10393 - Security Strategy and Risk Management HOD

Company Overview 
Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the automotive industry. As a key affiliate, we provide cutting-edge IT services and support to top brands including Kia, Genesis, Hyundai Translead, Hyundai Mobis, Hyundai Capital, and Glovis.
HAEA offers a truly global and collaborative environment. Here, you’ll drive innovation, boost operational efficiency, and help shape the future of mobility for the Hyundai Motor Group.
At HAEA, we understand that IT is the cornerstone of today’s fast-evolving digital world. By uniting all IT resources under one roof, we deliver consistent, top-quality solutions while serving as the crucial information link between Hyundai’s Global Headquarters and North American operations.
If you’re passionate about technology and eager to make a real impact at a world-class company, Hyundai AutoEver America is the place to grow your career. Join us and be part of the transformation that’s driving the future of automotive innovation.
 
What You Will Be Doing
The Security Strategy and Risk Management Head of Department is a senior leadership role accountable for driving the unified governance, risk, compliance, strategy, and planning disciplines that underpin the Information Security program. This leader integrates both Integrated Risk Management (IRM) and Security Strategy & Planning (SS&P) functions into a cohesive organizational capability, ensuring the security program is well-governed, risk-informed, strategically aligned, and operationally effective. The key responsibilities of this role are as described below:
 

1. Risk Governance & GRC Operations

• Lead enterprise-wide risk assessment, risk issue management, and risk exception management to ensure ongoing visibility and treatment of information security and operational risks.
• Maintain and enhance risk management frameworks aligned with industry best practices (NIST, ISO, etc).
• Deliver insightful, data-driven risk reporting to senior leadership, governance bodies, and business units and fellow heads of department.

1. Compliance & Audit Management

• Oversee the Information Security compliance and control assurance program, ensuring alignment with regulatory requirements and industry frameworks (ISO 27001, SOC 2, NIST, PCI DSS, etc.).
• Lead coordination of internal and external audits, assessments, and certification processes.
• Partner with Legal, Privacy, and other control functions  to ensure controls are consistent implemented and effectively.

1. Third-Party Risk Management

• Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.
• Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework.

1. Policy, Standards & Governance

• Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures.
• Manage policy exceptions, ensuring risk-aware and consistent decision-making aligned with regulatory and corporate expectations.

1. Information Security Training & Awareness

• Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.
• Develop metrics and campaigns to measure awareness effectiveness and employee engagement.

1. Security Strategy Development & Execution

• Partner with the CISO to define and maintain the Information Security strategic roadmap, ensuring alignment with business goals, customer expectations, and risk priorities.
• Drive annual and multi-year planning, capability development, and maturity improvement initiatives.
• Translate strategy into clear programs, timelines, milestones, and measurable outcomes.

1. Budget & Financial Management

• Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization.
• Ensure financial transparency and cost-efficiency across tools, services, staffing, and initiatives.

1. Resource Planning & Workforce Strategy

• Oversee resource and capacity planning across global security teams, ensuring proper allocation of FTEs, contractors, and service providers.
• Partner with HR and Talent teams to shape hiring strategies, workforce development, and organizational design.

1. KPI, Metrics & Service Delivery Monitoring

• Develop and maintain dashboards and reporting structures for Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and OKRs across the Information Security program.
• Ensure accurate Customer Business Unit (CBU) service delivery monitoring, SLA performance, and operational effectiveness assessments.
• Provide executive-level reporting that enables informed decision-making and continuous improvement.

1. Leadership & Stakeholder Engagement

• Build, lead, and mentor a team across IRM, strategy, and planning functions.
• Act as a trusted advisor to other senior leaders on risk posture, compliance maturity, strategic performance, and organizational priorities.
• Foster strong business partnerships, ensuring transparency, collaboration, and shared accountability for risk and security outcomes.

• Experience & Leadership: 15–20 years of progressive experience across Information Security, GRC/Risk Management, customer/vendor security management and/or strategic operations.
• Education: Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Business Administration or a related discipline.

• Technical Expertise: Excellent stakeholder management, communication, and leadership skills. Demonstrated experience working across multi-disciplinary teams to achieve common objectives.
• Language Skills: Proficient in English for effective communication and coordination.

• Education and Certifications: Masters degree in Cybersecurity, Risk Management or Business Administration is preferred. Industry-recognized credentials such as PMP, PRINCE2, CISA, CISM, or CISSP are highly desirable.
• Framework Experience: Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks is an advantage.
• Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.
• Client-Facing Experience: Background in cybersecurity consulting or advisory services, particularly in risk management, is a plus.

• Collaborative Leadership: Team members lead cross-functional service delivery efforts, coordinating with internal stakeholders, MSSPs, and external partners to drive delivery of services and maintain transparency.
• Continuous Improvement & Accountability: The team regularly adjusts the Information Security strategy and roadmap in alignment with customer needs, changing threat landscape and industry trends.

Base Salary Range: $181,240 - $ 259,160