and communications. Gathers business participants input implements changes to policies and advises the business on policy changes.
Discusses security trends with security specialists from other institutions and peer organizations.
Provides thought leadership for the evolution of the business information security program.
Participates in special projects and performs other duties as assigned.

Qualifications

Experience and Education: Minimum of eight years related work experience with three years of in Security and Compliance required. Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
Security Certifications: CISSP and/or CISM required within one year.
Strategic Program Leadership: Proven experience developing and scaling a BISO program or similar business-aligned security initiative. Ability to design implement and evolve a BISO program that aligns with business goals and drives security maturity.
Risk & Compliance Expertise: Deep understanding of risk management frameworks regulatory requirements (e.g. SOX HIPAA GDPR) and control environments.
Business Acumen: Strong grasp of business operations and the ability to translate security needs into business-relevant strategies.
Security Frameworks & Technologies: Familiarity with NIST CSF ISO 27001 CIS Controls and enterprise security tools (SIEM DLP IAM etc.). Familiarity with Artificial Intelligence security concepts and controls preferred.
Governance & Metrics: Experience establishing governance structures maturity models and performance indicators to measure program effectiveness.
Communication & Influence: Exceptional ability to engage and influence senior leadership communicate complex security concepts and drive cultural change.
Project & Resource Management: Skilled in managing budgets resources and cross-functional teams to deliver strategic initiatives.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

Required Experience:

Senior Manager

Core Responsibilities

Manages a team in providing consulting services to the business to engage with and deliver security services. Builds and maintains strategic relationships within the business and security teams to ensure strategic initiatives are met.
Ensures security risk management practices are embedded into key business processes. Enables security risk reduction by working collaboratively with business partners and security programs to identify prioritize and mitigate security risks.
Advises coordinates and reports on the security risk posture security culture controls and assessments of the business. Communicates and presents relevant security metrics dashboards and executive reports to senior management.
Defines and develops security goals scenarios and selects use cases to develop acceptable parameters of security risks or guardrails. Recommends changes to processes software systems and platforms based uponsecurity risk.
Coordinates enterprise security policies and communications. Gathers business participants input implements changes to policies and advises the business on policy changes.
Discusses security trends with security specialists from other institutions and peer organizations.
Provides thought leadership for the evolution of the business information security program.
Participates in special projects and performs other duties as assigned.

Qualifications

Experience and Education: Minimum of eight years related work experience with three years of in Security and Compliance required. Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
Security Certifications: CISSP and/or CISM required within one year.
Strategic Program Leadership: Proven experience developing and scaling a BISO program or similar business-aligned security initiative. Ability to design implement and evolve a BISO program that aligns with business goals and drives security maturity.
Risk & Compliance Expertise: Deep understanding of risk management frameworks regulatory requirements (e.g. SOX HIPAA GDPR) and control environments.
Business Acumen: Strong grasp of business operations and the ability to translate security needs into business-relevant strategies.
Security Frameworks & Technologies: Familiarity with NIST CSF ISO 27001 CIS Controls and enterprise security tools (SIEM DLP IAM etc.). Familiarity with Artificial Intelligence security concepts and controls preferred.
Governance & Metrics: Experience establishing governance structures maturity models and performance indicators to measure program effectiveness.
Communication & Influence: Exceptional ability to engage and influence senior leadership communicate complex security concepts and drive cultural change.
Project & Resource Management: Skilled in managing budgets resources and cross-functional teams to deliver strategic initiatives.