Cybersecurity Governance, Risk, Compliance, Training - Boston, MA - USA
2 days ago
Job description
ABOUT WIND RIVER Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. We help customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company's software powers generation after generation of the safest, most secure systems in the world. Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We've achieved recent 5G milestones including the world's first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone. The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a "Top Workplace" for ten consecutive years. If you want to be part of a unique culture where experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us & help advance the future software defined world. ABOUT THE OPPORTUNITY We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST , SOX, GDPR, FedRamp, CMMC and TISAX. While the Director maintains strategic ownership of all four functional areas (GRC, TPRM, Training, and Resilience), this role will provide hands-on coverage for Wind River's TPRM and Training efforts, working closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment. In addition, this role will own GRC workstreams supporting OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding. This position is critical to stabilizing day-to-day operations and enabling long-term scalability across the enterprise. Key Responsibilities: Governance, Risk & Compliance (GRC)- Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
- Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST , TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
- Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
- Manage internal risk exceptions, maturity roadmaps, and control owners' engagement.
- Provide daily operational support to maintain compliance posture and support regulatory assessments.
- Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
- Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal.
- Maintain continuity playbooks, incident response records, and recovery planning materials.
- Provide execution support for Wind River's third-party risk assessments, evidence collection, and remediation tracking.
- Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners.
- Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts.
- Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
- Help coordinate Wind River's cybersecurity awareness campaigns, mandatory training compliance, and role-based content support.
- Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
- Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
- Coordinate audit response activities across control owners, internal SMEs, and external parties.
- Support cybersecurity onboarding and governance alignment for newly acquired companies.
- Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
- Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.
- Support Director-led strategic initiatives through dependable execution and documentation follow-through.
- Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
- Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.
- 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
- Experience managing or contributing to ISO 27001, NIST , SOX, GDPR, or TISAX efforts.
- Proficiency with GRC platforms and internal controls execution.
- Strong writing and documentation skills.
- Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly.
- United States Citizenship required
- Experience working in a multi-entity environment or during M&A integration.
- Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
- CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
- Strong stakeholder management and execution discipline across matrixed teams.
- Hybrid work model for workplace flexibility
- Comprehensive health, dental, and life insurance
- Short and long-term disability coverage
- RRSP matching for financial security
- Flexible time-off policies for work-life balance
- Employee assistance program for mental well-being
- Learning benefits, including a LinkedIn Learning subscription and seminars
Privacy Notice - Active Candidates:
Aptiv is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other characteristic protected by law.
Similar jobs
The International Institute of New England is a 501(c)(3) non-profit serving refugees and immigrants in Boston, MA. · As a Program Training and Compliance Intern, you will work under the supervision of the Program Training and Compliance Manager to support key training, · complia ...
1 month ago
Wind River is hiring a Manager to lead cybersecurity Governance Risk & Compliance (GRC) programs across both Wind River and Aptiv.The role will provide hands-on coverage for Wind River's TPRM Training efforts working closely with the Aptiv TPRM & Training Manager ensuring continu ...
1 month ago
We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance Risk & Compliance GRC enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader ensuring regulatory compliance audit readiness ...
1 month ago
We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. · ...
1 month ago
This position will manage training programs at NEIDL and other related programs under direction of Director / NEIDL Chief Safety Officer. ...
3 weeks ago
The Assistant Director, NEIDL Training will supervise the NEIDL Trainer position as well as contracted vendors providing training and will support others in EHS leadership to ensure that the NEIDL is compliant with federal and local training requirements. · This position will be ...
3 weeks ago
This position is responsible for managing training programs at the NEIDL and other related programs under the direction of the Director / NEIDL Chief Safety Officer. · Supervise the NEIDL Trainer position as well as contracted vendors providing training and will support others in ...
3 weeks ago
A regulated manufacturing organization in the life sciences space is seeking a QA Training Specialist to join their Quality team. · ...
3 weeks ago
Axsome Therapeutics is seeking a Manager/Senior Manager, Compliance. This role will help execute elements of the Company's healthcare compliance program. · ...
3 weeks ago
This role involves implementing training at the direction of the Training Director. · Includes support of Training Needs Analysis, assigning training, interfacing with clients to troubleshoot system issues; check on accuracy training content assigned, · and vendors who supply the ...
1 month ago
Standish Compliance Services, LLC. (Standish Compliance) is comprised of a team of former SEC regulators, seasoned private fund experts, certified AML/KYC specialists, IT-proficient staff, and professional compliance consultants. We serve as an extension of our clients' in-house ...
2 days ago
+ Job summary: Axsome Therapeutics is a biopharmaceutical company leading in CNS conditions treatment. We deliver scientific breakthroughs by identifying critical gaps in care and develop differentiated products with a focus on novel mechanisms of action that enable meaningful ad ...
3 weeks ago
Join us as we transform immunology and deliver medicines that help autoimmune patients get their lives back We are building a new kind of biotech company one that maintains its roots as a science-based start-up and pushes our commitment to innovate across all corners of our busin ...
6 days ago
The Compliance Analyst works closely with the Compliance Team to organize, manage and support the firm's compliance efforts. · Respond to client requests for information. · Create, update and maintain database of questionnaire and RFI responses within AG's software to facilitate ...
2 weeks ago
At Ionis, we pride ourselves on cultivating a challenging, motivating and rewarding environment that fosters innovation and scientific excellence. We know that our success is a direct result of the exceptional talents and dedication of our employees. · With an unprecedented oppor ...
1 month ago
We're looking for a Legal and Compliance Intern to support key initiatives across Compliance and Legal functions. The role offers hands-on exposure to compliance policy development, training design contract management and legal operations within a global dermatology organization. ...
2 weeks ago
+ Oversee daily laboratory operations including staffing allocation, workflow management, quality assurance, safety protocols, and regulatory compliance in the Blood Bank Department. · + Provide management oversight and strategic direction for laboratory functions. · Develop and ...
1 week ago
To maintain the Global Quality System of LSG Sky Chefs to ensure compliance with customer, Federal Drug Administration (FDA), US Department of Agriculture (USDA), and Seafood Hazard Analysis and Critical Control Points (HACCP) plans including USDA and FDA regulatory standards. · ...
4 weeks ago
M&T Securities is the institutional broker-dealer affiliate of M&T Bank. As a member of our Compliance team, you will serve an important role in promoting a culture of ethical conduct and commitment to compliance with securities regulation. · ...
1 month ago
Our client is currently seeking a Compliance Director who will lead the organization's compliance program to ensure adherence to legal, regulatory and internal policies. · ...
1 week ago