Sr. Information Security Risk Manager
Apply NowCompany: Hyundai Capital America
Location: Irvine, CA 92620
Description:
Description
Who We Are
Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.
We Take Care of Our People
Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:
Medical, Dental and Vision plans that include no-cost and low-cost plan options
Immediate 401(k) matching and vesting
Vehicle purchase and lease discounts plus monthly vehicle allowances
Paid Volunteer Time Off with company donation to a charity of your choice
Tuition reimbursement
What to Expect
The Sr. Information Security Risk Management Manager develops, manages, and supports internal/external risk management programs, risk assessments, vendor assessment programs, policy exceptions, and audit remediation execution to align InfoSec risk management activities with business objectives and risk tolerance. Identifies and mitigates potential risks through threat analysis, risk treatment planning, risk monitoring; and supports initiatives for HCA global standards and compliance.
What You Will Do
1. Vendor Risk Management
Develop and execute Information Security Vendor Risk Management Program.
Create and maintain policies and procedures.
Perform Vendor Risk Assessments (external).
Perform Vendor Risk Due Diligence Analysis and Vendor Risk Reporting.
Manage, implement, including the design, integration, and operational management of vendor risk management tool solutions.
2. Information Protection Risk Registry
Manage the tracking and reporting of Information Protection Risks Registry identified from IPD, IT, Business, and Internal Audit Controls.
Act as the Project Lead and collaborate with risk owners to develop remediation plans, track status, develop monthly management reports.
Maintain regular management reporting and update the risk status in the Information Protection Risk Register.
3. Cybersecurity Program Examinations
4. Lead the response to Cybersecurity program examinations and support regulatory (state and federal) initiatives to support the business.
5. Collaborate with Business and IT counterparts to support examination responses, ensure alignment with compliance and risk management.
6. Information Protection Projects/Initiatives
7. Support IPD functions including Information Security Risk Management projects, Governance, Risk, Compliance (GRC) Reviews, Audit Control Reviews, and other GSIF ISO27001 reviews to ensure compliance with Headquarters' Global Governance Policy.
Qualifications
What You Will Bring
Minimum 8 years progressive experience in Cyber Security Risk Management, Vendor Risk Management, IT General Control (ITGC) operations, governance, risk, auditing and compliance is required.
Must be proficient in Risk Management Planning, Governance, Risk and Compliance (GRC) Activities, Risk Management Frameworks, and proficient Literacy in Auditing, IT Systems, Open Systems Interconnection (OSI) Layer Model.
Bachelor's degree preferably in Computer Science, Information Security, IT, or other related area of study, or equivalent experience.
One of the following: CISSP, CISM, CISA, ITIL, or other related information security certification is required.
Strong knowledge of Information Security Risk Management Frameworks, Governance, Risk, and Compliance process, IT General Controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting).
Strong knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO 31000:2009, ISO 27005:2008; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 150, 161).
Demonstrated implementation skills using Cyber Security Governance, Risk, Compliance (GRC) Tools, Cyber Security, Vulnerability Assessment and Audit Test Tools.
Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation and other related regulatory requirements.
Proficient with business requirement development and policy documentation to execute risk management programs.
Excellent communication skills, problem solving, attention to detail, strong analytical skills, adapt quickly to change, project management skills, teamwork, ethical decision making and sound judgement.
Work Environment
Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.
The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.
California Privacy Notice
This notice only applies to our applicants who reside in the State of California.
The latest version of our Privacy Policy can be found here . This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA").
If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com .
Who We Are
Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.
We Take Care of Our People
Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:
Medical, Dental and Vision plans that include no-cost and low-cost plan options
Immediate 401(k) matching and vesting
Vehicle purchase and lease discounts plus monthly vehicle allowances
Paid Volunteer Time Off with company donation to a charity of your choice
Tuition reimbursement
What to Expect
The Sr. Information Security Risk Management Manager develops, manages, and supports internal/external risk management programs, risk assessments, vendor assessment programs, policy exceptions, and audit remediation execution to align InfoSec risk management activities with business objectives and risk tolerance. Identifies and mitigates potential risks through threat analysis, risk treatment planning, risk monitoring; and supports initiatives for HCA global standards and compliance.
What You Will Do
1. Vendor Risk Management
Develop and execute Information Security Vendor Risk Management Program.
Create and maintain policies and procedures.
Perform Vendor Risk Assessments (external).
Perform Vendor Risk Due Diligence Analysis and Vendor Risk Reporting.
Manage, implement, including the design, integration, and operational management of vendor risk management tool solutions.
2. Information Protection Risk Registry
Manage the tracking and reporting of Information Protection Risks Registry identified from IPD, IT, Business, and Internal Audit Controls.
Act as the Project Lead and collaborate with risk owners to develop remediation plans, track status, develop monthly management reports.
Maintain regular management reporting and update the risk status in the Information Protection Risk Register.
3. Cybersecurity Program Examinations
4. Lead the response to Cybersecurity program examinations and support regulatory (state and federal) initiatives to support the business.
5. Collaborate with Business and IT counterparts to support examination responses, ensure alignment with compliance and risk management.
6. Information Protection Projects/Initiatives
7. Support IPD functions including Information Security Risk Management projects, Governance, Risk, Compliance (GRC) Reviews, Audit Control Reviews, and other GSIF ISO27001 reviews to ensure compliance with Headquarters' Global Governance Policy.
Qualifications
What You Will Bring
Minimum 8 years progressive experience in Cyber Security Risk Management, Vendor Risk Management, IT General Control (ITGC) operations, governance, risk, auditing and compliance is required.
Must be proficient in Risk Management Planning, Governance, Risk and Compliance (GRC) Activities, Risk Management Frameworks, and proficient Literacy in Auditing, IT Systems, Open Systems Interconnection (OSI) Layer Model.
Bachelor's degree preferably in Computer Science, Information Security, IT, or other related area of study, or equivalent experience.
One of the following: CISSP, CISM, CISA, ITIL, or other related information security certification is required.
Strong knowledge of Information Security Risk Management Frameworks, Governance, Risk, and Compliance process, IT General Controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting).
Strong knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO 31000:2009, ISO 27005:2008; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 150, 161).
Demonstrated implementation skills using Cyber Security Governance, Risk, Compliance (GRC) Tools, Cyber Security, Vulnerability Assessment and Audit Test Tools.
Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation and other related regulatory requirements.
Proficient with business requirement development and policy documentation to execute risk management programs.
Excellent communication skills, problem solving, attention to detail, strong analytical skills, adapt quickly to change, project management skills, teamwork, ethical decision making and sound judgement.
Work Environment
Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.
The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.
California Privacy Notice
This notice only applies to our applicants who reside in the State of California.
The latest version of our Privacy Policy can be found here . This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA").
If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com .