Job Classification:

Are you interested in building capabilities that enable the organization with innovation speed agility scalability and efficiency The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential youll unlock an exciting and impactful career all while growing your skills and advancing your profession at one of the worlds leading financial services institutions.

Your Team
As a Director Information Security Governance in the Information Security Office you will lead the strategy and day-to-day execution of the Information Security control and policy governance ecosystem. You will ensure the Information Security control library is complete current and usable and that Information Security standards procedures and policies are effectively governed end-to-end. Reporting to the Vice President Information Security GRC you will work closely with Risk Management and key control stakeholders to define and maintain the Information Security control library (including taxonomy mapping narratives and testing artifacts and scripts) and to ensure controls and requirements are integrated into the platforms and processes where teams plan build operate and demonstrate compliance. You will partner across Technology Risk Compliance and control owners to drive consistency reduce duplication and improve transparency so that people can understand what is required what control exists who owns it and how it is evidenced and tested.

Here is What You Can Expect on a Typical Day

• Own the operating model for the Information Security control library (taxonomy metadata ownership workflow and quality gates) in partnership with Risk and key stakeholders.
• Map Information Security policies standards and procedures to the control library and maintain end-to-end traceability.
• Manage the full lifecycle for Information Security policies standards and procedures (intake review approvals publication exceptions/waivers alignment periodic refresh and retirement).
• Maintain the control inventory and generic control records in the GRC platform including new control creation narrative upkeep and rationalization of duplicates.
• Develop and maintain control narratives that describe intent design operation and evidence expectations for prioritized controls.
• Partner with Risk and assurance teams to define reusable test procedures and scripts including standard evidence specs and opportunities for automation.
• Implement quality checks and periodic attestations (completeness accuracy mapping integrity currency and ownership) and drive remediation with control owners.
• Improve how requirements and controls are consumed: publish plain-language guidance FAQs and audience-specific views for engineers operators and leaders.
• Support framework alignment by validating mappings to industry frameworks (e.g. NIST SP 800-53) and recommending updates as needs and best practices evolve.
• Advise on control testing and RCSA maturation including recommended KPIs/metrics reporting and combined assurance opportunities.
• Continuously improve governance processes templates and tooling to increase consistency adoption and auditability.

The Skills & Expertise You Bring

• Bachelors degree in Cybersecurity Risk Management Business Accounting Legal Studies or related field (or equivalent experience)
• Experience building or operating a control library/control governance program in a regulated environment (financial services preferred) including rationalization ownership models traceability and documentation standards
• Strong knowledge of information security governance and control frameworks (e.g. NIST 800-53 ISO 27001) and how to translate requirements into clear control expectations and evidence standards
• Program discipline: build repeatable processes manage to SLAs maintain clean trackers and drive closure across multiple concurrent priorities
• Strong partnership skills with Legal Compliance Risk Internal Audit and technology teams including navigating sensitive topics driving approvals and aligning to enterprise positions
• Excellent writing and editing skills; able to produce clear durable governance artifacts (policies standards narratives mappings and test scripts) usable by practitioners and defensible under review
• Strong judgment and attention to detail; comfortable operating with ambiguity deadlines and high scrutiny while maintaining sound governance
• Ability to influence without authority driving timely decisions and action from distributed owners

Core competencies:

• Control Governance Mindset: ability to define what good looks like for a control library (clarity completeness consistency traceability) and to implement quality gates that keep it audit-ready and operationally usable.
• Framework Translation: ability to translate external frameworks and internal requirements into coherent control objectives mappings and plain-language guidance that teams can implement consistently.
• Stakeholder Management and Influence: ability to coordinate across Risk Compliance Internal Audit and technology/control owners driving alignment timely decisions and follow-through without direct authority.
• Precision in Documentation: ability to create and maintain high-quality control narratives evidence expectations and test procedures that are consistent current and reusable across assurance activities.
• Operating Model Discipline: ability to build repeatable governance processes (intake review/approval publication versioning metrics) and continuously improve them to reduce friction and increase adoption.
• Preferred qualifications:

  • Experience with financial services regulatory frameworks and expectations (e.g. NYDFS 23 NYCRR 500 FFIEC SOC 1/2 ISO 27001) and translating requirements into evidence and narratives

  • Experience improving control and policy governance through process standardization and GRC tooling (e.g. control libraries mapping taxonomies workflow/approvals reporting) and driving measurable reductions in duplication and rework

  • Relevant industry certifications: CISA CISM CISSP etc.

Youll Love Working Here Because You Can
Join a team and culture where your voice matters; where every day your work transforms our experiences to make lives better. As you put your skills to use well help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. Youll be surprised by what this rock-solid organization has in store for you.

What we offer you:

• Market competitive base salaries with a yearly bonus potential at every level.

• Medical dental vision life insurance disability insurance Paid Time Off (PTO) and leave of absences such as parental and military leave.

• 401(k) plan with company match (up to 4%).

• Company-funded pension plan.

• Wellness Programs including up to $1600 a year for reimbursement of items purchased to support personal wellbeing needs.

• Work/Life Resources to help support topics such as parenting housing senior care finances pets legal matters education emotional and mental health and career development.

• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.

• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period) after one year of service.

Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program whereby an award if any depends on various factors including without limitation individual and organizational performance. To find out more about our Total Rewards package visit Work Life Balance Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week.