"Alerted.org

Integrated Risk Management Head of Department (HOD)

Location – Irvine, CA

Company Overview

Hyundai AutoEver America (HAEA) , the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.

HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.

At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.

If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.

What You Will Be Doing

The Integrated Risk Management (IRM) Head of Department is a senior leadership role responsible for maintaining and leading the governance, risk, and compliance (GRC) functions that enable the effective management of information security risk across the enterprise and business units. This leader will update and operationalize a cohesive IRM strategy that aligns with corporate and business unit objectives, regulatory requirements, and global business operations.

This role partners closely with Information Security leadership, business units, and corporate functions to ensure that risk management and compliance activities are integrated, transparent, and actionable across the organization. The key responsibilities of this role are as described below:

Governance, Risk and Compliance (GRC)

+ Oversee the enterprise-wide risk management lifecycle, including risk assessments, risk issue management, and risk exception management processes.

+ Develop, update and maintain frameworks for identifying, assessing, mitigating, and monitoring security and operational risks.

+ Ensure that risk posture and metrics are accurately reported to executive leadership, governance committees, business units and fellow heads of department.

Compliance Management

+ Lead the Information Security compliance program, ensuring alignment with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, NIST, etc).

+ Coordinate and manage internal and external audits, assessments, and attestations.

+ Partner with Legal, Privacy, and other control functions to ensure consistent and effective control implementation and testing.

Third-Party Risk Management

+ Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.

+ Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework.

Policy and Standards Management

+ Oversee the maintenance and governance of information security policies, standards, and procedures.

+ Ensure policies reflect best practices, regulatory expectations, and evolving threat landscapes.

+ Establish governance forums for policy exceptions and periodic reviews.

+ Ensure adoption of relevant policies and standards across business units.

Training and Awareness

+ Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.

+ Develop metrics and campaigns to measure awareness effectiveness and employee engagement.

Leadership and Strategy

+ Serve as a trusted advisor to the CISO and executive management, providing insights on risk posture, compliance maturity, and control effectiveness.

+ Build and lead a high-performing, GRC team across North America.

+ Lead the maintenance, and continuous evolution of the GRC platform to meet enterprise and business unit needs.

+ Drive continuous improvement through automation, data-driven decision-making, and integration of IRM technologies and platforms.

Qualifications and Experience

+ 15–20 years of progressive experience in Information Security and GRC.

+ Proven track record managing global risk and compliance programs in complex, multinational organizations.

+ Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks.

+ Experience leading audits, certifications, and regulatory assessments.

+ Strong stakeholder management and communication skills, with the ability to influence across all organizational levels and business units.

+ Bachelor’s degree in Information Security, Risk Management, or related field.

Preferred Qualifications:

+ Education and Certifications : Masters degree in Cybersecurity, Risk Management or Business Administration is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor) preferred.

+ Framework Experience : Deep understanding of risk management frameworks (NIST, ISO 31000, COSO), security standards (ISO 27001, NIST CSF), and regulatory requirements (GDPR, PCI DSS, etc.) is preferred.

+ Language Skills : Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

+ Client-Facing Experience : Background in cybersecurity consulting or advisory services, particularly in risk management, is a plus.

Base Salary Range: $181,24 - $259,160

Powered by JazzHR