Senior Manager, Continuous Controls Monitoring and Assurance

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

The Senior Manager, Cybersecurity Continuous Controls Monitoring and Assurance is a key leadership member of Vanguard’s Global Enterprise Security’s Governance, Risk, Compliance and Strategic Operations team. This position will oversee a team responsible for continuous controls monitoring and assurance to safeguard information and assets.  The scope of this role is to assess adherence to information security policies, procedures, and operational controls to manage cyber security risks within tolerances, satisfy regulatory obligations, and address expanding controls testing requirements, with exceptional stakeholder experience. Data-driven approaches will be used to predict risk issues, develop solutions, and partner with key control owners and stakeholders. 
 

Position Summary includes:

• Leads team of controls and assurance testers and analysts. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.
• Defines and executes the vision, strategy, and roadmap for continuous monitoring and assurance of cybersecurity and fraud controls to support the overall risk objectives and priorities.
• Develops automations and data driven insights from automations, measurement, and appropriate scoring algorithms.
• Ensures the development and implementation of the internal control framework, leads complex control identification, design, implementation, testing, and reporting.
• Implements and manages continuous monitoring solutions and automations to reduce time to risk discovery and reduce testing cycle time.
• Leads the identification and resolution of complex control gaps and ensures effective design, implementation, and operation of controls across divisions and regions. Identifies and implements actions to increase effectiveness and reduce friction.
• Briefs leadership on the state of critical cybersecurity and fraud controls including providing insights into trends and impact of strategic business, technology, and cybersecurity investments.
• Owns relationships with key internal and external stakeholders.  Drives strategic alignment between cybersecurity and technology teams, control owners, and risk leads.

Core Responsibilities

1. Hires, evaluates, and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.

2. Develops and leads security assessments to measure the adequacy of existing information security controls. Identifies and advises on potential and actual system vulnerabilities, integration requirements and ramifications, and emerging strategic security needs and recommends corrective measures.

3. Leads and oversees reporting on information security risks and works with IT sub-divisions, third party partners, and business units in identifying the impact of technology implementation on IT and business unit operations.

4. Leads and maintains the evaluation and assessment process of security requirements for data systems, networks, or websites. Leads identification of enterprise technical security solutions, and coordinates and leads adoption of new security initiatives and solutions.

5. Leads the team in developing and defining best practices for assessments of assets, risks, and the implementation of appropriate data security procedures and products to ensure security requirements are met. Determines integration requirements, oversees the maintenance of security standards documents with feedback from relevant security and technology teams, identifies security gaps, and evaluates and implements enhancements.

6. Validates functionality and effectiveness of development, testing and implementation processes for security plans, risk assessments, products, and control techniques. Conducts system security and vulnerability analyses and risk assessments.

7. Leads the evaluation of Vanguard technical acquisitions, infrastructure and development processes, and investigates complex potential or actual information security violations to ensure that adequate security measures are established and maintained, according to established policies.

8. Leads, develops, and oversees security assessment plans, participates in the security vulnerability mitigation and acceptance process, and manages vendor relationships.

9. Acts as an industry expert in emerging security practices and standards. Maintains expert knowledge of industry policies and trends.

10. Participates in special projects and performs other duties as assigned.

Qualifications

• Minimum twelve years related work experience and five years of management experience. Experience in cybersecurity in required.
• Undergraduate degree in related field or equivalent combination of training and experience.
• One or more of CISSP, CISM, CISA, CIA, CPA, or other relevant certifications required as per the role.
• Proven leadership experience leading global cross-functional teams.
• Demonstrated experience building and running automation and monitoring of cybersecurity controls for high volume transaction processing such as in the Banking industry.
• In-depth knowledge of relevant frameworks and control standards (i.e. NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services industry cyber regulations and guidelines, and considered an expert in the domain.
• Proficient developing effective cybersecurity GRC OKRs and risk-based controls dashboards.
• Excellent communication and influencing skills.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.