Senior Cloud Security Architect, IAM Cloud

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Core Responsibilities

• Define and evolve cloud IAM architecture across authentication, authorization, federation, and identity governance.
• Own and drive the enterprise cloud IAM strategy, including modern authentication, non-human identities, and emerging AI use cases.
• Lead cloud security architecture reviews and influence engineering roadmaps toward secure, scalable outcomes.
• Design and implement cloud-native IAM patterns, including least privilege, policy-as-code, workload identity, conditional access, and service-to-service authentication.
• Establish and enforce IAM guardrails for Infrastructure as Code (IaC) using automated policy controls.
• Streamline secure access workflows through standardized roles, self-service access, and efficient onboarding.
• Monitor and reduce identity-related risk (excessive permissions, misconfigurations, toxic access paths) and translate insights into architectural improvements.
• Define and align policy-driven privileged access controls across cloud platforms, applications, and CI/CD pipelines.
• Partner with cloud engineering, DevSecOps, security, and risk/compliance teams to ensure alignment with enterprise security and regulatory standards.

• 8+ years of experience in IAM, Cloud Security, Security Architecture, or related enterprise IT roles, including 3+ years as a technology/security architect
• Bachelor's degree or equivalent combination of education and experience
• Experience leading technical initiatives (people or matrix leadership)
• Multi-cloud IAM expertise (AWS, Azure, GCP, OCI)
• Background in regulated environments (financial services preferred) with exposure to SOX, SOC, GDPR, DORA
• Certifications preferred: CISSP (preferred), GSEC, CISM, CCSP, and/or cloud provider certifications