PHI Lead- Tech Risk

Prudentials purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured for our people customers and partners. We provide a platform for our people to do their best work and make an impact to the business and we support our peoples career ambitions. We pledge to make Prudential a place where you can Connect Grow and Succeed.

About the Job

Prudentials purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assuredfor our people customers and partners. We provide a platform for our people to do their best work and make an impact to the business and we support our peoples career ambitions. We pledge to make Prudential a place where you can Connect Grow and Succeed.

AtPrudential Health India (PHI) we are on a mission to make Indians healthier while bridging the health protection gap. This is a Zero-to-One team undertaking a greenfield health insurance deployment in India committed to building journeys that truly empathise with the customer and offer a differentiated bespoke experience.

To partner us in this mission we are looking for a talented candidate for the role of

Tech Risk Lead

Note:The title will depend on (1) Experience (2) Expertise and (3) Performance. So the title could be:

• Tech Risk Lead
• Senior Tech Risk Lead
• (Associate Director) Technology Risk

People Manager Role

Experience:1018 years
Location:Mumbai
Work Mode:Work from office only

Job Profile Summary

The Tech Risk Lead will be responsible for establishing and leading the technology Risk function at PHI ensuring compliance with internal policies regulatory frameworks (IRDAI GDPR HIPAA) and global Prudential standards. This role will oversee Risk trails vulnerability management and risk mitigation across PHIs cloud-native infrastructure and applications.

Job Description

• Develop and implement a comprehensive technology Risk strategy and annual Risk plan aligned with PHIs business and regulatory requirements.
• Conduct risk-based Risks across infrastructure applications data platforms and security controls.
• Ensure complete and tamper-proofRisk trailsof user activities data changes and system events.
• Collaborate with InfoSec DevSecOps and AppSec teams to validate remediation of vulnerabilities and ensure patch compliance.
• Leadprivacy impact assessmentspenetration testing reviews andsecurity onboardingfor new applications.
• Monitor and report on the implementation of Risk recommendations and track remediation progress.
• Maintain documentation and Risk logs in accordance with professional standards and Prudential Group policies.
• Support investigations into technology-related incidents control breaches or compliance failures.
• Present Risk findings and risk assessments to senior leadership and the Risk Committee.
• Stay updated on emerging risks regulatory changes and best practices in technology Risk and governance.
• Develop and maintain risk registers and mitigation plans.
• Monitor emerging risks (cloud AI third-party integrations).
• Collaborate with architecture and security teams to embed controls.
• Support risk reporting and governance forums.
• Conduct impact analysis and scenario modelling.
• Align risk controls with Prudential Group standards and regulatory expectations.
• Work with product and engineering teams to ensure risk-aware design and delivery.
• Maintain risk dashboards metrics and control effectiveness reports.

Security & Compliance Technologies

• Implement and RiskSASTDAST andSCAscanning tools and processes.
• Ensure secure integration of CI/CD pipelines usingCheckmarxGitHubGitHub ActionsHashiCorp Vault andAzure AD.
• Oversee onboarding and compliance ofWAF (Web Application Firewall)solutions includingImperva API SecurityandDDoS/WAAP protection.
• Validate controls forprivileged access managementusing tools likeCyberArk.
• Ensure compliance withdata classificationencryption standards andendpoint protectionpolicies.

Who We Are Looking For

Technical Skills & Work Experience

• Bachelors in Engineering Computer Science or equivalent; certifications in CISA CISSP or ISO 27001 are a plus.
• 1018 years of experience in technology Risk risk management or compliance preferably in insurance or financial services.
• Strong understanding ofGCPCI/CD pipelinesDevSecOps andinfrastructure as code.
• Experience with tools such asCheckmarxGitHubAzure ADHashiCorp VaultCyberArk andImperva.
• Familiarity withSQL and NoSQL databases encryption standards and data classification frameworks.
• Proven ability to lead cross-functional Risk engagements and manage stakeholder expectations.
• Familiarity with enterprise risk frameworks (COSO NIST).
• Experience in risk modelling and impact analysis.
• Exposure to cloud risk data privacy and third-party risk domains.
• Understanding of DevSecOps and secure SDLC practices.
• Experience with risk tooling and control libraries.

Personal Traits

• Strategic thinker with strong analytical and investigative skills.
• High integrity and ethical standards.
• Excellent communication and presentation skills.
• Ability to work independently and manage multiple concurrent Risks.
• Strong attention to detail and documentation discipline.

What Can Make You Extra Special

• Experience in setting up Risk functions in greenfield environments.
• Exposure to IRDAI Risks and regulatory inspections.
• Familiarity with centralised vulnerability dashboards and build breaker enforcement.
• Experience with public-facing application security DDoS/WAAP onboarding and penetration testing workflows.

Language

Fluent written and spoken English

Equal Opportunity Statement

Prudential is an equal opportunity employer. We provide equality of opportunity and benefits for all who apply and perform work for our organisation irrespective of sex race age ethnic origin educational social and cultural background marital status pregnancy and maternity religion or belief disability part-time/fixed-term work or any other status protected by applicable law.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex race age ethnic origin educational social and cultural background marital status pregnancy and maternity religion or belief disability or part-time / fixed-term work or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.