Enterprise Security Governance Analyst

About the position Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions. Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape. Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core. Responsibilities • Governance Execution and Sustainment Executes assigned components of Global Physical Security governance programs, including documentation development, updates, evidence collection, control support activities, and remediation tracking. • Supports the creation, application, and maintenance of enterprise security policies, standards, controls, procedures, and governance reporting. • Maintains governance artifacts, templates, and process documentation in alignment with ASIS, ISO, regulatory, and other best‑practice guidance. • Document Lifecycle Management Maintains document lifecycle hygiene for assigned governance artifacts, including version control, scheduled review tracking, updates, and publication readiness. • Ensures documentation accuracy, consistency, and accessibility to support audits, assurance activities, and leadership reporting. • Assessment Support and Data Analysis Supports governance and program assessments through structured reviews of security practices, physical security configurations, access control processes, threat management documentation, and related activities. • Performs data validation, analysis, and tracking to support program transparency, issue identification, and progress monitoring. • Control Execution and Quality Assurance Supports execution of assigned security controls, including evidence validation, control testing support, and tracking of control effectiveness over time. • Supports quality assurance activities by identifying inconsistencies, documentation gaps, or execution issues and escalating as appropriate. • Operational Reporting Prepares dashboards, metrics, and governance reports that communicate program status, risks, and remediation progress. • Supports recurring governance reporting cycles and standing governance routines. • Planning, Training, and Exercises Support Drafts and maintains security plans, annexes, procedures, and playbooks under direction of governance leadership or specialists. • Develops exercise products, including situation manuals, exercise plans, after‑action reports, and improvement plans. • Supports exercise execution activities, including coordination, documentation during exercises, and tracking of improvement actions. • Supports training governance activities, including maintenance of training materials, tracking of completion, and documentation of training effectiveness. • Cross‑Functional Coordination Coordinates with domestic and international stakeholders, including security teams, facilities, cyber, operational risk, and regulatory partners, to support governance execution and information gathering. • Supports scheduling, data requests, and logistics associated with governance routines and reviews. • Issue Tracking and Escalation Tracks remediation activities and follow‑up actions. • Escalates issues, risks, or execution gaps in accordance with established governance processes. • Special Assignments Contributes to maturity assessments, operational improvement initiatives, and modernization efforts as assigned. Requirements • 5 years of experience in security management, physical security, emergency management, threat assessment/risk management, business continuity, or related disciplines. • Strong organizational skills with demonstrated experience managing detailed workstreams and recurring activities. • Strong written communication skills, including drafting plans, policies, procedures, playbooks, checklists, project documentation, and exercise materials. • Knowledge and experience with incident command systems and effective crisis management response processes. • Undergraduate degree required or equivalent combination of training and experience. Nice-to-haves • Broad experience developing exercise products, including situation manuals, exercise plans, after‑action reports, and improvement plans, preferred. Benefits • comprehensive health and wellness care • work-life balance • an investment in your future