Vanguard is seeking a diligent and technically astute IT Control Tester to join our Technology Risk function in our Dublin or London offices. This role is fundamental to maintaining trust with our clients and regulators by providing assurance on the technology control environment. You will be responsible for the end-to-end lifecycle of IT control assurance, from planning and executing tests to advising on control design. You will play a pivotal role in implementing our European IT control testing framework and future-proofing our control environment against a dynamic landscape of current and emerging regulations, including the EU's Digital Operational Resilience Act (DORA), the EU AI Act, and evolving data privacy frameworks.
This position is ideal for a professional with a strong background in IT audit or risk who is eager to take on a hands-on role in a complex and ever-evolving regulatory environment.
In this role you will
Test Planning & Scoping: Develop and maintain the annual IT control testing plan. Define the scope, objectives, timing, and methodology for each control test based on risk assessments and regulatory requirements
Control Evaluation & Execution: Execute detailed walkthroughs and testing of key IT general controls (ITGCs) and application controls identified in the Risk and Control Self-Assessment (RCSA) to validate their design and operating effectiveness
Framework Implementation & Enhancement: Drive the implementation and continuous improvement of the IT Control Testing Framework across our European entities, ensuring alignment with global standards and local regulatory nuances
Control Library & Regulatory Watch: Proactively monitor the regulatory landscape and translate requirements from current and emerging technology regulations into tangible, testable controls. Key regulations include, but are not limited to:
Operational Resilience & Cybersecurity: DORA and FCA Operational Resilience rules (SYSC), intra-group and third party oversight controls
Data Privacy & Governance: GDPR, UK GDPR, and the EU Data Act
Emerging regulations: The EU AI Act, CTP
Advisory & Partnership: Partner with technology owners, developers, and project teams to provide proactive advice on control design and implementation for new systems, applications, and infrastructure changes
Issue Management & Reporting: Clearly document test results, manage findings in the Governance, Risk, and Compliance (GRC) platform, and collaborate with stakeholders to develop robust and timely remediation plans. Prepare clear, concise reports on the IT control posture for senior management and risk committees
Stakeholder Collaboration: Liaise effectively with First Line of Defence (business and IT), Global IT Controls testing team, and Third Line (Internal Audit) to ensure a coordinated and comprehensive approach to assurance activities
What It Takes
Essential Experience & Skills
Proven experience in IT Audit, IT Risk Management, or Technology Control Testing within the financial services or a similarly regulated industry
Strong practical knowledge of IT control frameworks, such as COBIT, NIST Cybersecurity Framework, and ITIL
Strong working knowledge of key regulations governing technology and data in financial services, such as Sarbanes-Oxley (SOX), GDPR, DPA and the DORA. Demonstrable understanding of the impact of major emerging regulations like the EU AI Act
Demonstrable experience testing controls across key IT domains, including cybersecurity, cloud environments (AWS/Azure), DevOps, change management, access management, and IT operations
Hands-on experience using GRC platforms (Archer) for control management and testing
Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field
Desirable Skills
Professional certification such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control)
Direct experience in the asset management sector
Experience performing readiness assessments for new or upcoming regulations
Excellent communication skills, with the ability to articulate complex technical issues to both technical and non-technical audiences
Special Factors
Vanguard is not offering sponsorship for this position
This is a hybrid position and would require you to work in the office Tuesday-Thursday
Please note this role is open to candidates for both our Dublin and London locations
Why Vanguard?
Vanguard is a different kind of investment company. It was founded in the United States in 1975 on a simple but revolutionary idea: that an investment company should manage its funds solely in the interests of its clients.
This is a philosophy that has helped millions of people around the world to achieve their goals with low-cost, uncomplicated investments.
It's what we stand for: value to investors.
Inclusion Statement
Vanguard’s continued commitment to diversity and inclusion is firmly rooted in our culture. Every decision we make to best serve our clients, crew (internally employees are referred to as crew), and communities is guided by one simple statement: “Do the right thing.”
We believe that a critical aspect of doing the right thing requires building diverse, inclusive, and highly effective teams of individuals who are as unique as the clients they serve. We empower our crew to contribute their distinct strengths to achieving Vanguard’s core purpose through our values.
When all crew members feel valued and included, our ability to collaborate and innovate is amplified, and we are united in delivering on Vanguard's core purpose: to take a stand for all investors, to treat them fairly, and to give them the best chance for investment success.
Our commitment to equal employment opportunity
Vanguard is an equal opportunity employer. Vanguard is committed to providing all crew members a working environment that is free from discrimination, prejudice and bias. Through this Equal Employment Opportunity (EEO) Policy, Vanguard reaffirms its commitment to equal employment opportunity for all applicants and crew members without regard to race, color, national origin or ancestry, religion, gender, sex, sexual orientation, gender identity or expression, age, disability, marital status, veteran or military status. In addition, Vanguard prohibits discrimination based on genetic information, as well as any other characteristic protected by federal, state or local law.
Applicants with disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Vanguard. Please inform careers@vanguard.com if you need assistance completing this application or to otherwise participate in the application process.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.