Manager, IT Governance, Risk and Compliance

Company: Hyundai Capital America
Location: Newport Beach
Posted on: January 16, 2023

Job Description:

Who We Are: -Through our service brands Hyundai Motor Finance, Genesis Finance*, and Kia Motors Finance, we provide financial products tailored to meet the needs of Hyundai, Genesis, and Kia dealerships nationwide, including dealer inventory and facility financing. And, through these dealerships, we provide indirect vehicle financing and leasing solutions to over 1.7 million retail customers.Employee Value Prop and Culture: -Our employees contribute every day to a culture that is fast-paced, dynamic, energized, agile, and collaborative. -From our various engagement programs to the unique design of our offices, we strive to foster a connected, fun, positive and rewarding company culture where employees feel appreciated for their contributions, proud of their company, and thrive to be passionately invested in HCA's success.Global One Company:Many countries. One identity. - Hyundai Capital has offices across the world, including China, Canada, the United Kingdom, Germany, Russia, Brazil and Korea. - Our work environments are designed with specific themes in mind to achieve a consistent global identity that reflects our values: light, collaboration, elements of nature and symmetry.General Summary:The Manager, IT Governance, Risk, & Compliance (IT GRC) will oversee the technology risk management program, providing risk oversight to the technology. The Manager will play a key role in the success of the organization, by aligning Technology initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected.The Manager, IT GRC will lead risk management and compliance initiatives to ensure regulatory alignment to PCI, GLBA, SOX (KSOX), NUCA, NIST, and data protection standards/regulations. The Manager will lead the company through the design and management of a program that focuses on the protection, use, and control monitoring of PCI data, including any necessary certifications or audits.The role is responsible for providing oversight and governance of risks to ensure that the organization operates in a safe and sound manner within regulatory expectations. This position will be responsible for collaborating with key stakeholders across lines of business to ensure risks are managed effectively and efficiently in accordance with company policies and applicable regulatory requirements.The Manager will work with IT, business, and cybersecurity team members to ensure that appropriate planning, communication, and execution of activities ensure the successful delivery of the IT GRC program. The function will include active management of key services: to include risk monitoring, reporting, security metrics, risk assessment, and prioritization, IT security policy lifecycle, training & awareness, information security management system program delivery, security benchmarking, data privacy, and third-party risk management.Duties and Responsibilities:

• Provide high quality, professional day-to-day execution of IT Governance, Risk Management and Compliance (GRC) activities:Act as liaison with control owners, internal auditors, and external auditors for SOX/PCI/GLBA/NUCA audits. Facilitating meetings, walkthroughs, and discussion of control expectations and remediation activities for identified deficiencies.Collaborate with control owners to validate effectiveness of security controls and ensure testability.Collaborate with the IT/cybersecurity team members, application owners, control owners, and stakeholders to achieve buy-in and successful results.Maintain a PCI/SOX control database, inventorying control ownership, control objectives, and testing objectives.Support the IT related third-party vendor risk management review processes for systems, and applications.Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as PCI, SOX, and NUCA) and escalate findings appropriately.
• Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as PCI, SOX, and NUCA) and escalate findings appropriately:Support the execution of data loss prevention initiatives, fostering collaboration with departments across the organization on privacy and data protection matters.Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.Conduct IT strategy and governance assessments to recommend solutions for improving oversight and decisions-making to drive IT initiatives.
• Provide guidance for IT projects, including the evaluation and recommendation of technical controls:Track project status, to ensure projects meet the approved deadlines, and stay within approved budget.
• Develop dashboards and metrics to represent the IT governance program performance:Provide relevant and actionable reporting/presentations to stakeholders and executive management.Collaborate with IT Transformation and Change management team to development and dissemination of IT Governance training and awareness for organizational users, administrators, and developers.Perform all other duties as assigned.Knowledge and Skills:

Keywords: Hyundai Capital America, Newport Beach , Manager, IT Governance, Risk and Compliance, IT / Software / Systems , Newport Beach, California