Who We Are
Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.
We Take Care of Our People
Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:
· Medical, Dental and Vision plans that include no-cost and low-cost plan options
· Immediate 401(k) matching and vesting
· Vehicle purchase and lease discounts plus monthly vehicle allowances
· Paid Volunteer Time Off with company donation to a charity of your choice
· Tuition reimbursement
What to Expect
The Sr. Cybersecurity SDLC Risk Manager is responsible for identifying and mitigating security risks associated with software development and deployment throughout the Software Development Life Cycle (SDLC). As the subject matter expert, this role will develop and enforce security policies, manage risk assessments, and ensure compliance with Application and Infrastructure Security Standards to ensure the organization's cybersecurity strategy is resilient and forward-thinking.
What You Will Do
1. SDLC Risk Management
· Manage, maintain and enforce security policies, standards and guidelines related to SDLC processes.
· Develop and execute cybersecurity requirements, standards, and procedures.
· Conduct risk assessments and impact analyses to identify risks, manage remediations, to ensure compliance across business systems, IT Infrastructure, and network operating environments.
2. GSIF ISO 27001 Risk Management
· Identify and mitigate security risks associated with software development and deployment.
· Manage governance and execute Global Integrated Security Framework (GSIF) assessments, manage remediations, and ensure compliance with ISO 27001 standards across SDLC.
· Conduct risk assessments and impact analyses to identify risks, manage remediations, ensure compliance across business systems, IT Infrastructure, and network operating environments.
· Collaborate with development, QA, and operations teams to ensure security best practices are integrated at every stage of the SDLC.
3. Compliance Oversight
· Develop metrics and reporting for senior management and stakeholders that identify security risks and provide actionable insights to address gaps.
· Establish monitoring and governance mechanisms to track compliance status across the organization.
· Monitor and assess the effectiveness of security measures, driving continuous improvement.
· Monitor emerging cybersecurity threats to enhance overall software security
What You Will Bring
· Minimum 8 years progressive experience in cybersecurity governance, risk management, or compliance within financial services with a deep understanding of the system development life cycle (SDLC), and the evolving threat landscape.
· Bachelor’s or Master’s degree in Cybersecurity, Information Security, Risk Management or a related field
· Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, and ITIL are highly desirable
· Strong knowledge of Information Security risk management frameworks, Governance, Risk, and Compliance process, IT general controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting).
· Strong knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO 31000\:2009, ISO 27005\:2008; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 150, 161).
· Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations.
· Strong understanding of financial regulatory frameworks and cybersecurity best practices.
· Ability to communicate complex security concepts to business leaders and technical teams.
Work Environment
Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.