Senior Security Assurance Specialist

The Security Assurance Specialist III leads the endtoend coordination and execution of application and infrastructure security risk assessments ensuring consistenttimely and highquality identification of cybersecurity risks and vulnerabilities. The role partners closelyacrosscybersecurityIT engineering teams and business stakeholders to enable effective riskand vulnerabilitymanagement across the enterprise.

Acting as the centralassessmentorchestrationfunction the specialist manages assessment intake prioritization scheduling documentation execution tracking reporting andvulnerabilityworkflow oversight. The role blends deep cybersecurity riskexpertisewith strong program and project management disciplineleveragingAgile and Scrumbased practices to meet defined SLAs quality standards and reporting expectations.

The Security Assurance Specialist IIIprovidesexpertlevel technical guidance in evaluating and strengthening the security posture of Vanguards systems architectures and configurations. This role coordinates and leads comprehensive security assessmentsvalidatesrisk findings and supports remediation strategies across critical business applications infrastructure networks and web platforms. Through close collaboration with technology and business partners the specialist influences secure solution design drives strategic security improvements and supports the continuous maturation of Vanguards security capabilities.

**this Hybrid Role (in office Tues-Wed-Thurs) is based in Charlotte NC Dallas TX or Malvern PA**

Key Responsibilities:

• Provideprogrammatic support and coordinationfor application and infrastructure security assessments.
• Own and manage theassessment lifecyclefrom intake through final reporting and closure.
• Coordinateassessment schedulingacross multiple concurrent engagements balancing priorities dependencies and resource availability.
• Partner with application teams infrastructure owners and product stakeholders togather preassessment information technical documentation architecture diagrams and required artifacts.
• Ensure assessment scope assumptions and prerequisites are clearly defined andvalidatedprior to execution.
• Engage and coordinateassessmentresources acrosscybersecurity and relevantIT divisions(e.g. engineering infrastructure cloud platform teams).
• Act as the primarypoint of coordinationbetween assessment teams and technology stakeholders to resolve scheduling conflicts clarify requirements and manage expectations.
• Facilitate effective communication across technical and nontechnical audiences ensuring transparency of status risks and dependencies.
• Escalate risks delays or resource constraints ina timelyand structured manner.
• Ensureaccurateandtimelytracking of assessment activities milestones and deliverablesleveraging enterprise toolsets and applications.
• Maintain high data quality standards forassessmentrecords findings vulnerabilities and workflow states in assessment and vulnerability tracking platforms.
• Coordinate thepublication of draft and final assessment reports ensuringappropriate reviewcycles approvals and distribution to stakeholders.
• Support auditready documentation and traceability across assessments findings and risk decisions.
• Support thecollection review and routing of identified vulnerabilitiesthrough defined remediation exception or riskacceptanceworkflows.
• Coordinate vulnerability review and acceptance processes with technology owners risk stakeholders and governance bodies.
• Ensure vulnerabilities are properly documented tracked and dispositioned in alignment with enterprise risk standards and timelines.
• Monitor remediation progress and support reporting on overdue atrisk or escalated items.
• Support thecollection analysis and reporting of assessment program metrics including throughput cycle time backlog and SLA adherence.
• Produce regular operational and management reporting to support capacity planning prioritization and performance transparency.
• Identifytrends bottlenecks and improvement opportunities across theassessmentlifecycle.
• Contribute to the continuous improvement of assessment processes tooling templates and operating procedures.
• Applyprogram and projectmanagementbest practicesto manage complex multiworkstream assessment activities.
• Maintainassessmentroadmaps intake queues and execution plans aligned to business and technology priorities.
• LeverageAgile and Scrumstyle practiceswhereappropriate including backlog management sprint planning standups retrospectives and dependency tracking.
• Act as aScrum Masterlike facilitatorforassessmentdelivery removing impediments and enabling teams tooperateefficiently.
• Support change management stakeholder communications and readiness activities for evolving assessment methodologies or tooling.

Education & Experience:

Bachelors degree in Information Security Information Technology Risk Management ora relatedfield (or equivalent experience).

5 years of experience incybersecurity IT risk management GRC or security assessment coordinationroles.

Demonstrated experience coordinatingapplication and/or infrastructure security assessmentsin large regulated or complex environments.

Handson experience withGRC platforms preferablyRSA Archer including assessment tracking findings management and workflow.

Strong understanding of cybersecurity risk concepts vulnerabilities and control assessment practices.

Preferred Qualifications & Certifications:

Experience working withNIST CSF NIST 80053 ISO 27001 CIS Controls or similar frameworks.

Program or project management certifications (PMPPgMP PRINCE2) orAgile/Scrum certifications(CSMSAFe PMIACP).

Familiarity with vulnerability management remediation tracking and risk acceptance processes.

Experience supporting metrics dashboards and SLAdriven operational reporting.

Key Skills & Competencies:

Program & Project Management:Planning prioritization dependency management and delivery execution.

Agile / Scrum Facilitation:Backlog managementimpedimentremoval team coordination.

Stakeholder Management:Ability to influence and coordinate across security IT and business teams.

Operational Rigor:Attention to detail documentation quality and audit readiness.

Communication:Clear concise communication of technical risk information to varied audiences.

Process Improvement:Continuous improvement mindset with the ability to standardize and scale operations.

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.