Director, Infosec Protection Center

Location

Purpose

~ The purpose of the Director, Infosec Protection Center position is to define North America (USA, Canada & Mexico) market specific requirements for the security elements of enterprise / automotive-related products and systems which provide connectivity to customers, dealers, employees as well as external devices, including the in-vehicle communications, information, and infotainment components. In seamless cooperation with Engineering, R&D, Manufacturing, Quality, IT and other relevant areas, this position will identify and effectively implement the North American market specific solutions to cybersecurity concerns and ensure all standards and requirements including regulatory compliance are met.

Major Responsibilities

~ Oversees strategy and governance of information security, risk management and information security operations for the US Market. Infosec protection center will be a business partner with the affiliate (IT outsourcing, Plant, Sales). Reporting to both US-based and Korean HQ top management. This position has primary responsibility to influence cyber security strategy actions cross-functionally.

~ Maintains the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which Hyundai Motor North America manages.

~ Protect critical assets through alignment and prioritization of cyber security investments.

~ Provide highly skilled technical and information security expertise for development and implementation of the information security risk management program (Incident response plan) and vendor risk management program.

~ Provide regular reporting on the status of the information security program to Legal/Privacy teams, senior business leaders and the Board of Directors as part of a strategic risk management program, thus supporting business outcomes.

~ Understand and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.

Major Responsibilities (continued)

~ Define and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings (Internal/external auditors and federal and state regulatory agencies).

~ Monitor the internal/external threat environment for emerging threats and advises relevant stakeholders on the appropriate courses of action.

~ Lead security strategy development and initiatives aligning to industry standards and regulatory requirements.

~ Drive security by design, SDLC methodologies and practices into IT operations and application development.

~ Manage and lead security team members.

~ Work across IT and internal Business units to develop and implement protection strategies and architectures across the IT enterprise.

~ Oversee the identification, development and deployment of security solutions and technologies to protect the IT enterprise from cyber-threats.

~ Collaborate closely with affiliate cybersecurity service providers and Korean parent company to align on a holistic enterprise security vision and strategy.

~ Evangelize Hyundai Motor America’s enterprise security program across Executive teams.

~ Oversee incident response processes, monitor status, and report out to Executive stakeholders as needed.

Authority

~ Executive authority to define security policy and programs.

~ Management and development of division staff in alignment with HR policy.

~ Vendor identification / selection in alignment with purchasing process policy.

~ Development, acquisition, and execution of annual sub-division budget in alignment with Finance policy.

~ Time off, Expense report, and Work from Home/Flexibility in alignment with company policies.

Education

Related Experience

~ 15+ years of cyber security / IT security experience in medium to large enterprise preferred.

~ Hands on experience in security programs and processes in support of risk and compliance for an organization wide IT security architecture.

~ Experience working with cloud environments (e.g., GCP, AWS, Azure) and an understanding of cloud security controls and practices.

~ Experience with SDLC practices and operational implementation

~ Prior experience as the head of one of the following (a) security division (b) Security Ops (c) GRC (d) Risk/Compliance.

~ Expert level knowledge of ISO27001 or ISO 27701 or NIST Cybersecurity Framework or CIS 18 controls.

Skills/Knowledge

~ Ability to assess operational and strategic strengths/weaknesses and make recommendations to leverage or augment.

~ Knowledge of practices, designs and technologies used to secure IT systems.

~ Working knowledge of IT cybersecurity standards and regulations in US.

~ Knowledge of security architecture and threat modeling as well as system security hardening practices and controls.

~ Expert level knowledge in following (or related) Security tools: Security Information and Event Management (SIEM), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), and Web filter.

Certification Required

~ CISA, CISSP, CISM or similar certifications.

Physical Requirements

Work Model

Compensation

Benefits

Benefits include healthcare insurance (medical/prescription, dental, vision), 401(k) company match, a quarterly employer enhanced contribution, basic life insurance, short- and long-term disability, employee assistance program (work/life balance programs and confidential counseling), expert medical services (provider referrals, second opinion), business travel accident insurance, health advocacy (coordinate care and services, assistance with claim and billing issues, understanding Hyundai benefits), annual discretionary bonus, accrued vacation pay, company provided sick pay, vehicle lease program (monthly fee includes insurance and maintenance).