Senior Manager, Business Information Security Officer

About The Position

Requirements

• Minimum of eight years related work experience, with three years of in Security and Compliance required.
• Undergraduate degree or equivalent combination of training and experience.
• CISSP and/or CISM required within one year.
• Proven experience developing and scaling a BISO program or similar business-aligned security initiative.
• Ability to design, implement, and evolve a BISO program that aligns with business goals and drives security maturity.
• Deep understanding of risk management frameworks, regulatory requirements (e.g., SOX, HIPAA, GDPR), and control environments.
• Strong grasp of business operations and the ability to translate security needs into business-relevant strategies.
• Familiarity with NIST CSF, ISO 27001, CIS Controls, and enterprise security tools (SIEM, DLP, IAM, etc.).
• Experience establishing governance structures, maturity models, and performance indicators to measure program effectiveness.
• Exceptional ability to engage and influence senior leadership, communicate complex security concepts, and drive cultural change.
• Skilled in managing budgets, resources, and cross-functional teams to deliver strategic initiatives.

Nice To Haves

• Graduate degree preferred.
• Familiarity with Artificial Intelligence security concepts and controls preferred.

Responsibilities

• Manages a team in providing consulting services to the business, to engage with and deliver security services.
• Builds and maintains strategic relationships within the business and security teams to ensure strategic initiatives are met.
• Ensures security risk management practices are embedded into key business processes.
• Enables security risk reduction by working collaboratively with business partners and security programs to identify, prioritize, and mitigate security risks.
• Advises, coordinates, and reports on the security risk posture, security culture, controls, and assessments of the business.
• Communicates and presents relevant security metrics, dashboards and executive reports to senior management.
• Defines and develops security goals, scenarios, and selects use cases to develop acceptable parameters of security risks or guardrails.
• Recommends changes to processes, software, systems, and platforms based upon security risk.
• Coordinates enterprise security policies and communications.
• Gathers business participants input, implements changes to policies, and advises the business on policy changes.
• Discusses security trends with security specialists from other institutions and peer organizations.
• Provides thought leadership for the evolution of the business information security program.
• Participates in special projects and performs other duties as assigned.

Benefits

• Vanguard is not offering visa sponsorship for this position.
• hybrid working model
• enhanced flexibility
• in-person learning, collaboration, and connection
• mission-driven and highly collaborative culture
• teamwork
• unwavering focus on serving our clients' best interests.