Governance, Risk & Compliance Analyst, Specialist
Vanguard · Dallas, TX · 2 days ago
HybridLegalFull-time
About the role
You will lead the modernization, rewriting, and ongoing management of cybersecurity policies and standards. You will develop clear, actionable, and audit-ready requirements that align to enterprise risk, regulatory, and control expectations while helping teams understand and comply with security governance requirements.
Responsibilities
- Develop and maintain enterprise security requirements
- Strengthen alignment between policies, controls, risks, and regulatory obligations
- Partner with stakeholders to deliver practical, audit-ready solutions
- Evaluate the effectiveness of application and system software, equipment, and related capabilities and performance characteristics
- Support the development and maintenance of a portfolio of global security and fraud policies and standards
- Maintain the lifecycle of the portfolio
- Oversee management and decisions related to methodology and policy for all Security and fraud functions
- Advise key stakeholders and security policy owners during policy and standards discussions
- Interface with clients on all inquiries related to Information and IT Security and fraud capabilities
- Support the development and maintenance of a portfolio of global security and fraud policies and standards
- Monitor and maintain the lifecycle of the portfolio
- Work with Compliance and Regional Security and Fraud teams to understand global regulatory requirements, develop global and regional policies and standards, and oversee implementation
- Interface with external regulators for Information and IT Security and Fraud
- Review and analyze current and proposed policy and standards directives and IT technical issues which may affect the implementation of Information Security and Fraud across the enterprise
- Recommend, develop, implement, and coordinate new security policies, standards, controls, and operating doctrine at all levels across the company
- Interpret policy relating to Vanguard information security and fraud functions and provide guidance, as required
- Define and implement automations to accelerate delivery and improve effectiveness
- Define and implement data-driven approaches and dashboards to predict risk issues, develop solutions, and partner with key owners and stakeholders
- Design, implement, and support modernized GRC process and tool capabilities
- Participate in special projects and perform other duties as assigned
Qualifications
- Seven years related work experience, Information Security or fraud experience required
- Undergraduate degree or equivalent combination of training and experience
- In-depth knowledge of relevant frameworks and standards (i.e., NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services industry cyber regulations and guidelines, and considered an expert in the domain
- Demonstrated experience with GRC solutions platform and automation capabilities
- Excellent communication and influencing skills
- Influence key stakeholders and security policy and control owners
- Professional certification (CISSP, CISM, CompTIA, SANS, ISC2) preferred