Job Classification:
Technology - Information Security
Your Team As a Director, Information Security Governance in the Information Security Office, you will lead the strategy and day-to-day execution of the Information Security control and policy governance ecosystem. You will ensure the Information Security control library is complete, current, and usable, and that Information Security standards, procedures, and policies are effectively governed end-to-end. Reporting to the Vice President, Information Security GRC, you will work closely with Risk Management and key control stakeholders to define and maintain the Information Security control library (including taxonomy, mapping, narratives, and testing artifacts and scripts), and to ensure controls and requirements are integrated into the platforms and processes where teams plan, build, operate, and demonstrate compliance. You will partner across Technology, Risk, Compliance, and control owners to drive consistency, reduce duplication, and improve transparency, so that people can understand what is required, what control exists, who owns it, and how it is evidenced and tested.
Here is What You Can Expect on a Typical Day - Own the operating model for the Information Security control library (taxonomy, metadata, ownership, workflow, and quality gates) in partnership with Risk and key stakeholders.
- Map Information Security policies, standards, and procedures to the control library and maintain end-to-end traceability.
- Manage the full lifecycle for Information Security policies, standards, and procedures (intake, review, approvals, publication, exceptions/waivers alignment, periodic refresh, and retirement).
- Maintain the control inventory and generic control records in the GRC platform, including new control creation, narrative upkeep, and rationalization of duplicates.
- Develop and maintain control narratives that describe intent, design, operation, and evidence expectations for prioritized controls.
- Partner with Risk and assurance teams to define reusable test procedures and scripts, including standard evidence specs and opportunities for automation.
- Implement quality checks and periodic attestations (completeness, accuracy, mapping integrity, currency, and ownership) and drive remediation with control owners.
- Improve how requirements and controls are consumed: publish plain-language guidance, FAQs, and audience-specific views for engineers, operators, and leaders.
- Support framework alignment by validating mappings to industry frameworks (e.g., NIST SP 800-53) and recommending updates as needs and best practices evolve.
- Advise on control testing and RCSA maturation, including recommended KPIs/metrics, reporting, and combined assurance opportunities.
- Continuously improve governance processes, templates, and tooling to increase consistency, adoption, and auditability.
The Skills & Expertise You Bring - Bachelor's degree in Cybersecurity, Risk Management, Business, Accounting, Legal Studies, or related field (or equivalent experience)
- Experience building or operating a control library/control governance program in a regulated environment (financial services preferred), including rationalization, ownership models, traceability, and documentation standards
- Strong knowledge of information security governance and control frameworks (e.g., NIST 800-53, ISO 27001) and how to translate requirements into clear control expectations and evidence standards
- Program discipline: build repeatable processes, manage to SLAs, maintain clean trackers, and drive closure across multiple concurrent priorities
- Strong partnership skills with Legal, Compliance, Risk, Internal Audit, and technology teams, including navigating sensitive topics, driving approvals, and aligning to enterprise positions
- Excellent writing and editing skills; able to produce clear, durable governance artifacts (policies, standards, narratives, mappings, and test scripts) usable by practitioners and defensible under review
- Strong judgment and attention to detail; comfortable operating with ambiguity, deadlines, and high scrutiny while maintaining sound governance
- Ability to influence without authority, driving timely decisions and action from distributed owners
Core competencies:- Control Governance Mindset: ability to define what "good" looks like for a control library (clarity, completeness, consistency, traceability) and to implement quality gates that keep it audit-ready and operationally usable.
- Framework Translation: ability to translate external frameworks and internal requirements into coherent control objectives, mappings, and plain-language guidance that teams can implement consistently.
- Stakeholder Management and Influence: ability to coordinate across Risk, Compliance, Internal Audit, and technology/control owners, driving alignment, timely decisions, and follow-through without direct authority.
- Precision in Documentation: ability to create and maintain high-quality control narratives, evidence expectations, and test procedures that are consistent, current, and reusable across assurance activities.
- Operating Model Discipline: ability to build repeatable governance processes (intake, review/approval, publication, versioning, metrics) and continuously improve them to reduce friction and increase adoption.
- Preferred qualifications:
- Experience with financial services regulatory frameworks and expectations (e.g., NYDFS 23 NYCRR 500, FFIEC, SOC 1/2, ISO 27001), and translating requirements into evidence and narratives
- Experience improving control and policy governance through process standardization and GRC tooling (e.g., control libraries, mapping taxonomies, workflow/approvals, reporting) and driving measurable reductions in duplication and rework
- Relevant industry certifications: CISA, CISM, CISSP, etc.
You'll Love Working Here Because You Can Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we'll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You'll be surprised by what this rock-solid organization has in store for you.
What we offer you:Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $147,100.00 to $220,700.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.
- Market competitive base salaries, with a yearly bonus potential at every level.
- Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
- 401(k) plan with company match (up to 4%).
- Company-funded pension plan.
- Wellness Programsincluding up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
- Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
- Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
- Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.
Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. To find out more about our Total Rewards package, visit Work Life Balance | Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week.
Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.
