About Vanguard

More than 45 years ago, John C. Bogle had a vision to start an investment company that did things differently. A company with no external shareholders. Where all the profits were invested back into the business and used to lower costs. Evidently, it was as bold as it was brilliant. To this day, Vanguard Group still has no external shareholders. That means no share prices to protect, and no profits to generate for outside owners.

Today, Vanguard is one of the world’s largest investment management companies, serving more than 50 million investors worldwide. For more than 25 years Vanguard Australia has been supporting individual investors, financial advisers, and superannuation members to achieve their long-term financial goals.

As Cyber and Fraud Risk Specialist for Vanguard Australia (VIA), you will strengthen second-line oversight of Enterprise Security & Fraud (ES&F) services. Acting as an independent challenger and advisor, you’ll lead risk assessments, manage top cyber risks, and ensure robust controls while collaborating across global teams. This highly visible role delivers real impact in protecting clients and shaping our team’s strategy.

We’re seeking a candidate with strong risk management expertise and broad cyber experience in areas such as Dev Sec Ops, Vulnerability Management, Application Security, Third-Party Security, GRC, and Security Awareness. Prior experience with APRA regulations, particularly CPS 234, is required.

Core Responsibilities

• Provide independent risk guidance, oversight, and assurance to divisional partners in line with Vanguard’s operational and strategic risk framework

• Lead and enhance technical cyber risk management practices within VIA, setting measurable goals and driving continuous improvement

• Conduct and review cyber risk assessments, identify and prioritize emerging risks, and advise on control design, testing, and remediation

• Support the development and implementation of short- and long-term cyber risk strategies aligned with departmental objectives and regulatory requirements

• Build strong relationships with divisions, acting as a trusted advisor and influencing risk-aware decision-making

• Assess existing controls, recommend improvements, and leverage industry best practices to strengthen cyber resilience

• Drive continuous improvement in technical standards, methodologies, and technologies.

• Participate in special projects and contribute to enterprise-wide risk initiatives as required

Qualifications

• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

• Minimum of five years experience in Risk Management, Cybersecurity, or IT

• Certificates in relevant domains (e.g. CISSP, CRISC, AWS, Azure, etc)

• Familiarity with relevant frameworks (i.e. NIST CSF, ISO 27001)

Inclusion Statement

Vanguard’s continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: “Do the right thing.”

We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard’s core purpose through our values.

When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard’s core purpose.

Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.