Risk Specialist(Cyber)

About Vanguard 

More than 45 years ago, John C. Bogle had a vision to start an investment company that did things differently. A company with no external shareholders. Where all the profits were invested back into the business and used to lower costs. Evidently, it was as bold as it was brilliant. To this day, Vanguard Group still has no external shareholders. That means no share prices to protect, and no profits to generate for outside owners.  

Today, Vanguard is one of the world’s largest investment management companies, serving more than 50 million investors worldwide. For more than 25 years Vanguard Australia has been supporting individual investors, financial advisers, and superannuation members to achieve their long-term financial goals.  

As a Risk Specialist (Cyber) for Vanguard Australia (VIA), you will play a critical role in strengthening the organisation’s cyber risk management framework and second‑line oversight of Enterprise Security & Fraud (ES&F). In this independent advisory function, you will lead end‑to‑end risk assessments, drive the identification and management of key cyber risks, and ensure that effective controls and governance practices are in place. You’ll work closely with global partners to provide insight, escalate emerging threats, and guide decision‑makers toward sound risk‑mitigation strategies. This highly visible role directly contributes to safeguarding our clients and shaping the future direction of our risk posture and operational resilience.

We’re seeking a candidate with strong risk management expertise and broad cyber experience in areas such as DevSecOps, Vulnerability Management, Application Security, Third-Party Security, GRC, and Security Awareness. Prior experience with APRA regulations, particularly CPS 234, is required. 

 Core Responsibilities 

• Provide independent risk guidance, oversight, and assurance to divisional partners in line with Vanguard’s operational and strategic risk framework 

• Lead and enhance technical cyber risk management practices within VIA, setting measurable goals and driving continuous improvement 

• Conduct and review cyber risk assessments, identify and prioritize emerging risks, and advise on control design, testing, and remediation 

• Support the development and implementation of short- and long-term cyber risk strategies aligned with departmental objectives and regulatory requirements 

• Build strong relationships with divisions, acting as a trusted advisor and influencing risk-aware decision-making 

• Participate in special projects and contribute to enterprise-wide risk initiatives as required

Qualifications 

• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred. 

• Minimum of five years experience in Risk Management or Cybersecurity 

• Certificates in relevant domains (e.g. CISSP, CRISC, AWS, Azure, etc) 

• Familiarity with relevant frameworks (i.e. NIST CSF, ISO 27001) 

 Inclusion Statement 

Vanguard’s continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: “Do the right thing.” 

We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard’s core purpose through our values. 

When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard’s core purpose. 

Our core purpose: To take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.