About the position
Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.
Responsibilities
• Governance Execution and Sustainment Executes assigned components of Global Physical Security governance programs, including documentation development, updates, evidence collection, control support activities, and remediation tracking.
• Supports the creation, application, and maintenance of enterprise security policies, standards, controls, procedures, and governance reporting.
• Maintains governance artifacts, templates, and process documentation in alignment with ASIS, ISO, regulatory, and other best‑practice guidance.
• Document Lifecycle Management Maintains document lifecycle hygiene for assigned governance artifacts, including version control, scheduled review tracking, updates, and publication readiness.
• Ensures documentation accuracy, consistency, and accessibility to support audits, assurance activities, and leadership reporting.
• Assessment Support and Data Analysis Supports governance and program assessments through structured reviews of security practices, physical security configurations, access control processes, threat management documentation, and related activities.
• Performs data validation, analysis, and tracking to support program transparency, issue identification, and progress monitoring.
• Control Execution and Quality Assurance Supports execution of assigned security controls, including evidence validation, control testing support, and tracking of control effectiveness over time.
• Supports quality assurance activities by identifying inconsistencies, documentation gaps, or execution issues and escalating as appropriate.
• Operational Reporting Prepares dashboards, metrics, and governance reports that communicate program status, risks, and remediation progress.
• Supports recurring governance reporting cycles and standing governance routines.
• Planning, Training, and Exercises Support Drafts and maintains security plans, annexes, procedures, and playbooks under direction of governance leadership or specialists.
• Develops exercise products, including situation manuals, exercise plans, after‑action reports, and improvement plans.
• Supports exercise execution activities, including coordination, documentation during exercises, and tracking of improvement actions.
• Supports training governance activities, including maintenance of training materials, tracking of completion, and documentation of training effectiveness.
• Cross‑Functional Coordination Coordinates with domestic and international stakeholders, including security teams, facilities, cyber, operational risk, and regulatory partners, to support governance execution and information gathering.
• Supports scheduling, data requests, and logistics associated with governance routines and reviews.
• Issue Tracking and Escalation Tracks remediation activities and follow‑up actions.
• Escalates issues, risks, or execution gaps in accordance with established governance processes.
• Special Assignments Contributes to maturity assessments, operational improvement initiatives, and modernization efforts as assigned.
Requirements
• 5 years of experience in security management, physical security, emergency management, threat assessment/risk management, business continuity, or related disciplines.
• Strong organizational skills with demonstrated experience managing detailed workstreams and recurring activities.
• Strong written communication skills, including drafting plans, policies, procedures, playbooks, checklists, project documentation, and exercise materials.
• Knowledge and experience with incident command systems and effective crisis management response processes.
• Undergraduate degree required or equivalent combination of training and experience.
Nice-to-haves
• Broad experience developing exercise products, including situation manuals, exercise plans, after‑action reports, and improvement plans, preferred.
Benefits
• comprehensive health and wellness care
• work-life balance
• an investment in your future