• Security Strategy and Risk Management HOD

    Hyundai Autoever America (Irvine, CA)


    Company Overview

     

    Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.

     

    HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.

     

    At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.

     

    If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.

     

    Role Overview

     

    The Security Strategy and Risk Management Head of Department is a senior leadership role accountable for driving the unified governance, risk, compliance, strategy, and planning disciplines that underpin the Information Security program. This leader integrates both Integrated Risk Management (IRM) and Security Strategy & Planning (SS&P) functions into a cohesive organizational capability, ensuring the security program is well-governed, risk-informed, strategically aligned, and operationally effective. The key responsibilities of this role are as described below:

     

    Risk Governance & GRC Operations

     

    + Lead enterprise-wide risk assessment, risk issue management, and risk exception management to ensure ongoing visibility and treatment of information security and operational risks.

    + Maintain and enhance risk management frameworks aligned with industry best practices (NIST, ISO, etc).

     

    Compliance & Audit Management

     

    + Oversee the Information Security compliance and control assurance program, ensuring alignment with regulatory requirements and industry frameworks (ISO 27001, SOC 2, NIST, PCI DSS, etc.).

    + Lead coordination of internal and external audits, assessments, and certification processes

     

    Third-Party Risk Management

     

    + Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.

    + Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework

     

    Policy, Standards & Governance

     

    + Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures.

    + Manage policy exceptions, ensuring risk-aware and consistent decision-making aligned with regulatory and corporate expectations.

     

    Information Security Training & Awareness

     

    + Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.

    + Develop metrics and campaigns to measure awareness effectiveness and employee engagement.

     

    Security Strategy Development & Execution

     

    + Partner with the CISO to define and maintain the Information Security strategic roadmap, ensuring alignment with business goals, customer expectations, and risk priorities.

    + Drive annual and multi-year planning, capability development, and maturity improvement initiatives.

     

    Budget & Financial Management

     

    + Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization.

    + Ensure financial transparency and cost-efficiency across tools, services, staffing, and initiatives.

     

    Resource Planning & Workforce Strategy

     

    + Oversee resource and capacity planning across global security teams, ensuring proper allocation of FTEs, contractors, and service providers.

    + Partner with HR and Talent teams to shape hiring strategies, workforce development, and organizational design.

     

    KPI, Metrics & Service Delivery Monitoring

     

    + Develop and maintain dashboards and reporting structures for Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and OKRs across the Information Security program.

    + Ensure accurate Customer Business Unit (CBU) service delivery monitoring, SLA performance, and operational effectiveness assessments.

     

    Leadership & Stakeholder Engagement

     

    + Build, lead, and mentor a team across IRM, strategy, and planning functions.

    + Act as a trusted advisor to other senior leaders on risk posture, compliance maturity, strategic performance, and organizational priorities.

    Basic Qualifications:

    + Experience & Leadership: 15–20 years of progressive experience across Information Security, GRC/Risk Management, customer/vendor security management and/or strategic operations.

    + Education: Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Business Administration or a related discipline.

    + Technical Expertise: Excellent stakeholder management, communication, and leadership skills. Demonstrated experience working across multi-disciplinary teams to achieve common objectives.

    + Language Skills: Proficient in English for effective communication and coordination.

    Preferred Qualifications:

    + Education and Certifications: Masters degree in Cybersecurity, Risk Management or Business Administration is preferred. Industry-recognized credentials such as PMP, PRINCE2, CISA, CISM, or CISSP are highly desirable.

    + Framework Experience: Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks is an advantage.

    + Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

    + Client-Facing Experience: Background in cybersecurity consulting or advisory services, particularly in risk management, is a plus.

    Team Culture:

    Our team thrives on collaboration, innovation, and continuous learning. We foster a supportive environment where every member is encouraged to share ideas and contribute to problem-solving. We value:

     

    + Passion for Technology: We are enthusiastic about emerging technologies and their potential to transform the automotive industry.

    + Agility: We work in an agile environment, adapting quickly to changes and continuously improving our processes.

    + Teamwork: We believe in the power of teamwork and collaboration, supporting each other to achieve common goals.

    + Growth: We prioritize personal and professional growth, offering opportunities for learning and development.

    + Inclusivity: We maintain an inclusive culture where diverse perspectives are valued and everyone feels welcome.

     

    Base Salary Range: $181,240 - $ 259,160

     

    Our Company adheres to the equal employment opportunity guidelines set forth by federal, state and local laws. The information requested on this form is sought in good faith and will not be used to discriminate against the applicant based on race, religion or creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic characteristics, marital status, sex or gender (which includes pregnancy, childbirth, or related circumstances), gender identity, gender expression, age, citizenship, sexual orientation, family care or medical leave status, military and veteran status, political affiliation, or any other characteristic protected by federal, state and local laws.

     

    Powered by JazzHR