Job Description

Prudential\'s purpose is to help people get the most out of life. We will deliver our purpose by creating a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people\'s career ambitions. We pledge to make Prudential a place where you can Connect, Grow and Succeed.

Job Purpose

The Senior Manager, Security Management & Engagement, is responsible for ensuring the adequate protection of the confidentiality, integrity and availability of business information assets against latest threats and vulnerabilities as well as ensuring ongoing adherence to Group, Regional and country regulations and policies with respect to information security and privacy.

Essential Job Duties & Responsibilities

• Coaches and provides sound information security direction, advice and consultation
• Facilitates assessments over information security management controls and third-party assessments.
• Facilitates implementation of appropriate access using knowledge of business roles and assists management with performing regular access certifications.
• Proactively engages the businesses to identify, document and drive remediation of risks by working with the business to design, implement or otherwise improve control activities to achieve Information Security objectives.
• Leads data protection program within each of the business units assigned, including unstructured data classification activities.
• Participates in the identification of Information Security Training and Awareness needs assessment on a regular basis and supports implementation of Information Security training and awareness plan and associated activities.
• Ensures stakeholders understand the state of the controls they are accountable for and understand their responsibilities as to risk mitigation and remediation.
• Provides direction on process improvements, remediating control gaps, and enhancing current tools for strengthening the overall information security control posture.
• Advises the business on security policies and standards to achieve security objectives and reduce the likelihood and impact of security risks.
• Plans and coordinates Information Security projects and initiatives within the business according to established plans and timelines.
• Works to ensure monitoring and tracking of country, state and federal regulations pertinent to information security and privacy within the assigned business area(s).
• Liaises and facilitates internal audit, external audit, investigation and compliance review of security activities employed by the business.
• Coordinates the understanding and reporting on the overall information security risk posture of the business unit, providing a holistic view of vulnerabilities and associated risks to the business and Information Security.

Knowledge, Skills & Abilities

• Communication - Able to work and spread positive "security awareness and control due-diligence" influence with people from various level of the organization effectively.
• Technical Depth - Technically competent to be able to translate information security topics, initiatives / program into something that is digestible for stakeholders outside of information security community.
• Technical Breadth - Display subject matter experience in diverse information security and Privacy areas (e.g. application security, Cloud security, Vulnerability Management, agile lifecycle management, DevSecOps, etc)
• Know your Business - Strong business acumen within the insurance / financial services industry and related operational fields.
• Controls Framework - Knowledge of industry control framework, best practise, laws (e.g. GDPR, countries privacy laws, etc) and regulatory landscape
• Risk Management - Able to provide information security advises and opinions that continuously strike the right balance between controls enforcement, risk appetite and nett risk exposure.

Education and Experience

• 5+ years experiences in privacy, security, or related data protection fields.
• Bachelors degree or equivalent professional experience required.
• Legal and/or financial services background/experience preferred.
• Other Privacy Certifications such as CIPP/M or CIPT preferred.

• Certified Information Security Professional (CISSP), or other related certifications (e.g. CISM, CISA) preferred.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with special requirements.