Director, Cybersecurity Program Management at Hyundai Capital America in Irvine, California

Job Description:

Description




Who We Are


Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.



We Take Care of Our People


Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:

• Medical, Dental and Vision plans that include no-cost and low-cost plan options

• Immediate 401(k) matching and vesting

• Vehicle purchase and lease discounts plus monthly vehicle allowances

• Paid Volunteer Time Off with company donation to a charity of your choice

• Tuition reimbursement



What to Expect


The Director, Cybersecurity Program Management will lead the design, development, implementation and management of the organization's cybersecurity strategy, governance, and risk management framework for the organization. This leadership role will ensure the organization's security posture aligns with business objectives, regulatory requirements, and emerging threat landscapes. This role will collaborate cross-functionally with executive leaders to articulate the impact of cybersecurity on the business and to establish strategic plans to improve and transform the organizational risk management framework.



What You Will Do


1. Strategic Planning and Leadership :

• Develop, implement, and manage comprehensive cybersecurity programs to safeguard HCA's company data, ensuring alignment with financial services industry regulations and business objectives.

• Oversee cybersecurity governance frameworks, policies, and incident response strategies.

• Lead and foster a culture of security awareness and training initiatives across the organization.

• Collaborate with executive leaders to articulate the impact of cybersecurity on the business and to develop long-term strategies to improve and transform the risk management framework.

2. Compliance :

• Ensure the organization's security policies, processes and technologies align with regulatory requirements and industry standards.

• Ensure adherence to laws and frameworks such as PCI-DSS, FFIEC, GLBA, SOX, NIST, and other relevant laws through regular cybersecurity compliance audits and risk assessments.

3. Governance:


• Ensure the organization's cybersecurity governance frameworks, policies and long-term strategies protect the organization's assets, align with regulatory requirements, and support business objectives.

4. Risk Management :

• Assess and mitigate security risks, ensuring a proactive approach to cyber threats and vulnerabilities.

• Ensure emerging cybersecurity trends and technologies, providing recommendations to enhance the security posture.

• Collaborate with IT, risk management, and compliance teams to ensure internal and third-party vendor cybersecurity practices meet regulatory requirements (e.g., PCI-DSS, FFIEC, GLBA, SOX, NIST) and manage security audits, risk assessments, and internal control evaluations.

5. Team Management and Development :

• Team Management: Lead, mentor, and develop teams fostering a culture of innovation and accountability.

• Cross-Functional Collaboration: Partner across business units to integrate cybersecurity transformation initiatives.

• Executive Communication: Present cybersecurity strategies, risks, and metrics to senior executives, translating technical concepts into business impacts.



Qualifications




What You Will Bring


• Minimum 10+ years progressive experience in cybersecurity governance, risk management, and compliance within financial services.

• Minimum 5 years in a leadership role.

• Bachelor's or Master's degree in Cybersecurity, Information Security, Risk Management, or a related field

• Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, and ITIL are highly desirable

• Strategic thought leader to develop and establish strategy and translate into functional plans to achieve organizational objectives.

• Strong knowledge of Information Security risk management frameworks, Governance, Risk, and Compliance process, IT general controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting)

• Strong knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO. 31000:2009, ISO 27005:2008; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 150, 161).

• Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations.

• Strong understanding of financial regulatory frameworks and cybersecurity best practices.

• Excellent leadership and stakeholder management skills.

• Ability to communicate complex security concepts to business leaders and technical teams.



Work Environment


Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.


The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.


California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here . This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA").

If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com .