Senior Identity & Access Management Risk Advisor

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities.

As the Senior Identity & Access Management Risk Advisor, you will play a pivotal role on a new team in Technology Risk focused on enhancing line 2 oversight of Vanguard’s Enterprise Security & Fraud services. In this role you will act as an independent challenger and advisor to the IAM organization and will influence critical initiatives, execute risk assessments, manage top risks, and ensure comprehensive controls exist while collaborating with other risk partners and business units across the global organization. This is a senior position that is dynamic, highly visible, and will allow you to deliver tangible value in enhancing our ability to protect clients as well as shape our new team’s strategy and vision.

An ideal candidate is well versed in modern identity management practices with the ability to effectively analyze on-the-horizon threats to drive agile risk management. Strong communication and written skills are required to influence senior decision makers. Candidates should have experience in domains such as authentication, authorization, privileged access management, credential/key management, cloud, and risk management.

Senior Identity & Access Management Risk Advisor:

• Provides risk guidance, oversight, and assurance services to enterprise and divisional partners based on the Vanguard's operational and strategic risk framework.
• Ensures the development and implementation of effective divisional risk controls.
• Provides expert level technical risk advice and direction across IAM capabilities.
• Leads and manages the efficiency and effectiveness of technical risk management within IAM.
• Sets measurable goals and examines ways to raise standards, to increase quality and to improve overall technical risk management efforts of the team.
• Measures departmental success in identifying and managing technical risk exposure and identifies and prioritizes existing and emerging risks and advises on appropriate control design and testing. Provides technical risk and architecture thought leadership and expertise.
• Leads and assists IAM in the development, implementation and management of short- and long-term technical risk management strategies in accordance with department goals and objectives, standard risk management policies and procedures, and the overall risk strategy.
• Works with IAM to mitigate risks and optimize process efficiency. Uses expert IT industry best practice knowledge to design effective controls and makes recommendations for developing new technical risk management strategies for the business.
• Provides consultation, facilitation and analytical support to the divisional management team as new products, services, processes and procedures are developed to ensure risk is properly mitigated. Identifies potential solutions and recommends development options.
• Develops and maintains strong relationships with enterprise and divisional clients to understand their ongoing risk needs.
• Acts as a thought partner to the business, and effectively persuades and influences others.
• Assesses the design of existing controls and make recommendations, leverages industry best practice for improvement as needed. 
• Understands the risk management framework and utilizes the core concepts when discussing risk exposures with the business.  
• Identifies and advises on opportunities for continuous quality improvement of technical standards, methodologies, and technologies.
• Participates in special projects and performs other duties as assigned.

What it takes:

• Experience with frameworks such as NIST, ISO 27001
• Experience with Internal Controls over Financial Reporting (ICFR), SOC1/2. SOX, GS007
• Experience with IAM and Security technologies such as SailPoint, Okta, modern PAM solutions
• Certificates in relevant domains (e.g. CISSP, CRISC, AWS, Azure, etc)
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
• Minimum of eight years’ experience in IAM, Risk Management, Cybersecurity, or IT

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

We are Vanguard. Together, we’re changing the way the world invests.

For us, investing doesn’t just end in value. It starts with values. Because when you invest with courage, when you invest with clarity, and when you invest with care, you can get so much more in return. We invest with purpose – and that’s how we’ve become a global market leader. Here, we grow by doing the right thing for the people we serve. And so can you.

We want to make success accessible to everyone. This is our opportunity. Let’s make it count.

Inclusion Statement

Vanguard’s continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: “Do the right thing.”

We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard’s core purpose through our values.

When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose.

Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.