Manager, IT Governance, Risk and Compliance

Company: Hyundai Capital
Location: Newport Beach
Posted on: January 26, 2023

Job Description:

Job Description - Manager, IT Governance, Risk and Compliance (23000005) Job Description Manager, IT Governance, Risk and Compliance - ( 23000005 ) Description Who We Are: - Through our service brands Hyundai Motor Finance, Genesis Finance*, and Kia Motors Finance, we provide financial products tailored to meet the needs of Hyundai, Genesis, and Kia dealerships nationwide, including dealer inventory and facility financing. And, through these dealerships, we provide indirect vehicle financing and leasing solutions to over 1.7 million retail customers. Employee Value Prop and Culture: - Our employees contribute every day to a culture that is fast-paced, dynamic, energized, agile, and collaborative. From our various engagement programs to the unique design of our offices, we strive to foster a connected, fun, positive and rewarding company culture where employees feel appreciated for their contributions, proud of their company, and thrive to be passionately invested in HCA's success. Global One Company: Many countries. One identity. Hyundai Capital has offices across the world, including China, Canada, the United Kingdom, Germany, Russia, Brazil and Korea. Our work environments are designed with specific themes in mind to achieve a consistent global identity that reflects our values: light, collaboration, elements of nature and symmetry. General Summary: The Manager, IT Governance, Risk, & Compliance (IT GRC) will oversee the technology risk management program, providing risk oversight to the technology. The Manager will play a key role in the success of the organization, by aligning Technology initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The Manager, IT GRC will lead risk management and compliance initiatives to ensure regulatory alignment to PCI, GLBA, SOX (KSOX), NUCA, NIST, and data protection standards/regulations. The Manager will lead the company through the design and management of a program that focuses on the protection, use, and control monitoring of PCI data, including any necessary certifications or audits. The role is responsible for providing oversight and governance of risks to ensure that the organization operates in a safe and sound manner within regulatory expectations. This position will be responsible for collaborating with key stakeholders across lines of business to ensure risks are managed effectively and efficiently in accordance with company policies and applicable regulatory requirements. The Manager will work with IT, business, and cybersecurity team members to ensure that appropriate planning, communication, and execution of activities ensure the successful delivery of the IT GRC program. The function will include active management of key services: to include risk monitoring, reporting, security metrics, risk assessment, and prioritization, IT security policy lifecycle, training & awareness, information security management system program delivery, security benchmarking, data privacy, and third-party risk management. Duties and Responsibilities:

• Provide high quality, professional day-to-day execution of IT Governance, Risk Management and Compliance (GRC) activities:
  • Act as liaison with control owners, internal auditors, and external auditors for SOX/PCI/GLBA/NUCA audits. Facilitating meetings, walkthroughs, and discussion of control expectations and remediation activities for identified deficiencies.
  • Collaborate with control owners to validate effectiveness of security controls and ensure testability.
  • Collaborate with the IT/cybersecurity team members, application owners, control owners, and stakeholders to achieve buy-in and successful results.
  • Maintain a PCI/SOX control database, inventorying control ownership, control objectives, and testing objectives.
  • Support the IT related third-party vendor risk management review processes for systems, and applications.
  • Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as PCI, SOX, and NUCA) and escalate findings appropriately.
  • Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as PCI, SOX, and NUCA) and escalate findings appropriately:
    • Support the execution of data loss prevention initiatives, fostering collaboration with departments across the organization on privacy and data protection matters.
    • Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.
    • Conduct IT strategy and governance assessments to recommend solutions for improving oversight and decisions-making to drive IT initiatives.
    • Provide guidance for IT projects, including the evaluation and recommendation of technical controls:
      • Track project status, to ensure projects meet the approved deadlines, and stay within approved budget.
      • Develop dashboards and metrics to represent the IT governance program performance:
        • Provide relevant and actionable reporting/presentations to stakeholders and executive management.
        • Collaborate with IT Transformation and Change management team to development and dissemination of IT Governance training and awareness for organizational users, administrators, and developers.
        • Perform all other duties as assigned. Knowledge and Skills:
          • Knowledge and/or multiple certifications in GRC tooling (SAP GRC, ServiceNow GRC).
          • One or more certifications in PMI, Prince2, SAP Activate, Scrum or other project management methodologies is a plus.
          • Ability to establish and maintain strong relationships.
          • Ability to influence others and move toward a common vision or goal. Qualifications
            • Minimum 8 years of experience in any of the following areas: IT audit, security design/re-design, GRC implementation Physical Requirements and Working Condition: Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment. This notice only applies to our applicants who reside in the State of California. The latest version of our Privacy Policy can be found here . This Privacy Policy provides you with notice, at or before the point of collection, about the categories of personal information to be collected from you, the purposes for which your personal information is collected or used, and whether that information is sold or shared, so that you can exercise meaningful control over our use of your personal information.We are providing this notice to comply with the California Consumer Privacy Act of 2018, as amended as amended by the California Privacy Rights Act of 2020 ("CCPA"). - If you have any questions about CCPA regarding California residents or HCA team members, please contact the Privacy Team at Privacy2@hcs.com . Primary Location : United States-California-Newport Beach Work Locations : Headquarters 2 4000 MacArthur Blvd. Ste 1000 West Tower Newport Beach 92660

Keywords: Hyundai Capital, Newport Beach , Manager, IT Governance, Risk and Compliance, IT / Software / Systems , Newport Beach, California