Cloud Security Architect

Global Risk and Security (GR&S) at Vanguard enables business strategy, protects client and Vanguard interests (e.g., assets and data), and stewards a strong risk culture. Our teams leverage enterprise-wide insights, deep expertise, and trusted advice so that across Vanguard leaders and crew drive faster, stronger, risk-informed decisions.

Within GR&S, the Enterprise Security and Fraud (ES&F) sub-division is responsible for the global protection of Vanguard crew, property, data, and client assets. We are the trusted advisors that protect the pride of Vanguard with state-of-the-art security and fraud capabilities. We are a world-class destination of highly engaged, passionate, and diverse talent expected to continuously learn and develop in an ever-changing security landscape.

Our crew are our greatest resource – by joining our team you will build collaborative long-term relationships and enjoy a suite of benefits that includes comprehensive health and wellness care, work-life balance, and an investment in your future at its core.

Core Responsibilities

• Define and evolve cloud IAM architecture across authentication, authorization, federation, and identity governance.
• Own and drive the enterprise cloud IAM strategy, including modern authentication, non‑human identities, and emerging AI use cases.
• Lead cloud security architecture reviews and influence engineering roadmaps toward secure, scalable outcomes.
• Design and implement cloud-native IAM patterns, including least privilege, policy‑as‑code, workload identity, conditional access, and service‑to‑service authentication.

Searching for Devops roles that provide visa sponsorship? Connect with international employers through Devops Jobs with Visa Sponsorship opportunities actively seeking talented professionals.

• Establish and enforce IAM guardrails for Infrastructure as Code (IaC) using automated policy controls.
• Streamline secure access workflows through standardized roles, self‑service access, and efficient onboarding.
• Monitor and reduce identity-related risk (excessive permissions, misconfigurations, toxic access paths) and translate insights into architectural improvements.
• Define and align policy-driven privileged access controls across cloud platforms, applications, and CI/CD pipelines.
• Partner with cloud engineering, DevSecOps, security, and risk/compliance teams to ensure alignment with enterprise security and regulatory standards.
  
  
  

Qualifications

Explore our comprehensive directory of visa sponsorship jobs from employers worldwide who are ready to sponsor talented international professionals.

• 8+ years of experience in IAM, Cloud Security, Security Architecture, or related enterprise IT roles, including 3+ years as a technology/security architect
• Bachelor’s degree or equivalent combination of education and experience
• Experience leading technical initiatives (people or matrix leadership)
• Multi‑cloud IAM expertise (AWS, Azure, GCP, OCI)
• Background in regulated environments (financial services preferred) with exposure to SOX, SOC, GDPR, DORA
• Certifications preferred: CISSP (preferred), GSEC, CISM, CCSP, and/or cloud provider certifications
  
  
  

Special Factors

Sponsorship

Vanguard is offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.