Director, Cybersecurity Engineering & Operation

Who We Are

Through our service brands Hyundai Motor Finance Genesis Finance and Kia Finance Hyundai Capital America offers a wide range of financial products tailored to meet the needs of Hyundai Genesis and Kia customers and dealerships. We provide vehicle financing leasing subscription and insurance solutions to over 2 million consumers and businesses. Embodying our commitment to grow innovate and diversify we strive to reimagine the customer and dealer experience and launch innovative new products that broaden our market reach. We believe that success comes from within and are proud to support our team members through skill development and career advancement. Hyundai Capital America is an Equal Opportunity Employer committed to creating a diverse and inclusive culture for our workforce. We are a values-driven company dedicated to supporting both internal and external communities through volunteering philanthropy and the empowerment of our Employee Resource Groups. Together we strive to be the leader in financing freedom of movement.

We Take Care of Our People

Along with competitive pay as an employee of HCA you are eligible for the following benefits:

Medical Dental and Vision plans that include no-cost and low-cost plan options

Immediate 401(k) matching and vesting

Vehicle purchase and lease discounts plus monthly vehicle allowances

Paid Volunteer Time Off with company donation to a charity of your choice

Tuition reimbursement

What to Expect

The Director Cybersecurity Engineering & Operations will lead the design implementation and management of the organizations cybersecurity infrastructure and operations with a strong emphasis on IAM DLP Monitoring Threat Intelligence analysis and compliance with financial regulations (e.g. PCI DSS GDPR SOX FFIEC). This role will oversee a team of cybersecurity engineers and analysts manage 24/7 Security Operations Centers (SOCs) and collaborate with cross-functional teams to mitigate risks respond to incidents and ensure a proactive security posture.

What You Will Do

1. Strategic Planning and Leadership:

Develop and implement comprehensive cybersecurity strategies and solutions platform to safeguard HCAs company data.

Align security initiatives with business objectives and regulatory requirements.

Support the development and implementation of security controls and protocols.

Foster a culture of security awareness and continuous improvement.

Collaborate with HCA Information Protection Governance team in developing long-term strategies following the policies and IT Security Controls.

2. Cybersecurity Engineering:

Architecture and Design: Lead the development and implementation of secure scalable cybersecurity architectures including firewalls IDS/IPS SIEM systems endpoint protection and cloud security solutions.

Tool Integration: Oversee the integration of cybersecurity tools (e.g. Splunk CrowdStrike Palo Alto Networks etc.) with financial systems ensuring seamless operation across hybrid and multi-cloud environments.

Automation and Innovation: Drive the adoption of AI-driven threat detection automation and orchestration to enhance efficiency and reduce response times for cyber threats.

3. Security Operations:

SOC Leadership: Manage 24/7 SOC operations ensuring effective monitoring threat detection incident response and threat hunting to protect against sophisticated attacks (e.g. ransomware phishing insider threats).

Incident Response: Support the development and execution of incident response plans coordinating with internal teams and external partners (e.g. MSSPs law enforcement) during cyber incidents. Conduct post-incident analysis to identify root causes and improve response strategies. Communicate effectively with senior leadership during and after incidents.

Threat Intelligence: Leverage threat intelligence platforms to proactively identify and mitigate financial-specific threats such as fraud or account takeover.

Vulnerability Management: Develop and maintain programs for identifying assessing and remediating vulnerabilities across networks applications and endpoints.

Performance Metrics: Establish and monitor KPIs (e.g. Mean Time to Detect Mean Time to Resolve) to ensure SOC efficiency and continuous improvement.

4. Identity and Access Management (IAM):

IAM Strategy: Design and implement a comprehensive IAM framework to secure access to financial systems customer data and employee accounts aligning with zero-trust principles.

Access Controls: Oversee role-based access control (RBAC) multi-factor authentication (MFA) and privileged access management (PAM) solutions (e.g. SailPoint CyberArk Active Directory etc.).

Identity Governance: Manage identity lifecycle processes including provisioning de-provisioning and regular access reviews to ensure compliance with Korean SOX GDPR and PCI DSS.

Single Sign-On (SSO): Implement and maintain SSO solutions to streamline user experience while maintaining security across financial platforms and cloud services.

5. Data Loss Prevention (DLP):

DLP Program Development: Build and manage a robust DLP program to protect sensitive financial data (e.g. PII payment card data intellectual property) across endpoints networks and cloud environments.

Policy Enforcement: Define and enforce DLP policies using tools like Symantec DLP or Microsoft Purview to prevent unauthorized data exfiltration.

Data Classification: Implement and maintain data classification and tagging systems to identify and prioritize sensitive assets ensuring compliance with regulatory requirements.

Monitoring and Response: Oversee real-time monitoring of data flows and rapid response to DLP incidents integrating with SIEM and incident response workflows.

6. Compliance and Risk Management:

Regulatory Compliance: Ensure cybersecurity practices meet financial regulations (e.g. PCI DSS GDPR Korean SOX FFIEC NYDFS etc.) through audits documentation and reporting.

Risk Assessments: Support regular risk assessments and penetration testing to identify and mitigate vulnerabilities in financial systems and third-party integrations.

Vendor Management: Evaluate and manage relationships with Managed Security Service Providers (MSSPs) and other vendors to align with organizational security goals.

Policy Development: Partner with Information Protection Governance team to develop and update cybersecurity policies standards and procedures to align with industry best practices (e.g. NIST ISO 27001).

7. Team Management and Development:

Team Management: Lead mentor and develop a team of cybersecurity engineers analysts and architects fostering a culture of innovation and accountability.

Cross-Functional Collaboration: Partner with IT Infrastructure IT Applications DevOps Legal and Data Privacy Information Protection Governance and business units to integrate security into digital transformation initiatives.

Executive Communication: Present cybersecurity strategies risks and metrics to the CISO CIO VP of Infrastructure Technology & Cybersecurity Operations and board of Sr. Executives translating technical concepts into business impacts.

Budget Oversight: Manage the cybersecurity budget optimize investments in tools training and MSSP partnerships to maximize ROI.

What You Will Bring

10 years of progressive experience in cybersecurity with at least 5 years in a leadership role (e.g. Director Senior Manager) overseeing engineering and operations.

5 years of experience in financial services with a deep understanding of financial threats (e.g. fraud data breaches) and regulations (e.g. PCI DSS SOX GDPR).

Knowledge of security frameworks such as NIST ISO 27001 and COBIT

Bachelors degree in Computer Science Information Cybersecurity Information Technology or related field; Masters degree or MBA preferred

Certifications such as CISSP CISM CRISC CGEIT CISA and ITIL are highly desirable.

Proven strategic leader with deep technical expertise a proven track record in financial services and the ability to align cybersecurity initiatives with business objectives.

Expertise in SIEM (e.g. Splunk) EDR (e.g. CrowdStrike) and network security tools (e.g. Palo Alto).

Proficiency in cloud security (AWS Azure Google Cloud Oracle Cloud) and zero-trust architecture.

Strong knowledge of IAM frameworks (RBAC MFA PAM) and DLP technologies (data classification policy enforcement).

Experience with automation and scripting (e.g. Python PowerShell) for security orchestration.

Demonstrated ability to lead and inspire high-performing teams in high-pressure environments.

Excellent communication skills to engage technical and non-technical stakeholders including board-level presentations.

Strategic thinker with the ability to align cybersecurity initiatives with business goals.

Strong understanding of financial regulatory frameworks and cybersecurity best practices.

Work Environment

Employees in this class are subject to extended periods of sitting standing and walking vision to monitor and moderate noise levels. Work is performed in an office environment.

The posted salary range for this job takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; geographic location and other business and organizational needs. Successful candidates may be hired anywhere in the salary range based on these factors. It is uncommon to hire candidates at or near the top of the range.

California Privacy Notice

This notice only applies to our applicants who reside in the State of California.

The latest version of our Privacy Policy can be found here. This Privacy Policy provides you with notice at or before the point of collection about the categories of personal information to be collected from you the purposes for which your personal information is collected or used and whether that information is sold or shared so that you can exercise meaningful control over our use of your personal information. We are providing this notice to comply with the California Consumer Privacy Act of 2018 as amended as amended by the California Privacy Rights Act of 2020 (CCPA).

If you have any questions about CCPA regarding California residents or HCA team members please contact the Privacy Team at .