Senior Security Assurance Specialist

The Security Assurance Specialist III leads the end-to-end coordination and execution of application and infrastructure security risk assessments, ensuring consistent, timely, and high-quality identification of cybersecurity risks and vulnerabilities. The role partners closely across cybersecurity, IT engineering teams, and business stakeholders to enable effective risk and vulnerability management across the enterprise.

Acting as the central assessment orchestration function, the specialist manages assessment intake, prioritization, scheduling, documentation, execution tracking, reporting, and vulnerability workflow oversight. The role blends deep cybersecurity risk expertise with strong program and project management discipline, leveraging Agile and Scrum-based practices to meet defined SLAs, quality standards, and reporting expectations.

The Security Assurance Specialist III provides expert-level technical guidance in evaluating and strengthening the security posture of Vanguard's systems, architectures, and configurations. This role coordinates and leads comprehensive security assessments, validates risk findings, and supports remediation strategies across critical business applications, infrastructure, networks, and web platforms. Through close collaboration with technology and business partners, the specialist influences secure solution design, drives strategic security improvements, and supports the continuous maturation of Vanguard's security capabilities.

**this Hybrid Role (in office Tues-Wed-Thurs) is based in Charlotte, NC, Dallas, TX, or Malvern, PA**

Key Responsibilities:

• Provide programmatic support and coordination for application and infrastructure security assessments.
• Own and manage the assessment lifecycle from intake through final reporting and closure.
• Coordinate assessment scheduling across multiple concurrent engagements, balancing priorities, dependencies, and resource availability.
• Partner with application teams, infrastructure owners, and product stakeholders to gather pre-assessment information, technical documentation, architecture diagrams, and required artifacts.
• Ensure assessment scope, assumptions, and prerequisites are clearly defined and validated prior to execution.
• Engage and coordinate assessment resources across cybersecurity and relevant IT divisions (e.g., engineering, infrastructure, cloud, platform teams).
• Act as the primary point of coordination between assessment teams and technology stakeholders to resolve scheduling conflicts, clarify requirements, and manage expectations.
• Facilitate effective communication across technical and non-technical audiences, ensuring transparency of status, risks, and dependencies.
• Escalate risks, delays, or resource constraints in a timely and structured manner.
• Ensure accurate and timely tracking of assessment activities, milestones, and deliverables leveraging enterprise toolsets and applications.
• Maintain high data quality standards for assessment records, findings, vulnerabilities, and workflow states in assessment and vulnerability tracking platforms.
• Coordinate the publication of draft and final assessment reports, ensuring appropriate review cycles, approvals, and distribution to stakeholders.
• Support audit-ready documentation and traceability across assessments, findings, and risk decisions.
• Support the collection, review, and routing of identified vulnerabilities through defined remediation, exception, or risk acceptance workflows.
• Coordinate vulnerability review and acceptance processes with technology owners, risk stakeholders, and governance bodies.
• Ensure vulnerabilities are properly documented, tracked, and dispositioned in alignment with enterprise risk standards and timelines.
• Monitor remediation progress and support reporting on overdue, at-risk, or escalated items.
• Support the collection, analysis, and reporting of assessment program metrics, including throughput, cycle time, backlog, and SLA adherence.
• Produce regular operational and management reporting to support capacity planning, prioritization, and performance transparency.
• Identify trends, bottlenecks, and improvement opportunities across the assessment lifecycle.
• Contribute to the continuous improvement of assessment processes, tooling, templates, and operating procedures.
• Apply program and project management best practices to manage complex, multi-workstream assessment activities.
• Maintain assessment roadmaps, intake queues, and execution plans aligned to business and technology priorities.
• Leverage Agile and Scrum-style practices where appropriate, including backlog management, sprint planning, stand-ups, retrospectives, and dependency tracking.
• Act as a Scrum Master-like facilitator for assessment delivery, removing impediments and enabling teams to operate efficiently.
• Support change management, stakeholder communications, and readiness activities for evolving assessment methodologies or tooling.

Education & Experience:

Bachelor's degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience).

5+ years of experience in cybersecurity, IT risk management, GRC, or security assessment coordination roles.

Demonstrated experience coordinating application and/or infrastructure security assessments in large, regulated, or complex environments.

Hands-on experience with GRC platforms, preferably RSA Archer, including assessment tracking, findings management, and workflow.

Strong understanding of cybersecurity risk concepts, vulnerabilities, and control assessment practices.

Preferred Qualifications & Certifications:

Experience working with NIST CSF, NIST 800-53, ISO 27001, CIS Controls, or similar frameworks.

Program or project management certifications (PMP, PgMP, PRINCE2) or Agile/Scrum certifications (CSM, SAFe, PMI-ACP).

Familiarity with vulnerability management, remediation tracking, and risk acceptance processes.

Experience supporting metrics, dashboards, and SLA-driven operational reporting.

Key Skills & Competencies:

Program & Project Management: Planning, prioritization, dependency management, and delivery execution.

Agile / Scrum Facilitation: Backlog management, impediment removal, team coordination.

Stakeholder Management: Ability to influence and coordinate across security, IT, and business teams.

Operational Rigor: Attention to detail, documentation quality, and audit readiness.

Communication: Clear, concise communication of technical risk information to varied audiences.

Process Improvement: Continuous improvement mindset with the ability to standardize and scale operations.

Special Factors

Sponsorship
Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission-we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.