Governance, Risk & Compliance Assurance Analyst
Top focus
The Role The EU Enterprise Security & Fraud (ES&F) GRC Specialist will provide specialist governance, risk and compliance expertise to support the effective operation of ES&F control and oversight activities across cyber, fraud and IAM and security architecture risk domains within the European business.
The role is accountable for supporting the implementation, embedding and continuous enhancement of GRC frameworks, policies, standards and controls, ensuring alignment with applicable regulatory obligations, enterprise risk appetite and internal governance requirements.
The position will support first line risk identification, assessment, control execution, evidence management and remediation activities, contributing to risk-informed decision-making, operational resilience and demonstrable compliance with relevant regulatory and internal control expectations.
In this role you will Support the design, implementation, and ongoing operation of EU ES&F Governance, Risk and Compliance (GRC) processes across cyber, fraud, and technology risk domains, ensuring alignment with enterprise standards and evolving European regulatory requirements Enable and promote first-line ownership of risks, issues, controls, and remediation activities, ensuring they are effectively identified, documented, managed, escalated, and reported through established governance frameworks Contribute to the development and maintenance of robust governance structures, clearly defined accountabilities, and effective decision-making processes within the first line of defence Monitor and report on key risk indicators (KRIs), control effectiveness, risk exposure, and remediation progress, providing meaningful insights and recommendations to governance forums and stakeholders Translate regulatory, policy, and risk management requirements into practical guidance, procedures, and operational actions that support business objectives while maintaining compliance Support the full control lifecycle, including control design, implementation, operation, evidence collection, performance monitoring, and continuous improvement initiatives Lead Risk and Control Self-Assessments (RCSAs), evidence-gathering activities, and assurance readiness efforts across EU ES&F domains, helping to strengthen the overall control environment Proactively identify control gaps, operational vulnerabilities, and opportunities for enhancement, while driving remediation activities through to successful closure Act as a key coordinator for internal audits, external audits, regulatory reviews, and independent assurance engagements, managing evidence collection, stakeholder responses, and remediation tracking Contribute to the ongoing development and enhancement of resilience, contingency, and incident response arrangements from a first-line GRC perspective Support strategic initiatives, transformation programmes, and special projects, while undertaking additional responsibilities as required What it takes Proven experience working within Governance, Risk and Compliance (GRC) frameworks, governance structures, and risk management disciplines A professional certification such as CISM, CRISC, CISSP, or CISA Proven experience within financial services or another highly regulated environment Strong understanding of cyber security, fraud risk, and technology risk management principles and practices Working knowledge of key regulatory and industry frameworks, including DORA, FCA requirements, NIST, and ISO standards Experience supporting regulatory engagements, internal and external audits, and assurance reviews Ability to provide effective challenge, oversight, and independent thinking within a complex organisational and intra-group environment Excellent analytical, problem-solving, and risk assessment skills, with the ability to interpret complex information and drive informed decision-making Special Factors Vanguard is not offering visa sponsorship for this position This is a hybrid position and would require you to work in the office 3 days per week (Tuesday, Wednesday & Thursday) Why Vanguard?
Vanguard is a different kind of investment company. It was founded in the United States in 1975 on a simple but revolutionary idea: that an investment company should manage its funds solely in the interests of its clients. This is a philosophy that has helped millions of people around the world to achieve their goals with low-cost, uncomplicated investments.
It's what we stand for: value to investors. Inclusion Statement Vanguard’s continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: “Do the right thing.” We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve.
We empower our crew to contribute their distinct strengths to achieving Vanguard’s core purpose through our values. When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose: to take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.
How We Work Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.