Key Responsibilities Program Strategy & Leadership

• Own and execute the enterprise Security Awareness & Learning strategy, aligned to the organization’s overall cyber, fraud, and operational risk posture.

• Translate emerging threats, regulatory expectations, and industry intelligence into relevant, actionable employee education.

• Lead and develop a high‑performing security awareness and learning team. Develop and execute strong success metrics to measure team performance. Hires, evaluates, and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.

Security Training and Education

• Support, Design, Expand and Iterate our enterprise education covering:

• Cybersecurity fundamentals and secure behaviors

• Identity and Access Management (e.g., credential protection, MFA, privileged access hygiene, access certifications)

• Physical security responsibilities (e.g., tailgating prevention, badge security, remote work considerations)

• Fraud and social engineering threats (e.g., phishing, vishing, deepfakes, insider risk indicators)

• Ensure training is role‑based and risk‑appropriate, with enhanced content for higher‑risk roles (e.g., executives, customer‑facing staff, finance, technology, and help desk teams).

• Continuously refresh content based on emerging risks (e.g., phishing trends, fraud patterns, AI‑enabled social engineering).

• Partner with Cyber Threat Intelligence and Fraud teams to ensure consistency between awareness messaging and active threat conditions.

Phishing, Social Engineering & Fraud Readiness

• Oversee phishing and social engineering preparedness programs, including simulations and just‑in‑time education.

• Continuously identifying, prioritizing, and creating multi-channel awareness campaigns to mitigate top risks and emerging threats.

• Promote a security-minded culture, reinforcing employee responsibility for identifying and escalating suspicious activity.

• Align employee education with fraud prevention frameworks and internal controls to reduce financial and reputational impact.

Exercises & Practical Readiness

• Partner with Cybersecurity, Fraud, and Business Continuity teams to integrate awareness outcomes into tabletop and simulated exercises in partnership with the Cyber Security Operations Center and the Red Team.

• Reinforce employee roles and expectations during cyber and fraud incidents, ensuring learning translates into real‑world response readiness.

Measurement & Continuous Improvement

• Define and track meaningful metrics beyond completion rates (e.g., behavior change, reporting rates, reduced susceptibility, improved response times).

• Use data to adjust training frequency, content focus, and delivery methods.

• Provide regular executive reporting on program effectiveness, trends, and risk reduction.

Governance & Stakeholder Engagement

• Maintain alignment with regulatory expectations, audit requirements, and internal policy standards.

• Understand and implement controls and evidence processes that provide guardrails of assurance for policy integrity.

• Partner with HR and Compliance to ensure training is integrated into the employee lifecycle (onboarding, role changes, annual refresh).

• Represent the organization in industry forums and peer exchanges related to security awareness and culture.

Qualifications Required

• Bachelor’s degree or equivalent experience in Information Security, Risk Management, Education, or a related field

• Minimum five years related work experience with three years experience in IT security or application development. Supervisory experience preferred.

• Strong understanding of:

• Cyber security principles and security operations functions

• Identity and Access Management concepts

• Fraud and social engineering tactics

• Physical security responsibilities

• Proven ability to influence and engage at all levels of the organization, including executives

• Strong written and verbal communication skills.

Preferred

• Demonstrated experience leading an enterprise security awareness or learning program, or related security leadership experience, preferably in financial services or a regulated industry

• Familiarity with financial‑services regulatory expectations related to security training and awareness

• Certifications such as CISSP, CISM, CRISC, Security+, or equivalent

• Experience with phishing simulation platforms, learning management systems, and awareness metrics

Success in This Role Looks Like

• Employees clearly understand their role in protecting the organization from cyber, fraud, and physical threats

• Security awareness is perceived as relevant, timely, and practical, not check‑the‑box

• Measurable reductions in human‑enabled risk

• Strong alignment with financial‑services and technology peers and industry best practices

Special Factors Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.