<p>Who We Are</p> <p>Through our service brands Hyundai Motor Finance, Genesis Finance, and Kia Finance, Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai, Genesis, and Kia customers and dealerships. We provide vehicle financing, leasing, subscription, and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow, innovate, and diversify, we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering, philanthropy, and the empowerment of our Employee Resource Groups. Together, we strive to be the leader in financing freedom of movement.</p> <p>We Take Care of Our People</p> <p>Along with competitive pay, as an employee of HCA, you are eligible for the following benefits:</p> <ul> <li>Medical, Dental and Vision plans that include no-cost and low-cost plan options </li><li>Immediate 401(k) matching and vesting </li><li>Vehicle purchase and lease discounts plus monthly vehicle allowances </li><li>Paid Volunteer Time Off with company donation to a charity of your choice </li><li>Tuition reimbursement </li></ul> <p>What to Expect</p> <p>The Director, Cybersecurity Engineering & Operations will lead the design, implementation, and management of the organization's cybersecurity infrastructure and operations, with a strong emphasis on IAM, DLP, Monitoring, Threat Intelligence analysis and compliance with financial regulations (e.g., PCI DSS, GDPR, SOX, FFIEC). This role will oversee a team of cybersecurity engineers and analysts, manage 24/7 Security Operations Centers (SOCs), and collaborate with cross-functional teams to mitigate risks, respond to incidents, and ensure a proactive security posture.</p> <p>What You Will Do</p> <ol> <li>Strategic Planning and Leadership: </li></ol> <ul> <li>Develop and implement comprehensive cybersecurity strategies and solutions platform to safeguard HCA's company data. </li><li>Align security initiatives with business objectives and regulatory requirements. </li><li>Support the development and implementation of security controls and protocols. </li><li>Foster a culture of security awareness and continuous improvement. </li><li>Collaborate with HCA Information Protection Governance team in developing long-term strategies, following the policies and IT Security Controls. </li></ul> <ol start="2"> <li>Cybersecurity Engineering: </li></ol> <ul> <li>Architecture and Design: Lead the development and implementation of secure, scalable cybersecurity architectures, including firewalls, IDS/IPS, SIEM systems, endpoint protection, and cloud security solutions. </li><li>Tool Integration: Oversee the integration of cybersecurity tools (e.g., Splunk, CrowdStrike, Palo Alto Networks, etc.) with financial systems, ensuring seamless operation across hybrid and multi-cloud environments. </li><li>Automation and Innovation: Drive the adoption of AI-driven threat detection, automation, and orchestration to enhance efficiency and reduce response times for cyber threats. </li></ul> <ol start="3"> <li>Security Operations: </li></ol> <ul> <li>SOC Leadership: Manage 24/7 SOC operations, ensuring effective monitoring, threat detection, incident response, and threat hunting to protect against sophisticated attacks (e.g., ransomware, phishing, insider threats). </li><li>Incident Response: Support the development and execution of incident response plans, coordinating with internal teams and external partners (e.g., MSSPs, law enforcement) during cyber incidents. Conduct post-incident analysis to identify root causes and improve response strategies. Communicate effectively with senior leadership during and after incidents. </li><li>Threat Intelligence: Leverage threat intelligence platforms to proactively identify and mitigate financial-specific threats, such as fraud or account takeover. </li><li>Vulnerability Management: Develop and maintain programs for identifying, assessing, and remediating vulnerabilities across networks, applications, and endpoints. </li><li>Performance Metrics: Establish and monitor KPIs (e.g., Mean Time to Detect, Mean Time to Resolve) to ensure SOC efficiency and continuous improvement. </li></ul> <ol start="4"> <li>Identity and Access Management (IAM): </li></ol> <ul> <li>IAM Strategy: Design and implement a comprehensive IAM framework to secure access to financial systems, customer data, and employee accounts, aligning with zero-trust principles. </li><li>Access Controls: Oversee role-based access control (RBAC), multi-factor authentication (MFA), and privileged access management (PAM) solutions (e.g., SailPoint, CyberArk, Active Directory, etc.). </li><li>Identity Governance: Manage identity lifecycle processes, including provisioning, de-provisioning, and regular access reviews, to ensure compliance with Korean SOX, GDPR, and PCI DSS. </li><li>Single Sign-On (SSO): Implement and maintain SSO solutions to streamline user experience while maintaining security across financial platforms and cloud services. </li></ul> <ol start="5"> <li>Data Loss Prevention (DLP): </li></ol> <ul> <li>DLP Program Development: Build and manage a robust DLP program to protect sensitive financial data (e.g., PII, payment card data, intellectual property) across endpoints, networks, and cloud environments. </li><li>Policy Enforcement: Define and enforce DLP policies using tools like Symantec DLP, or Microsoft Purview to prevent unauthorized data exfiltration. </li><li>Data Classification: Implement and maintain data classification and tagging systems to identify and prioritize sensitive assets, ensuring compliance with regulatory requirements. </li><li>Monitoring and Response: Oversee real-time monitoring of data flows and rapid response to DLP incidents, integrating with SIEM and incident response workflows. </li></ul> <ol start="6"> <li>Compliance and Risk Management: </li></ol> <ul> <li>Regulatory Compliance: Ensure cybersecurity practices meet financial regulations (e.g., PCI DSS, GDPR, Korean SOX, FFIEC, NYDFS, etc.) through audits, documentation, and reporting. </li><li>Risk Assessments: Support regular risk assessments and penetration testing to identify and mitigate vulnerabilities in financial systems and third-party integrations. </li><li>Vendor Management: Evaluate and manage relationships with Managed Security Service Providers (MSSPs) and other vendors to align with organizational security goals. </li><li>Policy Development: Partner with Information Protection Governance team to develop and update cybersecurity policies, standards, and procedures to align with industry best practices (e.g., NIST, ISO 27001). </li></ul> <ol start="7"> <li>Team Management and Development: </li></ol> <ul> <li>Team Management: Lead, mentor, and develop a team of cybersecurity engineers, analysts, and architects, fostering a culture of innovation and accountability. </li><li>Cross-Functional Collaboration: Partner with IT Infrastructure, IT Applications, DevOps, Legal and Data Privacy, Information Protection Governance and business units to integrate security into digital transformation initiatives. </li><li>Executive Communication: Present cybersecurity strategies, risks, and metrics to the CISO, CIO, VP of Infrastructure, Technology & Cybersecurity Operations and board of Sr. Executives, translating technical concepts into business impacts. </li><li>Budget Oversight: Manage the cybersecurity budget, optimize investments in tools, training, and MSSP partnerships to maximize ROI. </li></ul> <p>What You Will Bring</p> <ul> <li>10 years of progressive experience in cybersecurity, with at least 5 years in a leadership role (e.g., Director, Senior Manager) overseeing engineering and operations. </li><li>5 years of experience in financial services, with a deep understanding of financial threats (e.g., fraud, data breaches) and regulations (e.g., PCI DSS, SOX, GDPR). </li><li>Knowledge of security frameworks such as NIST, ISO 27001, and COBIT </li><li>Bachelor's degree in Computer Science, Information Cybersecurity, Information Technology or related field; Master's degree or MBA preferred </li><li>Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, and ITIL are highly desirable. </li><li>Proven strategic leader with deep technical expertise, a proven track record in financial services, and the ability to align cybersecurity initiatives with business objectives. </li><li>Expertise in SIEM (e.g., Splunk), EDR (e.g., CrowdStrike), and network security tools (e.g., Palo Alto). </li><li>Proficiency in cloud security (AWS, Azure, Google Cloud, Oracle Cloud) and zero-trust architecture. </li><li>Strong knowledge of IAM frameworks (RBAC, MFA, PAM) and DLP technologies (data classification, policy enforcement). </li><li>Experience with automation and scripting (e.g., Python, PowerShell) for security orchestration. </li><li>Demonstrated ability to lead and inspire high-performing teams in high-pressure environments. </li><li>Excellent communication skills to engage technical and non-technical stakeholders, including board-level presentations. </li><li>Strategic thinker with the ability to align cybersecurity initiatives with business goals. </li><li>Strong understanding of financial regulatory frameworks and cybersecurity best practices. </li></ul> <p>Work Environment</p> <p>Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.</p> <p>The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location, and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.</p> <p>California Privacy Notice</p> <p>This notice only applies to our applicants who reside in the State of California.</p> <p>The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA").</p> <p>If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com.</p>