Supply Chain Security Specialist
About The Position
At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best. Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience. Vanguard, one of the world's leading investment management companies, serves individual investors, institutions, employer-sponsored retirement plans, and financial professionals. We have a diverse and talented crew with a culture that promotes teamwork, along with an unwavering focus on serving our clients' best interests.
Requirements
- Minimum of five years related work experience.
- Undergraduate degree or equivalent combination of training and experience.
- 7–10+ years in AppSec / DevSecOps / platform security
- Hands-on experience with SCA + pipeline security
- Programming/scripting (Python, Java, YAML)
Nice To Haves
- Experience with AI/ML pipeline security
- Exposure to AIBOM / advanced SBOM evolution
- Knowledge of zero-trust supply chain models
- Graduate degree preferred.
- Certifications preferred (CISSP, CSSLP, AAISM or equivalent etc.)
Responsibilities
- Define and own enterprise software supply chain security strategy, roadmap, and governance
- Establish policies and guardrails for SBOM, artifact signing, provenance, and dependency usage
- Embed security controls across SDLC, CI/CD pipelines, and artifact repositories
- Implement and enforce SBOM generation, validation, and artifact integrity controls
- Collaborate with stakeholders and lead risk-based vulnerability management for open-source and third‑party components
- Collaborate with stakeholders and define remediation workflows, SLAs, and exception handling for supply chain risks
- Own tooling strategy for SCA, container scanning, and supply chain security automation
- Integrate and optimize security tooling within CI/CD for scalable enforcement
- Maintain inventory and visibility of dependencies, SBOMs, and third-/fourth-party exposure
- Partner with AppSec, DevSecOps, and platform teams to drive secure development adoption
- Enable developers via playbooks, guardrails, and self-service secure consumption patterns
- Define metrics and report on supply chain risk posture, remediation effectiveness, and maturity
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
