The Role
The role leads governance, risk, and compliance functions across the enterprise, ensuring effective information security risk management and compliance with regulatory frameworks.
Summary Generated by Built In
Integrated Risk Management Head of Department (HOD)
Location – Irvine, CA
Company Overview
Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.
HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.
At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.
If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.
What You Will Be Doing
The Integrated Risk Management (IRM) Head of Department is a senior leadership role responsible for maintaining and leading the governance, risk, and compliance (GRC) functions that enable the effective management of information security risk across the enterprise and business units. This leader will update and operationalize a cohesive IRM strategy that aligns with corporate and business unit objectives, regulatory requirements, and global business operations.
This role partners closely with Information Security leadership, business units, and corporate functions to ensure that risk management and compliance activities are integrated, transparent, and actionable across the organization. The key responsibilities of this role are as described below:
Governance, Risk and Compliance (GRC)
Compliance Management
Third-Party Risk Management
Policy and Standards Management
Training and Awareness
Leadership and Strategy
Qualifications and Experience
Preferred Qualifications:
Base Salary Range: $181,24 - $259,160
Location – Irvine, CA
Company Overview
Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.
HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.
At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.
If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.
What You Will Be Doing
The Integrated Risk Management (IRM) Head of Department is a senior leadership role responsible for maintaining and leading the governance, risk, and compliance (GRC) functions that enable the effective management of information security risk across the enterprise and business units. This leader will update and operationalize a cohesive IRM strategy that aligns with corporate and business unit objectives, regulatory requirements, and global business operations.
This role partners closely with Information Security leadership, business units, and corporate functions to ensure that risk management and compliance activities are integrated, transparent, and actionable across the organization. The key responsibilities of this role are as described below:
Governance, Risk and Compliance (GRC)
- Oversee the enterprise-wide risk management lifecycle, including risk assessments, risk issue management, and risk exception management processes.
- Develop, update and maintain frameworks for identifying, assessing, mitigating, and monitoring security and operational risks.
- Ensure that risk posture and metrics are accurately reported to executive leadership, governance committees, business units and fellow heads of department.
Compliance Management
- Lead the Information Security compliance program, ensuring alignment with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, NIST, etc).
- Coordinate and manage internal and external audits, assessments, and attestations.
- Partner with Legal, Privacy, and other control functions to ensure consistent and effective control implementation and testing.
Third-Party Risk Management
- Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.
- Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework.
Policy and Standards Management
- Oversee the maintenance and governance of information security policies, standards, and procedures.
- Ensure policies reflect best practices, regulatory expectations, and evolving threat landscapes.
- Establish governance forums for policy exceptions and periodic reviews.
- Ensure adoption of relevant policies and standards across business units.
Training and Awareness
- Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.
- Develop metrics and campaigns to measure awareness effectiveness and employee engagement.
Leadership and Strategy
- Serve as a trusted advisor to the CISO and executive management, providing insights on risk posture, compliance maturity, and control effectiveness.
- Build and lead a high-performing, GRC team across North America.
- Lead the maintenance, and continuous evolution of the GRC platform to meet enterprise and business unit needs.
- Drive continuous improvement through automation, data-driven decision-making, and integration of IRM technologies and platforms.
Qualifications and Experience
- 15–20 years of progressive experience in Information Security and GRC.
- Proven track record managing global risk and compliance programs in complex, multinational organizations.
- Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks.
- Experience leading audits, certifications, and regulatory assessments.
- Strong stakeholder management and communication skills, with the ability to influence across all organizational levels and business units.
- Bachelor’s degree in Information Security, Risk Management, or related field.
Preferred Qualifications:
- Education and Certifications: Masters degree in Cybersecurity, Risk Management or Business Administration is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor) preferred.
- Framework Experience: Deep understanding of risk management frameworks (NIST, ISO 31000, COSO), security standards (ISO 27001, NIST CSF), and regulatory requirements (GDPR, PCI DSS, etc.) is preferred.
- Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.
- Client-Facing Experience: Background in cybersecurity consulting or advisory services, particularly in risk management, is a plus.
Base Salary Range: $181,24 - $259,160
Top Skills
Grc
Iso 27001
Nist
Soc 2
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Welcome to Hyundai AutoEver America (HAEA) - An automotive information technology organization, committed to providing world-class technology services to its clients throughout North America.
In today’s fast-paced global business environment, information technology is a necessity to build a competitive advantage with operational efficiencies and increase market share. With that understanding, Hyundai Motor Group established us in March 2005.
Based in Orange County, California, Hyundai AutoEver America (HAEA) is an established, growing company and an affiliate of Hyundai Motor Group, a Fortune Global 500 Company. Hyundai AutoEver worldwide has more than 4,000+ IT experts working in 23 subsidiaries, as well as in various locations across eight countries. We are looking for people to help us make history and envision a new future.
By consolidating all IT-related resources into one company, HAEA will be able to provide top-quality IT services to its Hyundai Motor Group companies and act as the information bridge between Global Headquarters and North America.
