Senior Manager, Governance, Risk & Compliance

The Senior Manager, Governance, Risk & Compliance is a key leadership position in Vanguard's Global Enterprise Security's Governance, Risk, Compliance (GRC) and Strategic Operations team. This position leads a team which oversees, recommends, develops, implements, and monitors enterprise-wide information security policies, procedures, and operational guidelines. It sets the departmental Enterprise Security and Fraud GRC vision and develops strategies in alignment with the overall mission. Modernize integrated GRC framework to align with evolving risks, technological advancements, business priorities, and regulatory obligations.

Core Responsibilities

• Hires, evaluates, and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.
• Defines and executes the vision, strategy, and roadmap for GRC to support the overall cybersecurity and fraud risk objectives and priorities.
• Oversees partnerships with Enterprise Security and Fraud subdivisions and Vanguard business units regarding security of application and systems software, equipment, and related capabilities and performance characteristics to evaluate their effectiveness at meeting defined security requirements. Defines integration requirements and identifies ramifications on Security and Fraud, IT and business unit operations of their implementation.
• Develops and maintains a comprehensive portfolio of global security policies and standards. Oversees and manages the entire lifecycle of the portfolio, ensuring alignment with organizational goals and regulatory requirements. Responsible for governance and decision-making related to methodology and policy for all security and fraud functions.
• Influences key stakeholders and security policy owners during policy discussions. Interfaces with clients on all inquiries related to Information and IT Security capabilities, bringing in technical experts as client situations demand. Responsible for review and approval of all RFP responses related to security.
• Leads the modernization initiative to update a cohesive GRC framework, aimed at simplifying, upgrading, and creating clear visibility for policies, standards, controls, and taxonomy. Ensures alignment with risk management and compliance obligations at both enterprise and regional levels.
• Develops automations and data driven insights from to drive effective operations and risk reduction.
• Briefs leadership on the state of cybersecurity and Fraud GRC to provide insights into trends and impact of strategic business, technology, and cybersecurity investments.
• Works with Compliance and Regional Security and fraud teams to understand global regulatory requirements for security, develop global Security and Fraud policies and standards, and oversee implementation. Interfaces with external regulators for Security and Fraud.
• Leads the development and maintenance of the Security and Fraud organization's key risk indicators and key performance indicators in partnership with Line 2 risk management.
• Participates in special projects and performs other duties as assigned.

• Minimum of ten years related work experience.
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
• Proven leadership experience leading global cross-functional teams.
• Demonstrated experience setting vision, strategy, and modernization service capabilities.
• In-depth knowledge of relevant frameworks and control standards (i.e., NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services industry cyber regulations and guidelines, and considered an expert in the domain.
• Proficient in developing effective cybersecurity GRC OKRs and risk-based controls dashboards.
• Excellent communication and influencing skills.
• Influence key stakeholders and security policy and control owners.
• Professional certification (CISSP, CISM, CompTIA, SANS, ISC2) preferred.