Lead IT Auditor

The Sr. IT Auditor will analyze data, assess trends and develops actionable insights and recommendations in support of large strategic business initiatives. Actively develops the analytics community at Vanguard by coaching others internally and participating in external events.

• Conduct GTO risk assessments and health checks to aid in identifying issues related to risk, governance, process, technology, controls and operating practices. Create risk assessment and health check playbook.
• Lead consulting and support on internal audit activities, external audit activities, results and risk mitigation initiatives in response to audit findings.
• Ensure GTO is compliant across all regulatory areas, including but not limited to SOX, SOC1, SOC2, GS007, SWIFT, NIST, etc. Communicate compliance status to GTO leadership. Partners with the risk and control teams - such as ITRC and ES&F Controls - to understand changes and updates to the regulatory frameworks. Proactively works with all areas of GTO to implement updates ensuring GTO's compliance.
• Assist GTO teams with design, implementation, testing and ongoing monitoring of key controls. Educates and influences teams on control design, effectiveness and recommends actions to increase effectiveness of those controls based on testing assessments. Provides guidance and training to create control awareness, ownership and accountability to crew.
• Monitor risk and control health, including open issues and action plans, and recommends proactive measures to remain in compliance. Enables communication, visibility and clarity to GTO leadership through dashboards, reports and other means. Provides leadership for risk and controls related matters.
• Identify and quantifies risk for GTO. Work with GTO teams to implement risk based decisions and actions. Support Hexagon activities.
• Build effective working relationships with all areas of GTO, IT Risk, IT Controls, ES&F Risk and Controls, Internal Audit (IA), external auditors, SWIFT & Money Movement and other related teams. Collaborates with these organizations to influence and effectively communicate compliance, risk and control information to appropriate parties.
• Consult with Enterprise Risk Management, Information Security, Internal Audit and external Audit, Corporate Compliance, Legal and other appropriate parties sharing expertise and knowledge to strengthen the risk and control environment.
• Participate in special projects and performs other related activities as assigned.

• Minimum of five years related work experience.
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

• Undergraduate degree in a related field or the equivalent combination of training and experience.
• 3+ years industry experience, preferably in an audit related role.
• Strong understanding of advanced security concepts including vulnerability & risk management, risk assessments, inherent risk, residual risk, control management and technical domains.
• Strong analytical and problem solving skills.
• Strong written and verbal communication skills, including presentation skills.
• Strong relationship management and leadership skills.
• Ability to understand strategic objectives and vision and work towards those goals. Proven thought leadership, strategic thinking and decision making.
• Holds related security and process efficiency industry certifications, such as CISSP, CRISC or CISA or has the ability to attain within 12 months of hire.