Director, Information Security Governance

About the role

Job Classification: Technology - Information Security Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions. Your Team As a Director, Information Security Governance in the Information Security Office, you will lead the strategy and day-to-day execution of the Information Security control and policy governance ecosystem. You will ensure the Information Security control library is complete, current, and usable, and that Information Security standards, procedures, and policies are effectively governed end-to-end. Reporting to the Vice President, Information Security GRC, you will work closely with Risk Management and key control stakeholders to define and maintain the Information Security control library (including taxonomy, mapping, narratives, and testing artifacts and scripts), and to ensure controls and requirements are integrated into the platforms and processes where teams plan, build, operate, and demonstrate compliance. You will partner across Technology, Risk, Compliance, and control owners to drive consistency, reduce duplication, and improve transparency, so that people can understand what is required, what control exists, who owns it, and how it is evidenced and tested. Here is What You Can Expect on a Typical Day Own the operating model for the Information Security control library (taxonomy, metadata, ownership, workflow, and quality gates) in partnership with Risk and key stakeholders. Map Information Security policies, standards, and procedures to the control library and maintain end-to-end traceability. Manage the full lifecycle for Information Security policies, standards, and procedures (intake, review, approvals, publication, exceptions/waivers alignment, periodic refresh, and retirement). Maintain the control inventory and generic control records in the GRC platform, including new control creation, narrative upkeep, and rationalization of duplicates. Develop and maintain control narratives that describe intent, design, operation, and evidence expectations for prioritized controls. Partner with Risk and assurance teams to define reusable test procedures and scripts, including standard evidence specs and opportunities for automation. Implement quality checks and periodic attestations (completeness, accuracy, mapping integrity, currency, and ownership) and drive remediation with control owners. Improve how requirements and controls are consumed: publish plain-language guidance, FAQs, and audience-specific views for engineers, operators, and leaders. Support framework alignment by validating mappings to industry frameworks (e.g., NIST SP 800-53) and recommending updates as needs and best practices evolve. Advise on control testing and RCSA maturation, including recommended KPIs/metrics, reporting, and combined assurance opportunities. Continuously improve governance processes, templates, and tooling to increase consistency, adoption, and auditability. The Skills & Expertise You Bring Bachelor's degree in Cybersecurity, Risk Management, Business, Accounting, Legal Studies, or related field (or equivalent experience) Experience building or operating a control library/control governance program in a regulated environment (financial services preferred), including rationalization, ownership models, traceability, and documentation standards Strong knowledge of information security governance and control frameworks (e.g., NIST 800-53, ISO 27001) and how to translate requirements into clear control expectations and evidence standards Program discipline: build repeatable processes, manage to SLAs, maintain clean trackers, and drive closure across multiple concurrent priorities Strong partnership skills with Legal, Compliance, Risk, Internal Audit, and technology teams, including navigating sensitive topics, driving approvals, and aligning to enterprise positions Excellent writing and editing skills; able to produce clear, durable governance artifacts (policies, standards, narratives, mappings, and test scripts) usable by practitioners and defensible under review Strong judgment and attention to detail; comfortable operating with ambiguity, deadlines, and high scrutiny while maintaining sound governance Ability to influence without authority, driving timely decisions and action from distributed owners Core competencies: Control Governance Mindset: ability to define what "good" looks like for a control library (clarity, completeness, consistency, traceability) and to implement quality gates that keep it audit-ready and operationally usable. Framework Translation: ability to translate external frame