Third Party Technical Risk Assessment Analyst (Cybersecurity)

Leads a team in working with IT sub-divisions, third party vendors, and the business units as the technical authority on processes and best practices on third party risk assessments of applications and technologies.

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise‑wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk‑informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub‑division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state‑of‑the‑art security and fraud capabilities. We are a world‑class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever‑changing security landscape.

• Lead the analysis and evaluation of third‑party cybersecurity controls and technologies to determine whether security controls meet internal standards.
• Determine risk mitigation and remediation strategies in partnership with stakeholders.
• Identify emerging cybersecurity trends and needs making recommendations for process improvements as needed.
• Following the defined assessment methodology and documentation standards, produce assessment reports detailing the actions taken to assess and results of cybersecurity risk assessments.
• Participate in special projects and perform other duties as assigned.

• Strong related work experience, with at least three years of Third‑Party Security, IT Security, Cyber Security, and/or IT Audit experience.
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
• Be interested in obtaining one professional security certification such as ISC2 CISSP, GI Security Essentials Certification (GSEC), Certified Information Systems Auditor (CISA), etc.

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in‑person learning, collaboration, and connection. We believe our mission‑driven and highly collaborative culture is a critical enabler to support long‑term client outcomes and enrich the employee experience.