Job Specifications
Company Overview
Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.
HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.
At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.
If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.
What You Will Be Doing
The Security Strategy and Risk Management Head of Department is a senior leadership role accountable for driving the unified governance, risk, compliance, strategy, and planning disciplines that underpin the Information Security program. This leader integrates both Integrated Risk Management (IRM) and Security Strategy & Planning (SS&P) functions into a cohesive organizational capability, ensuring the security program is well-governed, risk-informed, strategically aligned, and operationally effective. The key responsibilities of this role are as described below:
Risk Governance & GRC Operations
Lead enterprise-wide risk assessment, risk issue management, and risk exception management to ensure ongoing visibility and treatment of information security and operational risks.
Maintain and enhance risk management frameworks aligned with industry best practices (NIST, ISO, etc).
Deliver insightful, data-driven risk reporting to senior leadership, governance bodies, and business units and fellow heads of department.
Compliance & Audit Management
Oversee the Information Security compliance and control assurance program, ensuring alignment with regulatory requirements and industry frameworks (ISO 27001, SOC 2, NIST, PCI DSS, etc.).
Lead coordination of internal and external audits, assessments, and certification processes.
Partner with Legal, Privacy, and other control functions to ensure controls are consistent implemented and effectively.
Third-Party Risk Management
Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.
Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework.
Policy, Standards & Governance
Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures.
Manage policy exceptions, ensuring risk-aware and consistent decision-making aligned with regulatory and corporate expectations.
Information Security Training & Awareness
Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.
Develop metrics and campaigns to measure awareness effectiveness and employee engagement.
Security Strategy Development & Execution
Partner with the CISO to define and maintain the Information Security strategic roadmap, ensuring alignment with business goals, customer expectations, and risk priorities.
Drive annual and multi-year planning, capability development, and maturity improvement initiatives.
Translate strategy into clear programs, timelines, milestones, and measurable outcomes.
Budget & Financial Management
Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization.
Ensure financial transparency and cost-efficiency across tools, services, staffing, and initiatives.
Resource Planning & Workforce Strategy
Oversee resource and capacity planning across global security teams, ensuring proper allocation of FTEs, contractors, and service providers.
Partner with HR and Talent teams to shape hiring strategies, workforce development, and organizational design.
KPI, Metrics & Service Delivery Monitoring
Develop and maintain dashboards and reporting structures for Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and OKRs across the Information Security program.
Ensure accurate Customer Business Unit (CBU) service delivery monitoring, SLA performance, and operational effectiveness assessments.
Provide executive-level reporting that enables informed decision-making and continuous improvement.
Leadership & Stakeholder Engagement
Build, lead, and mentor a team across IRM, strategy, and planning functions.
Act as a trusted advisor to other senior leaders on risk posture, compliance maturity, strategic