Director of Security Assurance

Vanguard, one of the world's largest investment management companies and a recognized employer of choice, seeks a Director of Security Assurance to lead, direct, and manage a team that is responsible for ensuring that Vanguard's IT systems and computing infrastructure are securely designed, architected, implemented, and managed.

1. Manages and engages staff. Provides guidance, training and motivation as necessary to develop staff. Hires, evaluates and counsels crew. Follows corporate disciplinary procedures per established Vanguard standards as required. Sets performance standards, reviews performance, provides feedback, and recommends wage increases in accordance with all applicable Human Resources policies and procedures.

2. Works with all IT sub-divisions as the technical authority regarding internal security controls of application and systems software, equipment, and related capabilities and performance characteristics; evaluates their effectiveness at meeting defined control objectives, determining remediation requirements and identifying impact on IT and business unit operations.

3. Advises all level of IT management and development/operations teams on key security controls needed within the organization specific to configuration management, networking, database management, application coding, availability, data center operations, etc. Responsible for ensuring a balance between operational and control needs.

4. Works in partnership with technology teams to understand and review system requirements to ensure that appropriate security controls are identified for new systems under development. Recommends and develops new security solutions, and/or modifies existing workflows and processes. Creates remediation plans and make appropriate updates to IT policies/procedures.

5. Leads the identification, assessment, mitigation, monitoring and reporting of security risks throughout IT. Develops and presents security assessment reports to management, highlighting findings, trends, and level of exposure including presentations to the Information Security Steering Committee & Divisional Staff Meetings as needed.

6. Acts as a key stakeholder in the various IT Governance teams where appropriate.

7. Establishes and maintains effective working relationships with department, division and executive management.

8. Develops and presents security assessment reports to management, highlighting findings, trends, and level of exposure.

9. Leads cross functional teams to address critical security risks to the business. Ensures that security risk related issues are appropriate being addressed within the IT environment by collaborating with key partners to include other ITSO teams, Legal, Fraud, Information Security, compliance, Contingency and Audit.

10. Directs and manages a significant security consulting budget and manages the vendor relationship with leading outside expert security consulting firms.

11. Participates in special projects and performs other duties as assigned.


  • 3+ years of experience with Application Security & Application Penetration Testing
  • Strong understanding of the variety of application development architectures, platforms, methodologies, and supporting operations.
  • Familiarity or experience with CI/CD
  • Familiarity with tools such as Veracode, BlackDuck, Sona Type and Fortify
  • An undergraduate degree in IT or related discipline, or an equivalent combination of education and experience.
  • Industry certifications (CISSP, SANS GSEC, GPEN, GWAPT, GWEB, OSCP, CASS, etc.) preferable.
  • Minimum of eight to ten years' broad senior technical, operations, or applications experience. Financial services industry experience, preferred.
  • Comprehensive understanding of the major underlying technologies used by SI and/or Technology Operations to deliver technology solutions
  • Previous hands on experience as a technical lead and architect focusing on security preferred.
  • Previous experience as a Project Manager/Line Manager preferred.
  • Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills.
  • Excellent knowledge of risk analysis, application and system software (including security software and hardware), related capabilities, and performance characteristics.
  • Technical knowledge of IT processes to include configuration management, networking, database management, application coding, availability, data center operations, etc.
  • Excellent understanding of technical security safeguards.
  • Strong IT experience related to software development and/or technical operations.
  • Solid business acumen, flexibility, and judgment to evaluate issues/problems of high complexity and make sound decisions.
  • Strong influencing skills to include negotiation, problem solving and conflict resolution.
  • Strong project management and people management skills.
  • Solid analytical skills and understanding of processes, technology and operational concepts.
  • Ability to interact effectively at all levels of personnel.

Vanguard is not offering visa sponsorship for this position.

Meet Some of Vanguard's Employees

Claire O.

Brokerage Investment Professional, Malvern, PA

Claire ensures that Vanguard clients have all the important and necessary industry information in order to make the best decisions for their personal investments.

Mohammad S.


Mohammad helps build digital website tools that answer important questions for company clients in an effort to eliminate lengthy phone calls for easily answerable questions.

Back to top