Sr. Manager, Data Loss Prevention

Who We Are

Through our service brands Hyundai Motor Finance Genesis Finance and Kia Finance Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai Genesis and Kia customers and dealerships. We provide vehicle financing leasing subscription and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow innovate and diversify we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a valuesdriven company dedicated to supporting both internal and external communities through volunteering philanthropy and the empowerment of our Employee Resource Groups. Together we strive to be the leader in financing freedom of movement.

We Take Care of Our People

Along with competitive pay as an employee of HCA you are eligible for the following benefits:

Medical Dental and Vision plans that include nocost and lowcost plan options

Immediate 401(k) matching and vesting

Vehicle purchase and lease discounts plus monthly vehicle allowances

Paid Volunteer Time Off with company donation to a charity of your choice

Tuition reimbursement

What to Expect

The Sr. Manager Data Loss Prevention (DLP) will lead the design implementation and management of the organizations DLP program ensuring the protection of sensitive financial data (e.g. PII payment card data intellectual property) across endpoints networks and cloud environments. Reporting to the Director of Cybersecurity Engineering & Operations this role will manage a team of DLP engineers and analysts oversee DLP platform operations and collaborate with crossfunctional teams to align data protection strategies with business objectives and financial regulations (e.g. PCI DSS GDPR Korean SOX FFIEC etc.). innovation in data security and compliance.

What You Will Do

1. DLP Program Strategy and Leadership:

Program Ownership: Lead the endtoend management of the DLP program including strategy policy development and implementation of DLP solutions (e.g. Symantec DLP Microsoft Purview etc.).

Strategic Roadmap: Develop and execute a multiyear DLP strategy aligned with organizational goals zerotrust principles and financial industry trends.

Team Leadership: Manage mentor and develop a team of DLP engineers and analysts fostering a culture of technical excellence collaboration and continuous improvement.

CrossFunctional Collaboration: Partner with IT Infrastructure IT Applications DevOps Legal and Data Privacy Information Protection Governance and business units to integrate security into digital transformation initiatives.

Executive Reporting: Present DLP strategies risks and performance metrics to the Director of Cybersecurity Engineering & Operations CISO and senior leadership translating technical details into business impacts.

2. DLP Platform Operations:

Policy Development and Enforcement: Define and enforce DLP policies to prevent unauthorized data exfiltration covering email web cloud and endpoint channels tailored to financial data (e.g. credit card numbers customer PII).

Data Classification: Implement manage and maintain the data classification and tagging systems to identify prioritize and protect sensitive assets ensuring compliance with GDPR PCI DSS and other regulations.

Monitoring and Incident Response: Oversee realtime monitoring of data flows using DLP tools integrated with SIEM platforms (e.g. Splunk) and lead rapid response to DLP incidents such as data leaks or policy violations.

Endpoint and Cloud Protection: Deploy and maintain DLP controls across endpoints (e.g. laptops mobile devices) and cloud platforms (e.g. AWS Azure Google Cloud and Oracle Cloud) to secure data in hybrid environments.

Performance Metrics: Establish and track KPIs (e.g. incident detection rates false positive rates policy violation resolution times) to measure DLP program effectiveness and compliance.

3. Technical Innovation and Automation:

Automation: Drive automation of DLP processes (e.g. policy enforcement incident triage) using scripting (e.g. Python PowerShell) and workflow tools to improve efficiency and reduce false positives.

AI and Analytics: Leverage AIdriven DLP analytics (e.g. behavioral analysis content inspection) to detect and prevent sophisticated data loss scenarios such as insider threats or targeted exfiltration.

Integration: Ensure seamless integration of DLP platforms with IAM systems (e.g. SailPoint CyberArk etc.) SIEM and financial systems (e.g. core banking payment gateways) to enhance visibility and control.

Tool Optimization: Continuously evaluate and optimize DLP tools and configurations to balance security performance and user experience in financial operations.

Continuous Improvement: Conduct regular program assessments and gap analyses to identify opportunities for optimization and innovation in data protection.

4. Compliance and Risk Management:

Regulatory Compliance: Ensure DLP practices meet financial regulations (e.g. PCI DSS GDPR SOX FFIEC NYDFS) through policy enforcement auditready reporting and regular risk assessments.

Risk Assessments: Conduct data risk assessments to identify and mitigate vulnerabilities such as unsecured data repositories or misconfigured cloud storage.

Vendor Management: Evaluate and manage relationships with DLP vendors (e.g. Symantec Microsoft) and Managed Security Service Providers (MSSPs) to ensure platform reliability and alignment with security goals.

Policy Development: Develop and maintain DLP policies standards and procedures in line with industry frameworks (e.g. NIST 80053 ISO 27001).

5. Team Management and Development:

Team Management: Lead mentor and develop a team of DLP engineers analysts and architects fostering a culture of innovation and accountability.

What You Will Bring

Minimum 8 years progressive experience in cybersecurity with at least 3 years in a technical leadership or managerial role overseeing DLP programs or data security operations.

3 years of experience in financial services with a strong understanding of financial data threats (e.g. data breaches fraud) and regulations (e.g. PCI DSS Korean SOX GDPR).

Handson experience designing and managing enterprisegrade DLP platforms (e.g. Symantec DLP Microsoft Purview etc.).

Proven track record of implementing data classification policy enforcement and incident response in complex regulated environments

Bachelors degree in computer science Information Security or related field; advanced degree preferred

At least one of the following: CISSP CISM CISA or equivalent. DLPspecific certifications (e.g. Certified DLP Professional) are a plus.

Knowledge of security frameworks such as NIST ISO 27001 and COBIT.

Technical leader with deep DLP expertise and the ability to drive innovation in data security and compliance.

Expertise in DLP platforms (e.g. Symantec DLP Microsoft Purview etc.) and data protection technologies (data classification encryption tokenization).

Proficiency in cloud security (AWS Azure Google Cloud Oracle Cloud) and securing data in hybrid environments.

Strong knowledge of SIEM integration (e.g. Splunk etc.) and data analytics for threat detection.

Experience with automation and scripting (e.g. Python PowerShell Bash) for DLP workflows.

Familiarity with financial systems (e.g. core banking platforms payment gateways) and their data security requirements.

Preferred

Experience with AIdriven DLP analytics or behavioral analysis tools for proactive data loss prevention.

Familiarity with IAM integration (e.g. SailPoint CyberArk) for comprehensive data security.

Knowledge of DevSecOps and secure software development lifecycles (SDLC) in financial applications.

Experience managing MSSP relationships for DLP support.

Understanding of emerging DLP trends such as cloudnative DLP or insider threat prevention.

Work Environment

Employees in this class are subject to extended periods of sitting standing and walking vision to monitor and moderate noise levels. Work is performed in an office environment.

The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.

California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice at or before the point of collection about the categories of personal information to be collected from you the purposes for which your personal information is collected or used and whether that information is sold or shared so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018 as amended as amended by the California Privacy Rights Act of 2020 (CCPA).

If you have any questions about CCPA regarding California residents or HCA team members please contact the Privacy Team at .