Senior Cloud Security Architect, IAM Cloud

Location: Malvern, PA, Charlotte, NC, Dallas/Ft. Worth, TX

Time Type: Full time

Job Description

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Core Responsibilities

• Define and evolve cloud IAM architecture across authentication, authorization, federation, and identity governance.
• Own and drive the enterprise cloud IAM strategy, including modern authentication, non‑human identities, and emerging AI use cases.
• Lead cloud security architecture reviews and influence engineering roadmaps toward secure, scalable outcomes.
• Design and implement cloud-native IAM patterns, including least privilege, policy‑as‑code, workload identity, conditional access, and service‑to‑service authentication.
• Establish and enforce IAM guardrails for Infrastructure as Code (IaC) using automated policy controls.
• Streamline secure access workflows through standardized roles, self‑service access, and efficient onboarding.
• Monitor and reduce identity-related risk (excessive permissions, misconfigurations, toxic access paths) and translate insights into architectural improvements.
• Define and align policy-driven privileged access controls across cloud platforms, applications, and CI/CD pipelines.
• Partner with cloud engineering, DevSecOps, security, and risk/compliance teams to ensure alignment with enterprise security and regulatory standards.

Qualifications

• 8+ years of experience in IAM, Cloud Security, Security Architecture, or related enterprise IT roles, including 3+ years as a technology/security architect
• Bachelor’s degree or equivalent combination of education and experience
• Experience leading technical initiatives (people or matrix leadership)
• Multi‑cloud IAM expertise (AWS, Azure, GCP, OCI)
• Background in regulated environments (financial services preferred) with exposure to SOX, SOC, GDPR, DORA
• Certifications preferred: CISSP (preferred), GSEC, CISM, CCSP, and/or cloud provider certifications

Special Factors

Sponsorship

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.