Lead, Attack Surface Management

About The Position

Requirements

• 5+ years of experience in information security, with at least 3 years focused on cloud database security.
• Experience with Vulnerability management lifecycle best practices and tools used for compliance and vulnerability cloud monitoring (Wiz, Guardium, Cloud Native – AWS, Azure)
• Experience with standard frameworks, such as MITRE ATT&CK, CIS and NIST.
• Deep understanding of cloud platforms (AWS, Azure, GCP) and their database services.
• Experience with database security tools, encryption, access controls, and key management.
• Strong knowledge of regulatory and compliance frameworks relevant to data protection.
• Demonstrated leadership and team management skills.
• Excellent communication and stakeholder management abilities

Responsibilities

• Develop and execute a comprehensive cloud database security strategy aligned with organizational goals and compliance requirements.
• Lead the design and implementation of security controls for cloud-based databases. Develop and maintain cloud database security policies, procedures, and best practices in alignment with industry standards and regulatory requirements and compliance.
• Formalize the security requirements to evaluate, procure and operationalize a Cloud DB solution to support threat detection, vulnerabilities and configuration compliance
• Oversee the identification, assessment, and mitigation of security risks related to cloud data storage and access.
• Implement and manage monitoring, detection, and response processes for potential threats and vulnerabilities impacting cloud databases.
• Collaborate with DevOps, IT, and application teams to ensure secure cloud database deployments and configurations.
• Ensure compliance with relevant standards and regulations (e.g., GDPR, HIPAA, PCI DSS, SOC 2, SOX, ISO 27001, and others as required).
• Conduct regular vulnerability and configuration risk assessments on cloud database systems to assess effectiveness and support hardening efforts.
• Track, prioritize, and orchestrate remediation activities for any vulnerability and compliance issues identified in the platform, ensuring timely remediation.
• Implement policies for continuous monitoring and preventive controls.
• Maintain documentation and artifacts for compliance reporting and certifications.
• Collaborate with external partners, vendors, and auditors to ensure compliance with security standards and regulations.
• Responsible for continuous monitoring of cloud database attack surface and ensuring remediation governance via escalation to business and risk advisors.
• Support managers and Prudential leadership on new initiatives and opportunities to grow our security practices.
• Ensures proper communication of the program’s results, opportunities, and deficiencies, as needed.
• Responsible for review and approval of remediation deferment requests, escalation where appropriate

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level .
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave .
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.
• Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance.