Senior Technology Auditor, Security & Privacy
Financial integrity from the inside out
Are you a Security and Privacy IT professional looking for a change? Consider Internal Audit. We've got an IT Security and Privacy Senior Auditor opportunity open in Malvern, PA. You will work closely with IT partners to help identify and manage risks to our networks and applications and will be seen as a critical line of defense for our technical environment. This position includes both hands-on security testing and consulting on IT security, risk mitigation, and control improvements. Hands on security testing and assessment experience in areas such as network security, encryption, endpoint detection and response, intrusion detection and prevention is a plus. Security information and event management, password vaults, vulnerability management, secure baseline configuration, e-mail protection, and incident response is also a plus. You'll assess risks and effectiveness of controls based on your technical knowledge and experience.
In this role you will
- Conduct hands-on testing to manage and execute audit and advisory engagements within security and privacy domains. This complex work (including research, evaluation and analysis, testing and reporting) focuses on risk, governance, process, technology, controls, and operating practices of assigned engagements. Strong technical knowledge is key as these audits will focus on highly technical testing and systems analysis.
- Prepare and deliver high-quality internal work papers and deliverables such as process/control narratives, flowcharts, testing documentation, conclusions, recommendations, and audit report findings that will be shared with the audit team and clients.
- Identify opportunities to strengthen processes/controls and related remediation efforts and provide recommendations to business leaders.
- Cultivate mutually beneficial working relationships with business process owners and management in order to effectively discuss engagement progress and results. Participate in client discussions throughout the engagement and execution of audit and advisory work.
- Act as a mentor to less experienced auditors by coaching on internal audit processes and methodology, as well as business lines and supporting technology. Review other team members' work and encourage healthy debate and collaboration among the team.
- Strong IT security knowledge such as application security architecture, network security, data security administration, database security is preferred. Working experience and/or knowledge of web and mobile technology.
- Have working experience with common security risk frameworks, for instance, ISO 27000, NIST, and CIS Critical Security Controls.
Support decision-makers and financial futures
You'll communicate with various levels of management (department and client) to discuss engagement progress and results. You'll participate in client discussions throughout the engagement and execute audit and advisory work, including assessment of risk and effectiveness of controls based on relevant knowledge and experience.
What it takes
- Undergraduate degree in a business related field of concentration or equivalent combination of training and experience. Professional certification or advanced degree (MBA, CPA, CIA, CISSP, CCSP, CEH, CompTIA Security+, GSEC, CISA, etc.) is a plus.
- Two to four years general business experience required. Experience in audit, risk or controls (i.e. operational audits, financial statement audits, internal audits, advisory/consulting, controls/compliance/legal) preferred.
- Working knowledge of and demonstrated interest in the financial services industry.
- Demonstrated ability to function in fast paced, ambiguous environment working with multiple and diverse responsibilities.
- Strong conceptual thinking aptitude.
- Excellent time and project management and strong relationship management skills.
- Strong interpersonal skills, including: written and verbal communications, willingness to assist in areas outside of direct assignments when necessary, and commitment to self-improvement and completion of team objectives.
Vanguard is not offering visa sponsorship for this position.
We are Vanguard. Together, we're changing the way the world invests.
For us, investing doesn't just end in value. It starts with values. Because when you invest with courage, when you invest with clarity, and when you invest with care, you can get so much more in return. We invest with purpose - and that's how we've become a global market leader. Here, we grow by doing the right thing for the people we serve. And so can you.
We want to make success accessible to everyone. This is our opportunity. Let's make it count.
Vanguard's continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: "Do the right thing."
We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard's core purpose through our values.
When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose.
Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.
Back to top