Third Party Cybersecurity Risk Analyst

Vanguard•Malvern, PA

23h•Hybrid

About The Position

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core. You will manage GR&S vendors through the full third-party lifecycle, including due diligence and selection, negotiations and onboarding, and ongoing monitoring and management. A key component of this position will be overseeing a portfolio of critical and high-risk vendors. Join Our Team within Vanguard's Global Risk and Security (GR&S) Division At Vanguard, our Global Risk and Security (GR&S) team is at the forefront of enabling business strategy, protecting client and Vanguard interests (e.g., assets and data), and encouraging a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice to empower leaders and crew across Vanguard to make faster, stronger, risk-informed decisions. Why Vanguard? We are a world-class destination for highly engaged, passionate, and diverse talent. Our crew members are our greatest resource. By joining us, you will build collaborative, long-term relationships and enjoy a suite of benefits that include comprehensive health and wellness care, work-life balance, and a strong investment in your future.

Requirements

Prior vendor oversight, vendor assessment, and third-party risk management experience.
Familiarity with industry-leading third-party risk management, vendor oversight, and supplier management processes.
Foundational cybersecurity and risk knowledge with a desire to build on this acumen.
Comprehensive understanding and experience working with and/or assessing industry-leading cybersecurity, physical security, fraud, and risk management vendors, along with related toolsets and professional services firms.
Seven years of related work experience.
Undergraduate degree or equivalent combination of training and experience.

Nice To Haves

Procurement and enterprise supplier management experience is a plus.

Responsibilities

Lead business reviews for critical and high-risk suppliers to drive improvements and minimize risk exposures.
Identify and analyze potential risk exposures captured in third party assessments, SOC reports, control assessments, and penetration tests.
Perform detailed analyses to support the evaluation of the financial, operational, and performance reputation of vendors, ensuring they are suitable partners for the organization.
Oversee and supervise the ongoing financial, operational, performance, and risk health of a subset of risk and security vendors.
Analyze data to perform comparative evaluations of vendors, ensuring Vanguard acquires the highest value and expected return for its investment in vendor contracts.
Assists in resolving conflicts and problems that have been referred to by others and provides guidance to less seasoned crew
Participate in special projects and perform other duties as assigned.