Global Security Controls & Compliance Lead

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

• Acts as the enterprise authority for physical security control governance, providing interpretation, oversight, and subject-matter expertise for regulatory and assurance requirements including Sarbanes-Oxley, SOC 1, SOC 2, SEC Regulation S-P, FINRA, GDPR, GS007, California Privacy, and related frameworks, as applicable to physical security.
• Owns the development, maintenance, and governance of the global physical security controls framework, including associated policies, standards, and control documentation, ensuring consistency, auditability, and global applicability.
• Provides authoritative guidance to physical security control owners during policy, standards, and control design discussions, ensuring regulatory intent is accurately translated into operationally feasible physical security requirements.
• Serves as the primary interface for internal and external inquiries related to physical security controls, including questions from Compliance, Risk, Audit, and business partners.
• Partners with Compliance, Audit, and Regional Security teams to interpret global regulatory requirements, develop enterprise physical security control policies and standards, and oversee consistent implementation across regions. Provides input and documentation to the Head of Governance for regulator and examiner interactions related to physical security.
• Advises on and reviews physical security risk assessments, control testing, and contingency planning for facilities, critical infrastructure, telecommunications capabilities, and other high-risk assets (people, places, and processes) to validate the existence and effectiveness of safeguards.
• Reviews and evaluates current and proposed policies, standards, and technical initiatives to assess their impact on enterprise physical security control effectiveness, regulatory alignment, and operational consistency.
• Leads the development, implementation, and coordination of physical security controls policies, standards, procedures, and operating doctrine, interpreting enterprise policy requirements and providing clear guidance to security and business stakeholders.
• Supports responses to due-diligence activities, including RFPs, client inquiries, and assurance questionnaires, by providing accurate descriptions of physical security controls, governance practices, and oversight mechanisms.
• Participates in enterprise and security-led initiatives that require physical security governance expertise and performs related duties consistent with the role's scope and authority.
• Enforce compliance with this Enterprise Data Governance Policy and associated standard(s) within their respective domains.
• Maintain metadata for critical data including but not limited to documentation of approved Authoritative Data Sources.

• Five+ related work experience in security audit or security controls.
• Bachelor's degree or equivalent combination of education and experience; degrees in security management, risk management, or related disciplines preferred.
• Demonstrated experience translating regulatory and assurance requirements into physical security controls and governance artifacts.
• Change management or governance-related certifications (e.g., Prosci, ISO, ASIS) preferred, as appropriate to role scope.