Global Security Controls & Compliance Lead
Vanguard
full-time
Posted on:
Location Type: Hybrid
Location: Malvern • North Carolina • Pennsylvania • United States
Visit company websiteExplore more
Job Level
About the role
- Acts as the enterprise authority for physical security control governance, providing interpretation, oversight, and subject‑matter expertise for regulatory and assurance requirements including Sarbanes‑Oxley, SOC 1, SOC 2, SEC Regulation S‑P, FINRA, GDPR, GS007, California Privacy, and related frameworks, as applicable to physical security.
- Owns the development, maintenance, and governance of the global physical security controls framework, including associated policies, standards, and control documentation, ensuring consistency, auditability, and global applicability.
- Provides authoritative guidance to physical security control owners during policy, standards, and control design discussions, ensuring regulatory intent is accurately translated into operationally feasible physical security requirements.
- Serves as the primary interface for internal and external inquiries related to physical security controls, including questions from Compliance, Risk, Audit, and business partners.
- Partners with Compliance, Audit, and Regional Security teams to interpret global regulatory requirements, develop enterprise physical security control policies and standards, and oversee consistent implementation across regions.
- Provides input and documentation to the Head of Governance for regulator and examiner interactions related to physical security.
- Advises on and reviews physical security risk assessments, control testing, and contingency planning for facilities, critical infrastructure, telecommunications capabilities, and other high‑risk assets (people, places, and processes) to validate the existence and effectiveness of safeguards.
- Reviews and evaluates current and proposed policies, standards, and technical initiatives to assess their impact on enterprise physical security control effectiveness, regulatory alignment, and operational consistency.
- Leads the development, implementation, and coordination of physical security controls policies, standards, procedures, and operating doctrine, interpreting enterprise policy requirements and providing clear guidance to security and business stakeholders.
- Supports responses to due‑diligence activities, including RFPs, client inquiries, and assurance questionnaires, by providing accurate descriptions of physical security controls, governance practices, and oversight mechanisms.
- Participates in enterprise and security‑led initiatives that require physical security governance expertise and performs related duties consistent with the role’s scope and authority.
- Enforce compliance with this Enterprise Data Governance Policy and associated standard(s) within their respective domains.
- Maintain metadata for critical data including but not limited to documentation of approved Authoritative Data Sources.
Requirements
- Five+ related work experience in security audit or security controls
- Bachelor’s degree or equivalent combination of education and experience; degrees in security management, risk management, or related disciplines preferred.
- Demonstrated experience translating regulatory and assurance requirements into physical security controls and governance artifacts.
- Change management or governance‑related certifications (e.g., Prosci, ISO, ASIS) preferred, as appropriate to role scope.
Benefits
- comprehensive health and wellness care
- work-life balance
- investment in your future
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
physical security controlssecurity auditrisk assessmentscontrol testingcontingency planninggovernance practicespolicy developmentstandards implementationregulatory compliancedocumentation
Soft Skills
communicationleadershipcollaborationguidanceoversightinterpretationorganizational skillsanalytical skillsproblem-solvingchange management
Certifications
ProsciISOASIS