Executive Director, Information Protection at Hyundai Capital America in Irvine, California

Job Description:

Description




Who We Are


Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.



We Take Care of Our People


Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:

• Medical, Dental and Vision plans that include no-cost and low-cost plan options

• Immediate 401(k) matching and vesting

• Vehicle purchase and lease discounts plus monthly vehicle allowances

• Paid Volunteer Time Off with company donation to a charity of your choice

• Tuition reimbursement


What to Expect


The Executive Director, Information Protection serves as the head of the Information Protection Department for Hyundai Capital America (HCA) and Hyundai Capital Canada (HCCA) and acts as the technical liaison to executive leadership on threat landscapes, relevant control frameworks, risk management approaches, regulatory requirements, industry standards, and best practices. In addition, this position collaborates with Internal Audit, Compliance, Legal, Privacy, IT Infrastructure, Application and Digital Departments, Central Data Office, Procurement, Vendor Management Office, and third parties to continuously improve security controls and regulatory compliance.


The Information Protection Department consists of Security Operations and Security Governance with a focus on understanding risks to company data and information resources while developing programs and strategies to remediate or mitigate the risks aligned with the Company's risk tolerance levels.



What You Will Do


1. Strategy

• Evolve program strategies that are aligned to the threat landscape, risk exposure, organizational requirements, business priorities, best practices, industry standards, and applicable laws & regulations, and that manage risks within tolerance levels.

• Design, implement, and monitor technology solutions and services that support department programs and ensure they are properly administered, maintained, and refreshed. Some solutions include Data Loss Prevention (DLP), network access controls, Identity Access Management, endpoint protection, encryption, vulnerability management, content filtering, IDS/IPS, multi-factor authentication, next-gen firewalls, VPN, MSS SOC, and various other solutions used to enforce policies and to ensure that sensitive company information is adequately controlled at rest, in use, in transit, and during disposition.

• Evolve enterprise-wide programs, policies, procedures, and standards that align to existing security and privacy control frameworks. Relevant frameworks include ISO 27001/2, CIS Critical Security Controls, and the Global Security Integrated Framework.

2. Risk Management

• Maintain integration into business processes (e.g., staff onboarding, MSA/SOW reviews, procurement activities, change management processes, business and system requirements documents, PMO lifecycles, information sharing requests, and vendor management) to proactively identify and treat risks.

• Design and maintain a PII inventory that captures critical data elements, data flows, and locations to ensure proper use and controls.

• Ensure compliance with security regulatory requirements (e.g., NYDFS, GLBA, and CCPA) across federal, state, and local environments.

• Evolve a risk assessment program that regularly assesses internal and external cyber risks and monitors remediation activities. Regularly evaluate and manage risk exposure from third party vendors.

3. Security Enterprise Awareness

• Evolve a Training and Awareness program that seeks to align user behaviors with policies and desirable practices.

• Provide quarterly program updates to the HCA Information Protection Review Board and the HCCA Information Protection Steering Committee. Include an annual report on the cybersecurity program and material cybersecurity risks.

• Maintain transparent and comprehensive lines of communication with senior executive leadership at HCA, HCCA, and Hyundai Capital Services in Korea to ensure enterprise alignment and real-time awareness.

4. Oversight and Compliance

• Maintain illustrative dashboards to monitor maturity of control frameworks.

• Evolve an internal assessment program that regularly evaluates compliance with department policies, relevant regulation and framework control requirements.

• Evolve operational dashboard reviews to monitor department performance and regulatory compliance.

• Submit annual regulatory compliance certifications and reports as necessary.

5. People Management

• Lead, mentor, and develop team members by providing direction, performance feedback, and support to ensure effective collaboration, professional growth, and achievement of organizational and personal goals.



Qualifications




What You Will Bring


• A total of 15+ years of experience in Information Technology and Information Security with at least 10 years in a leadership experience in Information Security, Information Technology, or related discipline with a broad range of exposure to strategic planning, risk management, security operations, cloud security, application security, and data privacy and security.

• Extensive leadership experience in implementing and evolving Information Security programs. Extensive experience with industry standard frameworks (e.g., ISO, NIST, or CIS).

• Experience in multi-platform environments (e.g., Windows, Unix/Linux, Mac, cloud, and mobile devices) and understanding their security considerations.

• Experience in developing executive-level relationships and influencing support and change.

• Bachelor's Degree in related field

• Master's Degree is related field preferred

• Active management-level security certification (e.g., CISM or CISSP).

• Extensive knowledge in Information Security management and a familiarity with Privacy laws and regulations, as it relates to implementing relevant controls and maintaining regulatory compliance.

• Knowledge of the current threat landscape at any given time and ascertaining associated risks to the company.

• Technical proficiency in security-related technologies and services; ability to function as a security consultant to IT teams and executive leaders.

• Strong analytical and problem-solving skills, especially when operating in ambiguous environments.

• Strong team-oriented interpersonal skills; ability to effectively influence staff at all levels, including HQ leaders.

• Ability to work under stress during urgencies; able to handle pressure from multiple sources simultaneously.

• Excellent verbal and written communication skills at an executive level.



Work Environment


Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.


The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.


California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here . This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA").

If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com .


#LI-DNI