Job Classification:
Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.

Your Team & Role

As a Director, Vulnerability Management & Cloud Continuous Monitoring on the Attack Surface Management Team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other groups in Prudential to lead Prudential's Vulnerability Management and Cloud security efforts across the global enterprise.

• Management of requirements for scanning policies, coverage and lifecycle management processes for vulnerabilities and misconfigurations (Qualys, Wiz). This includes configuration-based assessments where automated detections are not available.
• Responsible for assuring completeness of external scanning environments, the assessments related to DMZ processes and approvals.
• Identification and monitoring of high-risk software, services and ports.
• Responsible for continuously monitoring threat intelligence and industry sources (NVD, EPSS, CISA, core vendors) for emerging risk and proactive response.
• Responsible for continuous monitoring of attack surface and ensuring remediation governance via escalation to business and risk advisors.
• Development and oversight for vulnerability management related tools, configuration policies, documentation and standard operating procedures and processes to ensure consistency in vulnerability management operations.
• Oversee the development of automation workflows in collaboration with the ASM Orchestration team.
• Own and manage the emergent vulnerability response playbook and risk assessment and triage processes.
• Partner with CTO organization to establish security standards, design requirements and build the roadmap to implement cloud security controls to ensure the secure deployment of cloud-based resources.
• Operationalize new processes for cloud and container continuous monitoring.
• Manage KRIs to monitor the risk and health of the VM program.
• Provide mentorship, training, and guidance for team members, including periodic reviews and individual development plans.
• Support managers and Prudential leadership on new initiatives and opportunities to grow our security practices.
• Ensures proper communication of the program's results, opportunities, and deficiencies, as needed, to Prudential upper management.
• Align findings for a centralized reporting capability for the enterprise.
• Perform security assessments and other duties as assigned.
• Manage the day-to-day Operations teamwork, while guiding and transferring knowledge to more junior team members. Guides teams through project work, team goals, and align resources to meet deadlines.
• Function as the escalation point for all Security Operations daily operational work as well as project work from more junior staff on the team
• Leverage Security Operations and tool/process specific knowledge to resolve complex technical/process/people problems the team faces.
• Leverage organizational and industry knowledge to bridge gaps between the Security Operations teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.
• Partner with leadership to set direction for the future of the VM and Cloud Security monitoring program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations.
• Bring a deep understanding of relevant and emerging technologies, give technical direction to team members, and embed learning and innovation in the day-to-day Maintain a broad knowledge of innovative security principles and theory.
• Tracking, rating and ranking of highly critical vulnerabilities along with all coordination with business unit owners to ensure required adherence to SLAs.
• Responsible for review and approval of remediation deferment requests, escalation where appropriate

• Bachelor of Computer Science or Engineering or experience in related fields
• Demonstrated leadership and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization.
• Knowledge of security concepts tools and processes that are needed for making sound decisions and assessment of risk in the context of the company's business.
• Continually advance skills and knowledge on an on-going basis through self-initiative and tackling challenges and act as a mentor for the team to upskill.
• Excellent problem solving, communication and collaboration skills.

• Hands on experience with VM tools and tools used to determine risk and triage response activities.
• Advanced experience in the Information Security industry
• Experience using industry-standard vulnerability scanning and security tools (Qualys, Tenable, Wiz, NMAP, Cloud Native - AWS, Azure)
• Experience with standard frameworks, such as OWASP, MITRE ATT&CK, and NIST.
• In-Depth knowledge of threat intelligence frameworks & methodology that will help aid the response process.
• Proficient in scripting languages such as Python, PowerShell
• Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), Web Application Firewalls (WAFs) security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).

• CISSP
• Cloud (AWS, Azure, GCP, etc.) Certs
• Other Security Certifications beyond intro level

• Market competitive base salaries, with a yearly bonus potential at every level
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave
• Retirement plans:
• 401(k) plan with company match (up to 4%)
• Company-funded pension plan
• Wellness Programs to help you achieve your wellbeing goals, including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Tuition Assistance to help finance traditional college enrollment toward obtaining an approved degree, many accredited certificate programs, and industry designations.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.