Wind River
Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager
Wind River, Boston, Massachusetts, us, 02298
Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager
Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. We help customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world. About The Opportunity We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp, CMMC and TISAX. Key Responsibilities
Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness. Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River. Administer GRC tooling, ensuring accuracy, auditability, and workflow continuity. Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement. Provide daily operational support to maintain compliance posture and support regulatory assessments. Required Qualifications
7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience. Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts. Proficiency with GRC platforms and internal controls execution. Strong writing and documentation skills. Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly. United States Citizenship required Preferred Qualifications
Experience working in a multi-entity environment or during M&A integration. Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns. CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred. Strong stakeholder management and execution discipline across matrixed teams. Benefits
Hybrid work model for workplace flexibility Comprehensive health, dental, and life insurance Short and long-term disability coverage RRSP matching for financial security Flexible time-off policies for work-life balance Employee assistance program for mental well-being Learning benefits, including a LinkedIn Learning subscription and seminars Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
#J-18808-Ljbffr
Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. We help customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world. About The Opportunity We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp, CMMC and TISAX. Key Responsibilities
Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness. Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River. Administer GRC tooling, ensuring accuracy, auditability, and workflow continuity. Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement. Provide daily operational support to maintain compliance posture and support regulatory assessments. Required Qualifications
7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience. Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts. Proficiency with GRC platforms and internal controls execution. Strong writing and documentation skills. Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly. United States Citizenship required Preferred Qualifications
Experience working in a multi-entity environment or during M&A integration. Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns. CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred. Strong stakeholder management and execution discipline across matrixed teams. Benefits
Hybrid work model for workplace flexibility Comprehensive health, dental, and life insurance Short and long-term disability coverage RRSP matching for financial security Flexible time-off policies for work-life balance Employee assistance program for mental well-being Learning benefits, including a LinkedIn Learning subscription and seminars Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
#J-18808-Ljbffr