Jobs · Management · California

Sr. Risk Operation Analyst - Integrated Risk Management "IRM"

Hyundai AutoEver America · Irvine, CA · 1 wk ago
Management$120k–$170k/yrFull-time

What You Will Be Doing

  • Maintain and evolve the enterprise technology control library, ensuring alignment with internal policies, standards, and external frameworks (e.g., NIST CSF 2.0, ISO 27001, CIS).
  • Own the lifecycle management of technology risk policies and standards, including updates, reviews, approvals, and communications.
  • Ensure controls, policies, and standards are clearly mapped to regulatory, legal, and business requirements.
  • Run and continuously improve core Risk Operations processes, including:
    • Technology Risk Assessments (consistently assessing the inherent risk, control effectiveness within the environment)
    • Risk Issue Management (identification, validation, remediation tracking, closure)
    • Risk Exception Management (intake, assessment, approvals, renewals, expirations)
  • Ensure risk processes are executed consistently, on time, and in accordance with defined methodologies.
  • Act as a subject matter expert for risk process guidance to technology, security, and business teams.
  • Design, build, and maintain risk dashboards and reporting that provide transparency into:
    • Open risk issues and remediation status
    • Exception volumes, aging, risk aggregation and trends
    • Risk assessment outcomes and key risk indicators (KRIs)
  • Translate risk data into meaningful insights for senior leadership, customers and risk committees.
  • Ensure accuracy, completeness, and audit-readiness of risk data across systems.
  • Partner closely with Customers, Senior and Executive Leaders, Legal and other groups, to drive timely remediation and risk ownership.
  • Support internal and external audits, regulatory inquiries, and risk governance forums with clear documentation and reporting.
  • Identify opportunities to streamline and automate risk operations workflows.
  • Support enhancements to GRC and risk tooling, including requirements definition, testing, and adoption.
  • Contribute to the maturation of the Integrated Risk Management operating model.

Basic Qualifications

  • Experience: 7+ years of experience in Technology Risk, Cyber Risk, GRC, or IT Risk Management. Hands-on experience running technology risk assessments, issue management, exception processes and maintaining control libraries, policies, and standards. Familiarity with GRC platforms.
  • Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
  • Technical Expertise: Strong knowledge of technology control frameworks (e.g., NIST CSF/800-53, ISO 27001, CIS). Proven ability to create risk dashboards and executive-level reporting. Strong analytical, documentation, and process design skills.
  • Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.

Preferred Qualifications

  • Experience: Team leadership experience working within a CISO organization or large enterprise technology environment. Implementation or maintenance experience with GRC platforms. 5+yrs experience in a top tier professional services firm, performing technology audit and/or risk management engagements.
  • Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer are highly desirable.
  • Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

Similar jobs

Sr Risk Analyst

Phillips 66Houston, TX· 5 days ago
Finance$140k–$172k/yrapply on careers.phillips66.com

Sr Risk Analyst

CrunchyrollDallas, TX· 3 wk ago
Information Technologyapply on boards.greenhouse.io