Lead, Identity & Access Management

Job Classification:
Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability, and efficiency? The Identity & Access Management team in Information Security Office (ISO) takes great pride in our culture where information security is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.

As Lead, Database & Mainframe Security in the Identity & Access Management team you will partner with product owners, tech leads, designers, engineers, and delivery professionals to improve Prudential's Identity Management platform. An important function is to ensure the Identity Management platform on the mainframe, and access controls for databases remains in compliance with the Information Security Standards and processes. You will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.

• Mentor and codify:
  Work with team members to review JCL, RACF resource design, and dataset protections; convert tribal knowledge into runbooks with prechecks, rollback steps, and post deployment verification.
• Reduce unplanned work:
  Triage requests (Service Now/ISAMS), drive root cause fixes (e.g., account ownership hygiene, exception profile cleanup), and feed learnings back into automation to lower ticket volume.
• Automate the repetitive:
  Build or refine REXX/Ansible playbooks that standardize RACF certificate tasks, profile updates, and evidence generation.
• Advance ISO IAM alignment:
  Translate enterprise IAM standards into concrete controls and monitoring. Document gaps; propose remediation steps (recertification runs, ownership cleanups, exception reviews).
• Partner with Database/platform teams to implement and validate role based access for DB2 on z/OS (and other strategic on-prem or Cloud databases), review privileged roles, use appropriate tools to monitor identity and access compliance.
• Operate with precision:
  Execute certificate renewals or migration integrated workflow; validate application connectivity (CICS regions, MQ channels, DB2 subsystems) and capture audit ready evidence.
• When change windows arise:
  Participate in well scripted changes-but continuously shrink manual effort and shorten windows through automation, better staging, and reusable validation scripts.
• Share knowledge:
  Lead short "tech huddles" to demonstrate a new playbook, PKI improvement, or monitoring enhancement-highlighting transferable security skills that apply across platforms (PKI/TLS, IAM lifecycle, zero trust controls, automation at scale).

• Bachelor of Computer Science or experience in identity security related field.
• Strong expertise with RACF (or CA Top Secret) at system level, identity lifecycle, resource protection, and global controls.
• PKI on z/OS:
  Expertise creating, importing, and managing certificates, keyrings, CAs, and trust chains; operational understanding of cert usage across DB2, CICS, MQ, TN3270, LDAP, z/OSMF.
• Comfortable with TSO/ISPF, JCL, SMF, JES; working knowledge of SMP/E and z/OSMF workflows for controlled changes.
• Proven scripting with REXX (and/or Ansible using z/OS collections); ability to turn runbooks into repeatable automated workflows (pre checks, execution, validation, rollback).
• Comfortable building small utilities (e.g., SMF parsers, RACF report generators) to standardize evidence and reduce manual toil.
• Experience designing or operating access controls for DB2 or similar RDBMS (e.g., Oracle, SQL Server, Postgre
  
  SQL) including role/privilege modeling, service account governance, and comfort collaborating with DBA/infra teams on least privilege enforcement.
• Practical knowledge of ISO IAM (or equivalent) and the skill to map standards to z/OS controls and monitoring.
• Hands on experience with access hygiene: dormant n, group/ownership transitions at scale, and recertification cycles; familiarity with Vanguard (or equivalent) reporting.
• Awareness of privileged operations across CA PAM/Auto Sys; ability to streamline password update/reset workflows and secure tables.
• Strong grasp of TLS/PKI, cryptography basics, and mainframe authentication paths; able to detect and mitigate risks arising from certificate, policy, or ownership misconfigurations.
• Change management discipline - designs safe, testable changes; documents guardrails; produces reliable audit grade evidence.
• Communicates clearly with non mainframe stakeholders, framing improvements in transferable security concepts (IAM lifecycle, least privilege, PKI automation, zero trust).
• Mindset that thrives here:
  You enjoy making "complex + critical" simpler and safer through automation.…