This site uses cookies. To find out more, see our Cookies Policy

Manager, Information Security Risk Mgmt II in Newport Beach, CA at Hyundai Capital America

Date Posted: 4/10/2018

Job Snapshot

Job Description

General Summary
 
The Manager, Information Security Risk Mgmt II develops, manages, and supports internal/external risk assessment programs, vendor assessment programs, policy exceptions, and audit remediation execution. Aligns InfoSec risk management activities with business objectives and risk tolerance; identifies and mitigates potential risks through threat analysis; and supports initiatives for HCA global standards and compliance. The position will excel at building stakeholder partnership, sound judgment, and learning agility.
 
Duties and Responsibilities
Lead the Cybersecurity regulatory programs and initiatives to support business objectives and manage risks to an acceptable level.
 
Assist with the execution of Risk Management initiatives (including Identity and Access Management, Vulnerability Management and Vendor Risk Management).
 
Develop and execute Risk Assessments and Analysis initiatives including the design and integration of solutions for risk assessments (internal or external assessments).
 
Develop and execute programs and processes to ensure compliance with the Global Governance Policy.  Collaborate with global counterparts to ensure alignment.
 
Manage Audit Remediation initiatives across the infrastructure and information systems to satisfy compliance requirements and manage risks to an acceptable level.
 
Perform all other duties as assigned.
 
Knowledge and Skills
 
Information Risk Management and Compliance tasks and knowledge (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and risk monitoring) & reporting.
 
Working knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO 31000:2009, ISO 27005:2008; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 150, 161).
 
Working knowledge of Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, Sarbanes Oxley Act (SOX), Payment Card Industry (PCI), or other related regulatory requirements.
 
Inter-Department collaboration, business requirement alignment orchestration, and business process mapping.
 
Excellent verbal and written communication skills with strong ability to present persuasive ideas.

Job Requirements

Education and Experience
 
Bachelor’s degree preferably in Computer Science, Information Security, IT, or other related area of study.
 
6 – 8 years progressive experience in information security is required. 10 years progressive experience in information technology/security overall is required.
 
CISSP, CISM, CISA, ITIL, or other related information security certification is required.
 
Project management experience and financial industry experience preferred.
 
Physical Requirements and Working Condition
Employees in this class are subject to extended periods of sitting, standing and walking, vision to monitor and moderate noise levels. Work is performed in an office environment.