Controls Management, Specialist

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

The Controls Management, Specialist will recommend, develop, implement, and monitor enterprise-wide information security policies, procedures, and operational guidelines. Researches and develops solutions for information security issues and promotes information security awareness.

This position is a senior cybersecurity continuous controls monitoring and assurance specialist on Vanguard's Global Enterprise Security's Governance, Risk, Compliance and Strategic Operations team. This position will drive proactive risk-based continuous monitoring to cost effectively scale operations to meet expanding security, regulatory, client and business requirements.

Position Summary includes:

• Delivers the cybersecurity continuous controls monitoring and assurance roadmap and capabilities to enable cybersecurity and fraud risk objectives and priorities.
• Builds and implements solutions to reduce time to risk discovery and testing cycle time.
• Develops automations and data driven insights from automations, measurement, and appropriate scoring algorithms.
• Modernizes the internal control framework and leads complex control identification, design, implementation, testing, and reporting.
• Leads the identification and resolution of complex control gaps and ensures effective design, implementation, and operation of controls across divisions and regions.
• Identifies and implements actions to increase effectiveness and reduce friction

Controls Management, Specialist:

1. Act as primary control domain expert aligned to business areas such as cash application to support design, documentation and assessment of Enterprise security and fraud controls.

2. Assess the design and operational effectiveness of controls to ensure compliance with policies and regulatory requirements with robust documentation of controls, test procedures and findings.

3. Collaborate with stakeholders such as ES&F team, business process owners and controls owners to Identify control gaps and provide actionable recommendations.

4. Ensure security controls testing aligns with global regulatory frameworks such as NIST CSF, ISO 27002, and COBIT along with identifying improvement opportunities to automate controls, reduce testing time etc.

5. Participate in special projects such as GRC Modernization and perform other assigned duties within control assurance team.

6. Advises key stakeholders and security policy owners during policy discussions. Interfaces with clients on all inquiries related to Information and ES&F Security capabilities.

7. Works with Compliance and Regional Security teams to understand global regulatory requirements for security, develop global Security policies and standards, and oversee implementation. Interfaces with external regulators for Information and IT Security.

8. Recommends, develops, implements and coordinates new security policies, standards, procedures and operating doctrine at all levels across the company. Interprets policy relating to Vanguard information security functions and provides guidance, as required.

What it takes:

• Minimum six years of relevant experience in conducting walkthroughs, planning and executing control testing/assurance within a financial services organization.
• Undergraduate degree or equivalent combination of training and experience. Cyber Security or Computer Science degree preferred.
• Demonstrated experience building and running automation and monitoring of cybersecurity controls for high volume transaction processing such as in the financial services.
• In-depth knowledge of relevant frameworks and control standards (i.e. NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services industry cyber regulations and guidelines and considered an expert in the domain.
• One or more of CISSP, CISM, CISA, CIA, CPA, or other relevant certifications required is preferred.

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

Client-provided location(s): Malvern, PA

Job ID: Vanguard-170171

Employment Type: FULL_TIME

Posted: 2025-08-22T20:23:37