Vanguard Australia has been helping investors achieve their long-term financial goals for over 20 years. Serving institutional and individual clients, and financial advisers, we offer investment solutions that are low-cost, diversified and robust through time.
With more than AUD $10 trillion in assets under management Vanguard is one of the world's largest global investment management companies. In Australia we partner with institutional clients, financial advisers and individual investors to offer low-cost investment solutions. Our comprehensive range of managed funds, exchange traded funds (ETFs) and tailored investment solutions are built to support long-term investment success for our clients. Our Team & Opportunity
The Vanguard Security Architecture and Engineering team provides Security Architecture and Design services into local projects to ensure that the controls are aligned to the Vanguard and regulatory standards. They also provide Engineering and support to local projects and security teams to ensure that there is support and in region coverage for these implementations.
To assess and document risks to Vanguard's systems (infrastructure, application, and third-party) by managing assessment plans and by performing security reviews and vulnerability testing of systems, architectures, and configurations. Provide guidance to asset owners and risk teams regarding the mitigation and acceptance of risks. Define technical security requirements. What you will do
What are we looking for
- Works with individual clients including IT sub-divisions, third party partners, and the business units as the technical authority regarding security of business applications and systems for the purpose of evaluating their effectiveness at meeting defined security requirements, determining integration requirements and identifying ramifications on IT and business unit operations of their implementation.
- Participates in identification of technical security solutions, and coordinate and lead adoption of new security initiatives and solutions.
- Maintains and manage the security assessment process, lead and participate in security assessment process improvements.
- Lead engagements with key business and technology stakeholders to capture business requirements, technology landscape and identify appropriate security principals, standards and guidelines whilst ensuring that cyber security controls meet the business requirements for performance and effectiveness.
- Review proposed architecture/platforms and identify integration issues and ensure that they align to Vanguard standards
- Assessment of new technologies and their potential impacts on the existing security architecture and where issues are identified, develop options to achieve project and architectural objectives
- Lead the development of security knowledge, patterns and expertise in the form of worked solutions to commonly encountered security problems
- Create and review security design documentation and work with project teams, and enterprise architects to align to the security requirements and
- organizational risk appetite
- Ensure that the cyber security controls are effective and proportionate for the immediate and ongoing needs of the Vanguard organization
- Report security control deficiencies or gaps using appropriate enterprise risk management frameworks and processes
- Ensures the adequacy of existing information security controls, identifies potential and actual system vulnerabilities and recommends corrective measures. Identifies emerging strategic security needs and makes recommendations to resolve issues prior to their fruition.
- Evaluates Vanguard technical acquisitions, infrastructure and development processes to ensure that adequate security measures are established and maintained, according to established policies.
- Investigates complex potential or actual information security violations or incidents and identifies areas or issues requiring IT security-related research and development efforts. Conducts intense analyses and evaluation of technical and administrative security measures which may not have clear precedents.
- Evaluates security consulting resources, manages relationship and performs periodic lessons learned with the security firms.
- Participates in special projects and performs other duties as assigned.
- Undergraduate degree or equivalent combination of training or experience required. Graduate degree preferred.
- 10+ years technical experience in relevant technology implementation, e.g. application, infrastructure. Experience in IT security preferred.
- Strong understanding of Identity standards (oauth / oidc) and Identity products (Okta)
- Strong understanding of development pipelines
- Ability to obtain within 2 years one profession security certification such as ISC2 CISSP, GIAC Security
- Demonstrated excellent professional, communication, interpersonal, and influence skills.
- Experience mitigating technical security vulnerabilities preferred.
Vanguard's continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: "Do the right thing."
We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard's core purpose through our values.
When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose.
Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.