PitchMeAI
hackajob

Governance, Risk & Compliance Analyst, Specialist

hackajob · Malvern, PA

  • On site
  • Full-time
  • $100,000 / year
  • Malvern, PA

Job highlights

  • Lead GRC modernization and risk assessments.
  • Develop and scale forward-looking GRC programs.
  • Advise teams on compliance and security.
  • Utilize data-driven and automation strategies.
  • Collaborate with stakeholders on policy implementation.

About the role

About The Job

In this role, you will help deliver on our investment in GRC modernization. You will lead risk assessments, design and scale forward-looking governance, risk, and compliance programs, and serve as a trusted advisor who helps teams move faster and smarter while staying audit-ready and compliant. The Governance, Risk & Compliance Analyst, Specialist is a key member of Vanguard’s Global Enterprise Security’s Governance, Risk, Compliance (GRC) and Strategic Operations team. This position recommends, develops, implements, and monitors enterprise-wide information security policies, standards, and operational guidelines. It assesses the end-to-end integrated GRC framework of information security policies, standards, and operational control linkages to manage cyber security risks within tolerances, satisfy regulatory obligations, and address expanding requirements, with exceptional stakeholder experience. Data-driven approaches will be used to predict risk issues, develop solutions, and partner with key owners and stakeholders. Automation will be used to accelerate delivery and improve effectiveness.

Responsibilities

  • Works with Enterprise Security and Fraud subdivisions and business units as the technical authority regarding security of application and systems software, equipment, and related capabilities and performance characteristics to evaluate their effectiveness at meeting defined requirements, determining integration requirements and identifying ramifications on operations of their implementation.
  • Conducts security and fraud assessments, risk analyses and assesses contingency plans for to verify existence and effectiveness of safeguards.
  • Supports the development and maintenance of a portfolio of global security and fraud policies and standards. Monitors and maintains the lifecycle of the portfolio. Responsible for oversight of management and decisions related to methodology and policy for all Security and fraud functions.
  • Advises key stakeholders and security policy owners during policy and standards discussions.
  • Interfaces with clients on all inquiries related to Information and IT Security and fraud capabilities.
  • Works with Compliance and Regional Security and Fraud teams to understand global regulatory requirements, develop global and regional policies and standards, and oversee implementation.
  • Interfaces with external regulators for Information and IT Security and Fraud.
  • Reviews and analyzes current and proposed policy and standards directives and IT technical issues which may affect the implementation of Information Security and Fraud across the enterprise.
  • Recommends, develops, implements and coordinates new security policies, standards, controls and operating doctrine at all levels across the company. Interprets policy relating to Vanguard information security and frau functions and provides guidance, as required.
  • Defines and implements automations to accelerate delivery and improve effectiveness.
  • Defines and implements data-driven approaches and dashboards to predict risk issues, develop solutions, and partner with key owners and stakeholders.
  • Designs, implements and supports modernized GRC process and tool capabilities.
  • Participates in special projects and performs other duties as assigned.

Qualifications

  • Seven years related work experience, Information Security or fraud experience required.
  • Undergraduate degree or equivalent combination of training and experience. Computer Science degree preferred.
  • In-depth knowledge of relevant frameworks and standards (i.e., NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services industry cyber regulations and guidelines, and considered an expert in the domain.
  • Demonstrated experience with GRC solutions platform and automation capabilities.
  • Excellent communication and influencing skills.
  • Influence key stakeholders and security policy and control owners.
  • Professional certification (CISSP, CISM, CompTIA, SANS, ISC2) preferred.

Special Factors

Sponsorship: Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

Key skills/competency

  • Governance Risk and Compliance
  • Information Security
  • Risk Assessment
  • Policy Development
  • Regulatory Compliance
  • GRC Tools
  • Automation
  • Data Analysis
  • Stakeholder Management
  • Cyber Security Frameworks

Skills & topics

  • Governance
  • Risk
  • Compliance
  • Analyst
  • Specialist
  • Information Security
  • Cyber Security
  • GRC
  • NIST
  • ISO 27002
  • Vanguard
  • Policy Development
  • Risk Assessment
  • Automation

How to get hired

  • Tailor your resume: Highlight your 7+ years of Information Security or fraud experience, GRC frameworks knowledge, and certifications.
  • Showcase GRC expertise: Emphasize your experience with GRC platforms, automation, and data-driven approaches.
  • Demonstrate communication skills: Prepare examples of influencing stakeholders and advising on policies.
  • Understand Vanguard's mission: Align your application with Vanguard's commitment to client financial well-being.
  • Prepare for hybrid work: Be ready to discuss your adaptability to a hybrid work environment.

Technical preparation

Master NIST CSF, NIST 800-53, CIS Controls, ISO 27002.,Gain experience with GRC platforms and automation.,Understand financial services industry regulations.,Develop data-driven risk assessment skills.

Behavioral questions

Describe a complex risk assessment you led.,How do you influence stakeholders on policy changes?,Share an experience using automation in GRC.,How do you ensure audit readiness?

Frequently asked questions

What are the key responsibilities for a Governance Risk and Compliance Analyst Specialist at Vanguard?
As a Governance Risk and Compliance Analyst Specialist at Vanguard, you will be responsible for leading GRC modernization efforts, conducting risk assessments, developing and implementing enterprise-wide information security policies and standards, and advising stakeholders on compliance and security matters. You will also leverage data-driven approaches and automation to improve effectiveness and ensure audit readiness.
What qualifications are essential for the Governance Risk and Compliance Analyst Specialist role at Vanguard?
Vanguard seeks candidates with at least seven years of related work experience in Information Security or fraud. A strong understanding of frameworks like NIST CSF, NIST 800-53, CIS Controls, and ISO 27002, along with experience in financial services industry cyber regulations, is crucial. Experience with GRC solutions platforms and automation capabilities is also required. A Computer Science degree and relevant professional certifications are preferred.
Does Vanguard offer visa sponsorship for the Governance Risk and Compliance Analyst Specialist position?
No, Vanguard is not offering visa sponsorship for this particular Governance Risk and Compliance Analyst Specialist position.
What is Vanguard's approach to working arrangements for this role?
Vanguard has implemented a hybrid working model for the majority of its crew members. This model is designed to balance flexibility with in-person collaboration, learning, and connection, fostering a mission-driven and collaborative culture.
How can I demonstrate my suitability for the Governance Risk and Compliance Analyst Specialist role during the application process?
To demonstrate your suitability, tailor your resume to highlight your extensive experience in information security and GRC, specific knowledge of relevant frameworks and regulations, and any experience with GRC platforms and automation. Prepare to discuss your communication and influencing skills, and how you've successfully advised stakeholders on policy and compliance matters.
What kind of impact does the Governance Risk and Compliance Analyst Specialist have at Vanguard?
The Governance Risk and Compliance Analyst Specialist plays a vital role in ensuring Vanguard's information security and compliance frameworks are robust, up-to-date, and effective. Your work contributes directly to managing cyber security risks within tolerances, meeting regulatory obligations, and supporting the long-term financial well-being of Vanguard's clients through secure and compliant operations.