Key Responsibilities

Program Strategy & Leadership

• Own and execute the enterprise Security Awareness & Learning strategy aligned to the organizations overall cyber fraud and operational risk posture.

• Translate emerging threats regulatory expectations and industry intelligence into relevant actionable employee education.

• Lead and develop a highperforming security awareness and learning team. Develop and execute strong success metrics to measure team performance. Hires evaluates and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards reviews performance and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.

Security Training and Education

• Support Design Expand and Iterate our enterprise education covering:

  • Cybersecurity fundamentals and secure behaviors

  • Identity and Access Management (e.g. credential protection MFA privileged access hygiene access certifications)

  • Physical security responsibilities (e.g. tailgating prevention badge security remote work considerations)

  • Fraud and social engineering threats (e.g. phishing vishing deepfakes insider risk indicators)

• Ensure training is rolebased and riskappropriate with enhanced content for higherrisk roles (e.g. executives customerfacing staff finance technology and help desk teams).

• Continuously refresh content based on emerging risks (e.g. phishing trends fraud patterns AIenabled social engineering).

• Partner with Cyber Threat Intelligence and Fraud teams to ensure consistency between awareness messaging and active threat conditions.

Phishing Social Engineering & Fraud Readiness

• Oversee phishing and social engineering preparedness programs including simulations and justintime education.

• Continuously identifying prioritizing and creating multi-channel awareness campaigns to mitigate top risks and emerging threats.

• Promote a security-minded culture reinforcing employee responsibility for identifying and escalating suspicious activity.

• Align employee education with fraud prevention frameworks and internal controls to reduce financial and reputational impact.

Exercises & Practical Readiness

• Partner with Cybersecurity Fraud and Business Continuity teams to integrate awareness outcomes into tabletop and simulated exercises in partnership with the Cyber Security Operations Center and the Red Team.

• Reinforce employee roles and expectations during cyber and fraud incidents ensuring learning translates into realworld response readiness.

Measurement & Continuous Improvement

• Define and track meaningful metrics beyond completion rates (e.g. behavior change reporting rates reduced susceptibility improved response times).

• Use data to adjust training frequency content focus and delivery methods.

• Provide regular executive reporting on program effectiveness trends and risk reduction.

Governance & Stakeholder Engagement

• Maintain alignment with regulatory expectations audit requirements and internal policy standards.

• Understand and implement controls and evidence processes that provide guardrails of assurance for policy integrity.

• Partner with HR and Compliance to ensure training is integrated into the employee lifecycle (onboarding role changes annual refresh).

• Represent the organization in industry forums and peer exchanges related to security awareness and culture.

Qualifications

Required

• Bachelors degree or equivalent experience in Information Security Risk Management Education or a related field

• Minimum five years related work experience with three years experience in IT security or application development. Supervisory experience preferred.

• Strong understanding of:

  • Cyber security principles and security operations functions

  • Identity and Access Management concepts

  • Fraud and social engineering tactics

  • Physical security responsibilities

• Proven ability to influence and engage at all levels of the organization including executives

• Strong written and verbal communication skills.

Preferred

• Demonstrated experience leading an enterprise security awareness or learning program or related security leadership experience preferably in financial services or a regulated industry

• Familiarity with financialservices regulatory expectations related to security training and awareness

• Certifications such as CISSP CISM CRISC Security or equivalent

• Experience with phishing simulation platforms learning management systems and awareness metrics

Success in This Role Looks Like

• Employees clearly understand their role in protecting the organization from cyber fraud and physical threats

• Security awareness is perceived as relevant timely and practical not checkthebox

• Measurable reductions in humanenabled risk

• Strong alignment with financialservices and technology peers and industry best practices

Special Factors

Sponsorship

About Vanguard

At Vanguard we dont just have a missionwere on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members designed to capture the benefits of enhanced flexibility while enabling in-person learning collaboration and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.