Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.
Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.
Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.
This position is a cybersecurity controls assurance specialist on Vanguard’s Global Enterprise Security’s Governance, Risk, Compliance and Strategic Operations team. This position will be a key member within control assurance team responsible for leading testing efforts on Enterprise security and fraud controls documented against internal and external obligations.
Controls Analyst - II:
1. Act as control SME to lead design, documentation and assessment of ES&F controls against internal and external obligations/requirements.
2. Conduct the walkthroughs with control owners to assess the design and operational effectiveness of controls to ensure compliance with policies and regulatory requirements and maintain documentation of controls, test procedures and findings.
3. Collaborate with stakeholders such as ES&F team, controls owners to Identify control gaps and provide actionable recommendations.
4. Ensure security controls testing aligns with global regulatory frameworks such as NIST CSF, ISO 27002, and COBIT along with identifying improvement opportunities to automate controls, reduce testing time etc.
5. Participate in special projects such as GRC Modernization supporting automation of controls and implementation of continuous control monitoring applications to improve efficiency and quality of control testing
6. Provides consultation, facilitation and analytical support to ensure controls are properly aligned and implemented to ensure flawless service and compliance with all business partner expectations.
7. Consults with leadership on complex control-related issues. Educates and influences business partners on control design and effectiveness and recommends actions to increase effectiveness of those controls.
8. Develops effective working relationships throughout the subdivision & division. Collaborates with the department and management sharing best practices regarding key controls to influence and effectively communicate control solutions to all appropriate parties.
What it takes:
Minimum four to six years of relevant experience in conducting walkthroughs, planning and executing control testing/assurance.Experience developing and operating enterprise security and fraud controls.Knowledge of frameworks and standards (NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services cyber regulations.Professional certifications such as CRISC, CISSP, CISM, CISA, CIA, CPA, or others are preferred.Undergraduate degree or equivalent training and experience; a degree in Cyber Security or Computer Science is preferred.Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.