Sr. Cybersecurity Risk Manager

Overview

Join to apply for the Sr. Cybersecurity Risk Manager role at Hyundai Capital America
.

Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach.

We believe that success comes from within and are proud to support our team members through skill development and career advancement.

Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.

• Medical, Dental and Vision plans that include no-cost and low-cost plan options
• Immediate 401(k) matching and vesting
• Vehicle purchase and lease discounts plus monthly vehicle allowances
• Paid Volunteer Time Off with company donation to a charity of your choice
• Tuition reimbursement

The Sr. Cybersecurity Risk Manager requires a deep understanding of security risk management and the evolving threat landscape, ensuring the internal security risk strategy is resilient and forward-thinking to oversee the security risk posture internally, proactively identifying, assessing, and mitigating risks that could impact business operations, financial stability, and regulatory compliance. In addition, this role may assist the development of vendors/partners security risk evaluation to ensure alignment with our cybersecurity policies, regulatory requirements, and risk mitigation strategies.

• Develop and execute internal security risk assessments, threat modeling, and impact analyses to identify vulnerabilities across internal leveraged solutions, systems, applications, and processes including guiding and supporting team to ensure effective collaboration for assigned projects and work efforts.
• Develop, execute and enhance a cybersecurity risk management framework aligned with business objectives and regulatory requirements.
• Establish and maintain security risk metrics by tracking Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), along with reporting mechanisms to communicate cybersecurity effectiveness and provide actionable insights to executives and stakeholders.
• Manage governance around internal cybersecurity risks, ensuring compliance with internal security policies and regulatory requirements.

• Minimum 8 years progressive experience in cybersecurity governance, risk management, or compliance with a deep understanding of security risk management, system development life cycle (SDLC), and the evolving threat landscape ensuring the internal security risk strategy is resilient and forward-thinking.
• Financial services industry preferred.
• Bachelor’s degree in finance, business or related discipline.
• Certifications such as CISSP, CISM, CRISC, CGEIT, and ITIL are highly desirable.
• Strong knowledge of Information Security risk management frameworks, Governance, Risk, and Compliance process, IT general controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting)
• Strong knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO , ISO ; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 53, 150, 161)
• Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations
• Strong understanding of financial regulatory frameworks and cybersecurity best practices.
• Intermediate skills with Microsoft Office Suite, including Word, Excel and PowerPoint.
• Ability to communicate complex security concepts to business leaders and technical teams.
• Proven ability to assess risk, interpret security findings, and provide strategic guidance.
• Exceptional attention to detail and quality.
• Ability to work autonomously and in a team environment.
• Excellent verbal and written communication, including presentation skills.
• Excellent interpersonal skills to successfully collaborate with cross functional departments.
• Strong orientation toward results coupled with reputation for integrity, creativity and good judgment.
• Must have the ability to challenge, when appropriate, existing practices.

Employees in this class are subject to extended periods of sitting,…