Technical Risk Assurance Analyst, Specialist

As a Technical Risk Assurance Analyst, Specialist, within Global Technology Operations (GTO) you will serve as a strategic consultant addressing governance, risk, and compliance efforts in a highly regulated environment. This role is critical for maintaining IT service compliance, managing risks, and supporting audit readiness to uphold operational resilience and stakeholder trust.

You must be able to comfortably engage with senior IT leaders to communicate complex compliance concepts in clear, relatable terms to empower teams to proactively manage risk.

This role demands a strong understanding of industry standards— with the ability to interpret and translate these into actionable recommendations to ensure alignment and adherence.

You should have over five years in GRC roles, strong IT and risk knowledge, analytical skills, project management capabilities, familiarity with GRC tools like Archer, and understanding of standards such as ISO 27001 and NIST. Relevant certifications like CISA, CISSP, or CRISC are highly desirable.

Responsibilities:

• Lead and conduct security assessments to measure the adequacy of existing information security controls. Identify potential and actual system vulnerabilities, integration requirement and ramifications, and emerging strategic security needs and recommends corrective measures.
• Coordinate reporting on information security risks and works with IT sub-divisions, third party partners, and business units in identifying the impact of technology implementations on IT and business unit operations.
• Lead and maintain the evaluation and assessment process of in determining security requirements for data systems, networks, or websites. Identify system issues and recommend technical security solutions. Coordinate and lead the adoption of new security initiatives and solutions.
• Lead technical support for assessments of assets, risks, and the implementation of appropriate data security procedures and products. Ensure security requirements are met during implementation.
• Ensure the adequacy of development, testing and implementation processes for security plans, risk assessments, products, and control techniques.
• Evaluate Vanguard technical acquisitions, infrastructure and development processes, and investigate complex potential or actual information security violations to ensure that adequate security measures are established and maintained, according to established policies.
• Lead and coordinate security assessment plans, participate in the security vulnerability mitigation and acceptance process, and assist with managing vendor relationships.
• Participate in special projects and perform other duties as assigned.

Qualifications:

• Minimum five years related work experience with three years experience in IT security or application development.
• Undergraduate degree in related field or equivalent combination of training and experience.
• Preferred security certification such as ISC2 CISSP, GIAC Security, Essentials Certification (GSEC), GIAC Penetration Tester Certification (GPEN), GIAC Web App Pen Tester (GWPN), or Certified Ethical Hacker (CEH)

Special Factors

Sponsorship

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.