Sr. Cybersecurity Compliance Manager en Hyundai Capital America

Who We Are

Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships.  We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.

We Take Care of Our People

Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:

·         Medical, Dental and Vision plans that include no-cost and low-cost plan options

·         Immediate 401(k) matching and vesting

·         Vehicle purchase and lease discounts plus monthly vehicle allowances

·         Paid Volunteer Time Off with company donation to a charity of your choice

·         Tuition reimbursement

What to Expect

The Sr. Cybersecurity Compliance Manager is responsible for tasks and projects that support HCA process and technology compliance with company policies, regulatory requirements, and industry standards.  This role will conduct compliance related research, program development, monitoring, and support internal/external assessments, including consulting with stakeholders regarding applicable compliance requirements.

What You Will Do

1.     Design, develop, and implement programs supporting compliance with HCA policies, PCI-DSS, IS27001:2022 (GSIF), FFIEC, GLBA, NYDFS Cybersecurity Regulation, and other relevant regulations.

2.     Manage the internal/external audits/assessments (i.e., evidence identification, interpretation, validation, and delivery) regarding compliance with requirements for HCA policies, PCI-DSS, IS27001:2022 (GSIF), FFIEC, GLBA, NYDFS Cybersecurity Regulation, and other relevant regulations by collaborating with internal audit.

3.     Monitor system operations associated with HCA policies, PCI-DSS, IS27001:2022 (GSIF), FFIEC, GLBA, NYDFS Cybersecurity Regulation, and other relevant regulations. Overseeing required remediation when security gaps/observations are identified.

4.     Develop metrics and reporting to identify cybersecurity compliance gaps and priorities for leadership awareness/attention. Serve as the cybersecurity advisor for compliance assurance.

5.     Participate with the execution of Information Security risk management initiatives including IT Operation Risk Assessments, Cloud Application Risk Assessments, and Vulnerability Risk Assessments.

What You Will Bring

·         Minimum 8 years progressive work experience in cybersecurity governance, risk management, or compliance within a private sector company environment significantly governed by Federal and state regulations.

·         Bachelor’s degree in Cybersecurity, Information Security, Risk Management, or related field.

·         One or more certifications in CISSP, CGEIT, CRISC, CISM required.

·         Expert knowledge of Information Security risk management frameworks, Governance, Risk, and Compliance process.

·         Expert knowledge of PCI-DSS 4.0 and Information Security & Risk Frameworks including, but not limited to ISO 27001:2022, ISO27005:2022, NIST SP 800-30, NIST SP 800-37.

·         Expert knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, FFIEC, SOX, and other relevant laws and regulations.

·         Understanding of financial regulatory frameworks and cybersecurity best practices.

·         Ability to communicate complex security concepts to business leaders and technical teams.

Work Environment

Employees in this class are subject to extended periods of sitting, standing and walking, and using a computer. Work is performed in an office environment.

The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.

California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 (“CCPA”). 

If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at [email protected].