IT Control Tester - Vanguard

Leads and executes the enterprise risk management framework in accordance with the divisional implementation plan. Provides oversight and guidance to the enterprise, division, and subdivision through the creation and application of standard and customized content, reporting and business analytics. Vanguard is seeking a diligent and technically astute IT Control Tester to join our Technology Risk function in our Dublin or London offices. This role is fundamental to maintaining trust with our clients and regulators by providing assurance on the technology control environment. You will be responsible for the end-to-end lifecycle of IT control assurance, from planning and executing tests to advising on control design. You will play a pivotal role in implementing our European IT control testing framework and future-proofing our control environment against a dynamic landscape of current and emerging regulations, including the EU's Digital Operational Resilience Act (DORA), the EU AI Act, and evolving data privacy frameworks. This position is ideal for a professional with a strong background in IT audit or risk who is eager to take on a hands‑on role in a complex and ever‑evolving regulatory environment.

• Test Planning & Scoping: Develop and maintain the annual IT control testing plan. Define the scope, objectives, timing, and methodology for each control test based on risk assessments and regulatory requirements.
• Control Evaluation & Execution: Execute detailed walkthroughs and testing of key IT general controls (ITGCs) and application controls identified in the Risk and Control Self-Assessment (RCSA) to validate their design and operating effectiveness.
• Framework Implementation & Enhancement: Drive the implementation and continuous improvement of the IT Control Testing Framework across our European entities, ensuring alignment with global standards and local regulatory nuances.
• Control Library & Regulatory Watch: Proactively monitor the regulatory landscape and translate requirements from current and emerging technology regulations into tangible, testable controls. Key regulations include:
• Operational Resilience & Cybersecurity: DORA and FCA Operational Resilience rules (SYSC), intra‑group and third‑party oversight controls.
• Data Privacy & Governance: GDPR, UK GDPR, and the EU Data Act.
• Emerging regulations: The EU AI Act, CTP.
• Advisory & Partnership: Partner with technology owners, developers, and project teams to provide proactive advice on control design and implementation for new systems, applications, and infrastructure changes.
• Issue Management & Reporting: Clearly document test results, manage findings in the Governance, Risk, and Compliance (GRC) platform, and collaborate with stakeholders to develop robust and timely remediation plans. Prepare clear, concise reports on the IT control posture for senior management and risk committees.
• Stakeholder Collaboration: Liaise effectively with First Line of Defence (business and IT), Global IT Controls testing team, and Third Line (Internal Audit) to ensure a coordinated and comprehensive approach to assurance activities.

• Proven experience in IT Audit, IT Risk Management, or Technology Control Testing within the financial services or a similarly regulated industry.
• Strong practical knowledge of IT control frameworks, such as COBIT, NIST Cybersecurity Framework, and ITIL.
• Strong working knowledge of key regulations governing technology and data in financial services, such as Sarbanes‑Oxley (SOX), GDPR, DPA and the DORA. Demonstrable understanding of the impact of major emerging regulations like the EU AI Act.
• Demonstrable experience testing controls across key IT domains, including cybersecurity, cloud environments (AWS/Azure), DevOps, change management, access management, and IT operations.
• Hands‑on experience using GRC platforms (Archer) for control management and testing.
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.

• Professional certification such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control).
• Direct experience in the asset management sector.
• Experience performing readiness assessments for new or upcoming regulations.
• Excellent communication skills, with the ability to articulate complex technical issues to both technical and non‑technical audiences.

Vanguard is an equal opportunity employer. Vanguard is committed to providing all crew members a working environment that is free from discrimination, prejudice and bias. Through this Equal Employment Opportunity (EEO) Policy, Vanguard reaffirms its commitment to equal employment opportunity for all applicants and crew members without regard to race, color, national origin or ancestry, religion, gender, sex, sexual orientation, gender identity or expression, age, disability, marital status, veteran or military status. In addition, Vanguard prohibits discrimination based on genetic information, as well as any other characteristic protected by federal, state or local law. Applicants with disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Vanguard. Please inform careers@vanguard.com if you need assistance completing this application or to otherwise participate in the application process.