Cyber and Fraud Risk Specialist

Cyber and Fraud Risk Specialist at Vanguard

More than 45 years ago, John C. Bogle had a vision to start an investment company that did things differently. A company with no external shareholders. Where all the profits were invested back into the business and used to lower costs. Evidently, it was as bold as it was brilliant. To this day, Vanguard Group still has no external shareholders. That means no share prices to protect, and no profits to generate for outside owners.

Today, Vanguard is one of the world’s largest investment management companies, serving more than 50 million investors worldwide. For more than 25 years Vanguard Australia has been supporting individual investors, financial advisers, and superannuation members to achieve their long-term financial goals.

As Cyber and Fraud Risk Specialist for Vanguard Australia (VIA), you will strengthen second-line oversight of Enterprise Security & Fraud (ES&F) services. Acting as an independent challenger and advisor, you’ll lead risk assessments, manage top cyber risks, and ensure robust controls while collaborating across global teams. This highly visible role delivers real impact in protecting clients and shaping our team’s strategy.

We’re seeking a candidate with strong risk management expertise and broad cyber experience in areas such as DevSecOps, Vulnerability Management, Application Security, Third-Party Security, GRC, and Security Awareness. Prior experience with APRA regulations, particularly CPS 234, is required.

Core Responsibilities

• Provide independent risk guidance, oversight, and assurance to divisional partners in line with Vanguard’s operational and strategic risk framework
• Lead and enhance technical cyber risk management practices within VIA, setting measurable goals and driving continuous improvement
• Conduct and review cyber risk assessments, identify and prioritize emerging risks, and advise on control design, testing, and remediation
• Support the development and implementation of short- and long-term cyber risk strategies aligned with departmental objectives and regulatory requirements
• Build strong relationships with divisions, acting as a trusted advisor and influencing risk-aware decision-making
• Assess existing controls, recommend improvements, and leverage industry best practices to strengthen cyber resilience
• Drive continuous improvement in technical standards, methodologies, and technologies. Participate in special projects and contribute to enterprise-wide risk initiatives as required

Qualifications

• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
• Minimum of five years experience in Risk Management, Cybersecurity, or IT
• Certificates in relevant domains (e.g. CISSP, CRISC, AWS, Azure, etc)
• Familiarity with relevant frameworks (i.e. NIST CSF, ISO 27001)

Inclusion & How We Work

Vanguard’s commitment to diversity and inclusion ensures highly effective teams. We believe in empowering our crew to contribute their distinct strengths, uniting us in delivering on Vanguard’s core purpose: to take a stand for all investors, treat them fairly, and give them the best chance for investment success. Vanguard has implemented a hybrid working model for the majority of our crew members, combining flexibility with in-person collaboration and connection.

Key skills/competency

• Cybersecurity Risk Management
• Fraud Risk
• APRA Regulations (CPS 234)
• Vulnerability Management
• Application Security
• GRC (Governance, Risk, Compliance)
• DevSecOps
• NIST CSF
• ISO 27001
• Third-Party Security