Risk Specialist(Cyber)

About Vanguard

More than 45 years ago John C. Bogle had a vision to start an investment company that did things differently. A company with no external shareholders. Where all the profits were invested back into the business and used to lower costs.Evidently itwas as bold as it was brilliant. To this day Vanguard Group still has no external shareholders. That means no share prices to protect and no profits to generate for outside owners.

Today Vanguard is one of the worlds largest investment management companies serving more than50 million investorsworldwide. For more than 25 years Vanguard Australia has been supporting individual investors financial advisers and superannuation members to achieve their long-term financial goals.

As a Risk Specialist (Cyber) for Vanguard Australia (VIA) you will play a critical role in strengthening the organisations cyber risk management framework and secondline oversight of Enterprise Security & Fraud (ES&F). In this independent advisory function you will lead endtoend risk assessments drive the identification and management of key cyber risks and ensure that effective controls and governance practices are in place. Youll work closely with global partners to provide insight escalate emerging threats and guide decisionmakers toward sound riskmitigation strategies. This highly visible role directly contributes to safeguarding our clients and shaping the future direction of our risk posture and operational resilience.

Wereseeking a candidate with strong risk managementexpertiseand broad cyber experience in areas such asDevSecOps Vulnerability Management Application Security Third-Party Security GRC and Security Awareness. Prior experience withAPRA regulations particularly CPS 234 is.

Core Responsibilities

• Provideindependent risk guidance oversight and assurance to divisional partners in line with Vanguards operational and strategic risk framework

• Lead and enhance technical cyber risk management practices within VIA setting measurable goals and driving continuous improvement

• Conduct and review cyber risk assessmentsidentifyand prioritize emerging risks and advise on control design testing and remediation

• Support the development and implementation of short- and long-term cyber risk strategies aligned with departmentalobjectivesand regulatory requirements

• Build strong relationships with divisions acting as a trusted advisor and influencing risk-aware decision-making

• Participate in special projects and contribute to enterprise-wide risk initiatives asrequired

Qualifications

• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

• Minimum of fiveyears experiencein Risk Management or Cybersecurity

• Certificates in relevant domains (e.g. CISSP CRISC AWS Azure etc)

• Familiarity with relevant frameworks (i.e. NIST CSF ISO 27001)

Inclusion Statement

Vanguards continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients crew (internally employees are referred to as crew) and communities is guided by one simple statement: Do the right thing.

We believe that a critical aspect of doing the right thing requires building diverse inclusive and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguards core purpose through our values.

When all crew members feel valued and included our ability to collaborate and innovate is amplified and we are united in delivering on Vanguards core purpose.

Our core purpose: To take a stand for all investors to treat them fairly and to give them the best chance for investment success.