Sr. Risk Operation Analyst - Integrated Risk Management "IRM"
Hyundai AutoEver America · Irvine, CA · 1 wk ago
Management$120k–$170k/yrFull-time
What You Will Be Doing
- Maintain and evolve the enterprise technology control library, ensuring alignment with internal policies, standards, and external frameworks (e.g., NIST CSF 2.0, ISO 27001, CIS).
- Own the lifecycle management of technology risk policies and standards, including updates, reviews, approvals, and communications.
- Ensure controls, policies, and standards are clearly mapped to regulatory, legal, and business requirements.
- Run and continuously improve core Risk Operations processes, including:
- Technology Risk Assessments (consistently assessing the inherent risk, control effectiveness within the environment)
- Risk Issue Management (identification, validation, remediation tracking, closure)
- Risk Exception Management (intake, assessment, approvals, renewals, expirations)
- Ensure risk processes are executed consistently, on time, and in accordance with defined methodologies.
- Act as a subject matter expert for risk process guidance to technology, security, and business teams.
- Design, build, and maintain risk dashboards and reporting that provide transparency into:
- Open risk issues and remediation status
- Exception volumes, aging, risk aggregation and trends
- Risk assessment outcomes and key risk indicators (KRIs)
- Translate risk data into meaningful insights for senior leadership, customers and risk committees.
- Ensure accuracy, completeness, and audit-readiness of risk data across systems.
- Partner closely with Customers, Senior and Executive Leaders, Legal and other groups, to drive timely remediation and risk ownership.
- Support internal and external audits, regulatory inquiries, and risk governance forums with clear documentation and reporting.
- Identify opportunities to streamline and automate risk operations workflows.
- Support enhancements to GRC and risk tooling, including requirements definition, testing, and adoption.
- Contribute to the maturation of the Integrated Risk Management operating model.
Basic Qualifications
- Experience: 7+ years of experience in Technology Risk, Cyber Risk, GRC, or IT Risk Management. Hands-on experience running technology risk assessments, issue management, exception processes and maintaining control libraries, policies, and standards. Familiarity with GRC platforms.
- Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
- Technical Expertise: Strong knowledge of technology control frameworks (e.g., NIST CSF/800-53, ISO 27001, CIS). Proven ability to create risk dashboards and executive-level reporting. Strong analytical, documentation, and process design skills.
- Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.
Preferred Qualifications
- Experience: Team leadership experience working within a CISO organization or large enterprise technology environment. Implementation or maintenance experience with GRC platforms. 5+yrs experience in a top tier professional services firm, performing technology audit and/or risk management engagements.
- Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer are highly desirable.
- Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.