Cloud Security Assurance Manager

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource - by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

• Build & maintain a high-performing Cloud Security Assurance team. Provide mentorship, coaching, and professional development to team members. Assess performance and make informed compensation decisions in accordance with HR policies and procedures
• Lead the team that leverages cloud security assessment tools (CNAPP/CSPM) to monitor Vanguard cloud assets for vulnerabilities and security configuration weaknesses
• Partner with the SOC, Cyber Threat Intel, Offensive Security Team, and other stakeholders to refine prioritization, to validate impact of suspected vulnerabilities, to advise owners on mitigation strategies or compensating controls, and to provide accurate & timely reporting that informs remediation progress
• Ensure timely resolution of false-positives investigations, requests for risk-acceptance or risk-rating adjustment of cloud security findings
• Coordinate implementation of cloud security controls - both oobox and custom - ensuring compliance with industry security standards
• Shape remediation SLAs, build-breaking policies, and other enforcement controls & guardrails
• Develops metrics, KPIs, and OKRs to measure the effectiveness the program and team's operations
• Coordinate with Engineering platform team to tune scanning tools to improve visibility and to meet additional security objectives
• Lead continuous process improvement and ensure the team is identifying opportunities for automation, fusion of disparate sources of security findings, and consistency of remediation owner experience.
• Provide latest industry expertise in emerging security practices and standards.

• Minimum of 5 years related work experience required, including experience in cloud security engineering, cloud vulnerability management, or general cloud cyber domains
• Undergraduate degree in a related field or the equivalent combination of training and experience
• Excellent leadership and team management skills, with a track record of building and leading high-performing teams.
• Experience with AWS, Azure, or GCP - with a strong understanding of cloud security principles
• Superb analytical and problem-solving skills, with the ability to assess and mitigate complex security risks
• Understanding of CI/CD pipelines
• Excellent communication and collaboration skills, with the ability to influence stakeholders multiple levels up

• Demonstrated passion for continuous learning
• Experience leading structured process improvement
• Experience with Aqua, Palo Alto Prisma, Wiz, CrowdStrike, Tenable Nessus, or Qualys
• Knowledge of Kubernetes preferred
• Experience with aggregators such as Brinqa, Kenna, Vulcan, Dazz, or Avalor
• Experience with risk controls and interacting with internal/external audit preferred
• Familiarity with emerging security technologies and trends, particularly in cloud security