Director, Information Security Governance

Job Classification: Technology - Information Security Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you’ll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions. Your Team As a Director, Information Security Governance in the Information Security Office, you will lead the strategy and day-to-day execution of the Information Security control and policy governance ecosystem. You will ensure the Information Security control library is complete, current, and usable, and that Information Security standards, procedures, and policies are effectively governed end-to-end. Reporting to the Vice President, Information Security GRC, you will work closely with Risk Management and key control stakeholders to define and maintain the Information Security control library (including taxonomy, mapping, narratives, and testing artifacts and scripts), and to ensure controls and requirements are integrated into the platforms and processes where teams plan, build, operate, and demonstrate compliance. You will partner across Technology, Risk, Compliance, and control owners to drive consistency, reduce duplication, and improve transparency, so that people can understand what is required, what control exists, who owns it, and how it is evidenced and tested. Here is What You Can Expect on a Typical Day Own the operating model for the Information Security control library (taxonomy, metadata, ownership, workflow, and quality gates) in partnership with Risk and key stakeholders. Map Information Security policies, standards, and procedures to the control library and maintain end-to-end traceability. Manage the full lifecycle for Information Security policies, standards, and procedures (intake, review, approvals, publication, exceptions/waivers alignment, periodic refresh, and retirement). Maintain the control inventory and generic control records in the GRC platform, including new control creation, narrative upkeep, and rationalization of duplicates. Develop and maintain control narratives that describe intent, design, operation, and evidence expectations for prioritized controls. Partner with Risk and assurance teams to define reusable test procedures and scripts, including standard evidence specs and opportunities for automation. Implement quality checks and periodic attestations (completeness, accuracy, mapping integrity, currency, and ownership) and drive remediation with control owners. Improve how requirements and controls are consumed: publish plain-language guidance, FAQs, and audience-specific views for engineers, operators, and leaders. Support framework alignment by validating mappings to industry frameworks (e.g., NIST SP 800-53) and recommending updates as needs and best practices evolve. Advise on control testing and RCSA maturation, including recommended KPIs/metrics, reporting, and combined assurance opportunities. Continuously improve governance processes, templates, and tooling to increase consistency, adoption, and auditability. The Skills & Expertise You Bring Bachelor’s degree in Cybersecurity, Risk Management, Business, Accounting, Legal Studies, or related field (or equivalent experience) Experience building or operating a control library/control governance program in a regulated environment (financial services preferred), including rationalization, ownership models, traceability, and documentation standards Strong knowledge of information security governance and control frameworks (e.g., NIST 800-53, ISO 27001) and how to translate requirements into clear control expectations and evidence standards Program discipline: build repeatable processes, manage to SLAs, maintain clean trackers, and drive closure across multiple concurrent priorities Strong partnership skills with Legal, Compliance, Risk, Internal Audit, and technology teams, including navigating sensitive topics, driving approvals, and aligning to enterprise positions Excellent writing and editing skills; able to produce clear, durable governance artifacts (policies, standards, narratives, mappings, and test scripts) usable by practitioners and defensible under review Strong judgment and attention to detail; comfortable operating with ambiguity, deadlines, and high scrutiny while maintaining sound governance Ability to influence without authority, driving timely decisions and action from distributed owners Core competencies: Control Governance Mindset: ability to define what “good” looks like for a control library (clarity, completeness, consistency, traceability) and to implement quality gates that keep it audit-ready and operationally usable. Framework Translation: ability to translate external frameworks and internal requirements into coherent control objectives, mappings, and plain-language guidance that teams can implement consistently. Stakeholder Management and Influence: ability to coordinate across Risk, Compliance, Internal Audit, and technology/control owners, driving alignment, timely decisions, and follow-through without direct authority. Precision in Documentation: ability to create and maintain high-quality control narratives, evidence expectations, and test procedures that are consistent, current, and reusable across assurance activities. Operating Model Discipline: ability to build repeatable governance processes (intake, review/approval, publication, versioning, metrics) and continuously improve them to reduce friction and increase adoption. Preferred qualifications: Experience with financial services regulatory frameworks and expectations (e.g., NYDFS 23 NYCRR 500, FFIEC, SOC 1/2, ISO 27001), and translating requirements into evidence and narratives Experience improving control and policy governance through process standardization and GRC tooling (e.g., control libraries, mapping taxonomies, workflow/approvals, reporting) and driving measurable reductions in duplication and rework Relevant industry certifications: CISA, CISM, CISSP, etc. You’ll Love Working Here Because You Can Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock-solid organization has in store for you. What we offer you: Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $147,100.00 to $220,700.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills. Market competitive base salaries, with a yearly bonus potential at every level. Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave. 401(k) plan with company match (up to 4%). Company-funded pension plan. Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs. Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development. Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs. Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. To find out more about our Total Rewards package, visit Work Life Balance | Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week. Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom. Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status, medical condition or any other characteristic protected by law. If you need an accommodation to complete the application process, please email View email address on click.appcast.io. If you are experiencing a technical issue with your application or an assessment, please email View email address on click.appcast.io to request assistance. Prudential Financial, Inc. (NYSE: PRU), a global financial services leader and premier active global investment manager with approximately $1.4 trillion in assets under management as of Dec. 31, 2023, has operations in the United States, Asia, Europe, and Latin America. Prudential’s diverse and talented employees help make lives better and create financial opportunity for more people by expanding access to investing, insurance, and retirement security. Prudential’s iconic Rock symbol has stood for strength, stability, expertise and innovation for 150 years. For more information please visit news.prudential.com. Our Commitment to an Inclusive Workplace Prudential Financial, Inc. serves its customers in more than 40 countries and territories, and we seek talented, creative individuals from a variety of backgrounds, worldviews, and life circumstances to work with us. We are focused on creating a fully inclusive culture, where all employees feel comfortable bringing their authentic selves to work. We don’t just accept difference—we celebrate it, support it, and thrive on it. At Prudential, employees have a unique opportunity to build their career path by owning their development, their career, and their future. We encourage employees to hone their skills and explore continued opportunities within Prudential. PGIM, the global asset management business of Prudential Financial, Inc. (NYSE: PRU), is a global investment manager with US $1.3 trillion in assets under management as of Dec. 31, 2023. With offices in 18 countries, PGIM’s businesses offer a range of investment solutions for retail and institutional investors around the world across a broad range of asset classes, including public fixed income, private fixed income, fundamental equity, quantitative equity, real estate, and alternatives. For more information about PGIM, visit pgim.com. Prudential Financial, Inc. (PFI) of the United States is not affiliated in any manner with Prudential plc, incorporated in the United Kingdom, or with Prudential Assurance Company, a subsidiary of M&G plc, incorporated in the United Kingdom. For more information please visit news.prudential.com. PGIM Inc. (PGIM) is the principal asset management business of Prudential Financial, Inc. (PFI), a company incorporated and with its principal place of business in the United States. PFI of the United States is not affiliated in any manner with Prudential plc, incorporated in the United Kingdom or with Prudential Assurance Company, a subsidiary of M&G plc, incorporated in the United Kingdom. Our Commitment to an Inclusive Workplace Prudential Financial, Inc. serves its customers in more than 40 countries and territories, and we seek talented, creative individuals from a variety of backgrounds, worldviews, and life circumstances to work with us. We are focused on creating a fully inclusive culture, where all employees feel comfortable bringing their authentic selves to work. We don’t just accept difference—we celebrate it, support it, and thrive on it. At Prudential, employees have a unique opportunity to build their career path by owning their development, their career, and their future. We encourage employees to hone their skills and explore continued opportunities within Prudential.