Manager, Cyber Threat Management - Pentesting

Manages an application security penetration testing team, ensuring alignment with organizational policies, regulatory requirements, and secure development practices. Oversees the planning, execution, and documentation of application-focused security assessments, while coordinating with stakeholders to ensure timely remediation and reporting. Provides leadership in process development, compliance tracking, and audit readiness. Maintains awareness of emerging threats and regulatory changes to inform team priorities and improve testing governance.

• This hybrid role can be based in Charlotte, NC, Dallas, TX, or Malvern, PA (HQ)

Leads, hires, and develops a team of application security penetration testers , setting clear performance expectations, providing coaching and feedback, and supporting career development in alignment with organizational goals and HR policies.

Oversees the planning, scheduling, and reporting of application security assessments , ensuring testing activities are aligned with compliance requirements, internal policies, and secure development standards.

Manages team workflows, tools, and documentation processes to ensure consistent execution of penetration testing activities and effective tracking of findings, remediation efforts, and audit readiness.

Drives continuous improvement of testing governance , including the development and maintenance of standard operating procedures, metrics, and quality assurance practices.

Monitors regulatory and industry developments related to application security and integrates relevant changes into team processes, ensuring ongoing compliance with applicable standards (e.g., PCI-DSS, SOX, ISO 27001).

Coordinates with internal stakeholders , including development, risk, and compliance teams, to ensure timely communication of findings and alignment on remediation priorities.

Supports enterprise-wide security initiatives and projects by representing the penetration testing function in cross-functional working groups and providing input on secure development practices.

Participates in special projects and performs other duties as assigned , including support for audits, assessments, and executive reporting.

Qualifications

Minimum of five years of experience in application security or related field, with at least three years in a leadership or management role.

Experience managing or coordinating penetration testing or secure code review programs preferred.

Strong understanding of compliance frameworks and secure development lifecycle (SDLC) practices.

Undergraduate degree in a related field or equivalent combination of education and experience required; graduate degree preferred.

Industry certifications such as CISSP, CISM, or CRISC are a plus; must obtain CISSP within one year of hire.

Strong understanding of Pentesting tools,

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a missionwe're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.