The Lead Security Risk and Controls Analyst will be responsible for providing risk assessment and control assurance work in the information security space. In addition, this lead analyst will perform project based work as needed to help mature risk management and assurance capabilities.
1.Provides senior level expertise for IT control-related matters. Collaborates with and influences technology leaders and crew to create, sustain, and strengthen IT's internal control framework through control identification, design, implementation, and testing.
2.Assists Control Analyst III with design, implementation, and ongoing monitoring of key controls across the division.
3.Provides consultation, facilitation and analytical support to ensure internal controls are properly aligned and implemented to ensure flawless service and compliance with all business partner expectations. Provides guidance and support to management, process, and control owners on responsibilities.
4.Consults with leadership on complex control-related issues. Provides senior level consulting to IT on internal audit activities and results as well as risk mitigation initiatives in response to audit findings.
5.Educates and influences business partners on control design and effectiveness and recommends actions to increase effectiveness of those controls.
6.Develops effective working relationships throughout the subdivision & division. Collaborates with the department and management sharing best practices regarding key controls to influence and effectively communicate control solutions to all appropriate parties. Provides guidance, training and motivation necessary to create control awareness, ownership and accountability to IT crew.
7.Consults with Enterprise Risk Management, Information Security, Internal Audit and external Audit, Corporate Compliance, Legal and other appropriate parties sharing expertise and knowledge to strengthen the IT control environment.
8.Participates in special projects and performs other related activities as assigned.
Undergraduate degree or equivalent experience is required with emphasis in Information Technology and / or Auditing preferred.
Minimum of five years industry experience.
CIA, CISA,CRISC,CISSP, CISM or CPA designation preferred.
Expert-level knowledge of internal control theory and practices, and IT Audit Techniques.
Expert-level knowledge in designing /evaluating information technology controls preferred. Experience as an IT Auditor is a plus. Experience working in Vanguard's Internal Audit department is a plus.
Excellent oral and written communication skills. Excellent presentation skills to all levels of personnel.
Strong consulting skills to include negotiation, influencing, and problem solving coupled with flexibility and sound business judgment.
Solid analytical skills and understanding of processes, technology and operational concepts.
Ability to work under tight time constraints and adapt quickly to changing priorities.
Additional Comments In this role you will have the opportunity to:
Provide lead level expertise for IT and security risk and control related matters with a focus in cybersecurity, physical security, logical access, and in general information security. Collaborate with and influence technology leaders and crew to create, sustain, and strengthen IT's internal control framework through control identification, design, implementation, and testing.
Participate in special projects and performs other related activities as assigned. Projects and activities may include:
High profile risk assessments, supporting senior risk and control analysts.
Special compliance assurance engagements in the areas of SOC1/SOC2 and cybersecurity requirements.
Support management in the design and implementation of a controls testing program, including the use of data analytics or quantitative methods.
The design and implementation of team level or leadership reports.
Vanguard is not offering visa sponsorship for this position.