Senior Manager, Business Information Security Officer

Core Responsibilities

• Manages a team in providing consulting services to the business, to engage with and deliver security services. Builds and maintains strategic relationships within the business and security teams to ensure strategic initiatives are met.

• Ensures security risk management practices are embedded into key business processes. Enables security risk reduction by working collaboratively with business partners and security programs to identify, prioritize, and mitigate security risks.

• Advises, coordinates, and reports on the security risk posture, security culture, controls, and assessments of the business. Communicates and presents relevant security metrics, dashboards and executive reports to senior management.

• Defines and develops security goals, scenarios, and selects use cases to develop acceptable parameters of security risks or guardrails. Recommends changes to processes, software, systems, and platforms based upon security risk.

• Coordinates enterprise security policies and communications. Gathers business participants input, implements changes to policies, and advises the business on policy changes. 

• Discusses security trends with security specialists from other institutions and peer organizations.

• Provides thought leadership for the evolution of the business information security program.

• Participates in special projects and performs other duties as assigned.

Qualifications

• Experience and Education: Minimum of eight years related work experience, with three years of in Security and Compliance required. Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

• Security Certifications: CISSP and/or CISM required within one year.

• Strategic Program Leadership: Proven experience developing and scaling a BISO program or similar business-aligned security initiative. Ability to design, implement, and evolve a BISO program that aligns with business goals and drives security maturity.

• Risk & Compliance Expertise: Deep understanding of risk management frameworks, regulatory requirements (e.g., SOX, HIPAA, GDPR), and control environments.

• Business Acumen: Strong grasp of business operations and the ability to translate security needs into business-relevant strategies.

• Security Frameworks & Technologies: Familiarity with NIST CSF, ISO 27001, CIS Controls, and enterprise security tools (SIEM, DLP, IAM, etc.). Familiarity with Artificial Intelligence security concepts and controls preferred.

• Governance & Metrics: Experience establishing governance structures, maturity models, and performance indicators to measure program effectiveness.

• Communication & Influence: Exceptional ability to engage and influence senior leadership, communicate complex security concepts, and drive cultural change.

• Project & Resource Management: Skilled in managing budgets, resources, and cross-functional teams to deliver strategic initiatives.

Special Factors

Sponsorship

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.