Global Security Controls & Compliance Lead

Global Risk and Security (GR&S) at Vanguard enables business strategy protects client and Vanguard interests (e.g. assets and data) and stewards a strong risk culture. Our teams leverage enterprise-wide insights deep expertise and trusted advice so that across Vanguard leaders and crew drive faster stronger risk-informed decisions.

Within GR&S the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew property data and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged passionate and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care work-life balance and an investment in your future at its core.

Job Description

Core Responsibilities

• Acts as the enterprise authority for physical security control governance providing interpretation oversight and subjectmatter expertise for regulatory and assurance requirements including SarbanesOxley SOC 1 SOC 2 SEC Regulation SP FINRA GDPR GS007 California Privacy and related frameworks as applicable to physical security.
• Owns the development maintenance and governance of the global physical security controls framework including associated policies standards and control documentation ensuring consistency auditability and global applicability.
• Provides authoritative guidance to physical security control owners during policy standards and control design discussions ensuring regulatory intent is accurately translated into operationally feasible physical security requirements.
• Serves as the primary interface for internal and external inquiries related to physical security controls including questions from Compliance Risk Audit and business partners.
• Partners with Compliance Audit and Regional Security teams to interpret global regulatory requirements develop enterprise physical security control policies and standards and oversee consistent implementation across regions. Provides input and documentation to the Head of Governance for regulator and examiner interactions related to physical security.
• Advises on and reviews physical security risk assessments control testing and contingency planning for facilities critical infrastructure telecommunications capabilities and other highrisk assets (people places and processes) to validate the existence and effectiveness of safeguards.
• Reviews and evaluates current and proposed policies standards and technical initiatives to assess their impact on enterprise physical security control effectiveness regulatory alignment and operational consistency.
• Leads the development implementation and coordination of physical security controls policies standards procedures and operating doctrine interpreting enterprise policy requirements and providing clear guidance to security and business stakeholders.
• Supports responses to duediligence activities including RFPs client inquiries and assurance questionnaires by providing accurate descriptions of physical security controls governance practices and oversight mechanisms.
• Participates in enterprise and securityled initiatives that require physical security governance expertise and performs related duties consistent with the roles scope and authority.
• Enforce compliance with this Enterprise Data Governance Policy and associated standard(s) within their respective domains.
• Maintain metadata for critical data including but not limited to documentation of approved Authoritative Data Sources.

Qualifications

• Five related work experience in security audit or security controls.
• Bachelors degree or equivalent combination of education and experience; degrees in security management risk management or related disciplines preferred.
• Demonstrated experience translating regulatory and assurance requirements into physical security controls and governance artifacts.
• Change management or governancerelated certifications (e.g. Prosci ISO ASIS) preferred as appropriate to role scope.

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.