Vanguard
Governance, Risk & Compliance Assurance Analyst

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Governance, Risk & Compliance Assurance Analyst
EU Enterprise Security & Fraud (ES&F) GRC Specialist
About the Role
The EU Enterprise Security & Fraud (ES&F) GRC Specialist will provide specialist governance, risk, and compliance (GRC) expertise to support the effective operation of ES&F control and oversight activities across cyber, fraud, and identity and access management (IAM) security architecture risk domains within the European business.
The role is accountable for supporting the implementation, embedding, and continuous enhancement of GRC frameworks, policies, standards, and controls, ensuring alignment with:
- Applicable regulatory obligations
- Enterprise risk appetite
- Internal governance requirements
The position will support first-line risk identification, assessment, control execution, evidence management, and remediation activities, contributing to:
- Risk-informed decision-making
- Operational resilience
- Demonstrable compliance with relevant regulatory and internal control expectations
Key Responsibilities
In this role, you will:
-
Support the design, implementation, and ongoing operation of EU ES&F Governance, Risk and Compliance (GRC) processes across:
- Cybersecurity
- Fraud risk
- Technology risk domains Ensuring alignment with enterprise standards and evolving European regulatory requirements
-
Enable and promote first-line ownership of:
- Risks
- Issues
- Controls
- Remediation activities Ensuring they are effectively identified, documented, managed, escalated, and reported through established governance frameworks
-
Contribute to the development and maintenance of:
- Robust governance structures
- Clearly defined accountabilities
- Effective decision-making processes within first line of defence
-
Monitor and report on:
- Key risk indicators (KRIs)
- Control effectiveness
- Risk exposure
- Remediation progress Providing meaningful insights and recommendations to governance forums and stakeholders
-
Translate regulatory, policy, and risk management requirements into:
- Practical guidance
- Procedures
- Operational actions Supporting business objectives while maintaining compliance
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
-
Support the full control lifecycle:
- Control design
- Implementation
- Operation
- Evidence collection
- Performance monitoring
- Continuous improvement initiatives
-
Lead:
- Risk and Control Self-Assessments (RCSAs)
- Evidence-gathering activities
- Assurance readiness efforts across EU ES&F domains Helping to strengthen the overall control environment
-
Proactively identify and address:
- Control gaps
- Operational vulnerabilities
- Opportunities for enhancement Driving remediation activities through to successful closure
-
Act as a key coordinator for:
- Internal audits
- External audits
- Regulatory reviews
- Independent assurance engagements Managing:
- Evidence collection
- Stakeholder responses
- Remediation tracking
-
Contribute to the ongoing development and enhancement of:
- Resilience
- Contingency planning
- Incident response arrangements From a first-line GRC perspective
-
Support strategic initiatives, transformation programmes, and special projects, including additional responsibilities as required
What It Takes
Required Experience & Qualifications
- Proven experience working within:
- Governance, Risk, and Compliance (GRC) frameworks
- Governance structures
- Risk management disciplines
- A professional certification such as:
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CISSP (Certified Information Systems Security Professional)
- CISA (Certified Information Systems Auditor)
- Proven experience within:
- Financial services or another highly regulated environment
- Strong understanding of:
- Cyber security
- Fraud risk management
- Technology risk management principles
- Working knowledge of:
- Key regulatory frameworks (e.g., DORA, FCA requirements, NIST, ISO standards)
- Experience supporting:
- Regulatory engagements
- Internal and external audits
- Assurance reviews
- Ability to deliver:
- Effective challenge
- Oversight
- Independent thinking Within a complex organisational and intra-group environment


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Key Skills
- Excellent analytical, problem-solving, and risk assessment skills
- Ability to interpret complex information and drive informed decision-making
Special Factors
- Vanguard is not offering visa sponsorship for this position
- This is a hybrid role, requiring 3 days in the office per week (Tuesday, Wednesday & Thursday)
Why Join Vanguard?
Our Purpose
Vanguard was founded in 1975 with a simple yet revolutionary idea: "An investment company should manage its funds solely in the interests of its clients."
Today, this philosophy continues to guide us:
- Help millions of people worldwide achieve their financial goals through low-cost, uncomplicated investments
- Uphold our core value: Value to Investors
Our Culture
Diversity and inclusion are central to who we are. Our commitment is reflected in our guiding statement: "Do the right thing."
We believe that:
- Building diverse, inclusive, and highly effective teams enhances our ability to serve our clients
- Empowering the credd team (our internal term for employees) to leverage their unique strengths fosters collaboration and innovation
- When the credd feel valued and included, Vanguard’s resolve to "stand for all investors, treat them fairly, and give them the best chance for investment success" is best realised.
How We Work
Vanguard’s hybrid working model has been designed to:
- Maximise flexibility while retaining the benefits of collaboration
- Support in-person learning, teamwork, and connection
- Enable our cultures of mission-driven engagement and long-term client focus
- Foster a truly collaborative, enriching work environment that delivers both professional growth and personal satisfaction
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location