Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.
Within GR&S, the Enterprise Security and Fraud**(ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.**
Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Privileged Access Management (Cyber Ark) - Technical Lead

Role Summary:

We're seeking a hands-on Technical Lead to own and evolve our Cyber Ark-based Privileged Access Management platform. You will provide day-to-day technical leadership, architect and deliver platform enhancements, drive automation (PowerShell first), and integrate PAM with AWS (EC2, Windows, Linux)workloads and CI/CD pipelines (GitHub). You'll be the escalation point for complex incidents, mentor engineers, and ensure controls meet security, audit, and uptime expectations.

Key Responsibilities:

• Technical Leadership & Delivery
• Serve as the technical owner for the Cyber Ark PAM platform (e.g., PVWA, PSM, CPM, CCP, REST APIs), setting technical direction, prioritizing work, and guiding a small squad of PAM engineers.
• Translate risk, compliance, and audit requirements into secure, reliable designs, standards, and runbooks; review and approve platform changes.
• Platform Engineering & Automation
• Design, implement, and optimize platform policies, platforms, safes, rotations, and reconciliation**; automate repeatable tasks using** PowerShell**(preferred) and** Python (nice to have).
• Build and maintain GitHub-based CI/CD (Actions/workflows) to version, test, and deploy Cyber Ark configuration-as-code and custom utilities; enforce branching and code-review standards.
• Cloud & OS Integrations
• Integrate PAM with AWS**(with emphasis on** EC2, Windows and Linux hosts): onboard privileged accounts and secrets, and harden session flows (PSM/PSMP).
• Champion JIT privileged access patterns for cloud and on-prem, minimizing standing privilege while preserving operational velocity.
• Operations, Reliability & Troubleshooting
• Own incident response and problem management for PAM: lead major incident bridges, perform root cause analysis, and implement corrective/preventive actions.
• Define and track SLAs(e.g., vault availability, checkout/rotation success, PSM session health, onboarding cycle time); build dashboards and actionable alerts.
• Security & Compliance
• Ensure adherence to internal SOPs and user procedures for PAM operation and access hygiene,
• Partner with Audit, Risk, and Security Engineering to evidence controls, complete assessments, and pass audits without exceptions.

Stakeholder Management & Mentoring

• Collaborate with platform, app, and infrastructure owners to onboard use cases, plan releases, and communicate changes.

• Coach and upskill engineers in PAM concepts, secure automation, and operational excellence.

• Required Qualifications

• 7+ years TL experience, including3+ years leading technical delivery or a platform engineering squad.

• Expert troubleshooting across Windows and Linux, including credential flows, session brokering, networking, DNS/Kerberos/LDAP, and endpoint agents.

• PowerShell development: modules, robust error handling, logging/telemetry, parallelization, and secure secret handling.

• GitHub: Actions/workflows, environment protection rules, reusable workflows, code reviews, and artifact/version management.

• AWS: Practical experience with EC2 and OS-level onboarding (Windows & Linux), SSM/Run Command/Session Manager, tagging/auto-onboarding patterns, VPC/security group fundamentals.

• Strong understanding of Cyber Ark components (PVWA, CPM, PSM, EPM/Endpoint Privilege Management), policy design, platform plug-ins, and API usage.

• Proven ability to write clear runbooks/SOPs, influence architecture decisions, and lead incident bridges.

• Preferred Qualifications

• Python for REST/API integrations, data shaping, and service utilities.

• Experience with secrets management for apps/automation (e.g., Secrets Manager/API-based retrieval).

• IaC exposure (CloudFormation or Terraform) for PAM-adjacent infrastructure.

• Familiarity with logging/observability stacks (CloudWatch, Splunk) and SIEM integrations for PAM events.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work:

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.