Wind River
Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager
Wind River, Cupertino, California, United States, 95014
Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager
Join us at
Wind River
to make a meaningful impact in a mission‑critical environment.
About Wind River
Wind River is a global leader in delivering software for mission‑critical intelligent systems. For more than four decades the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.
Description
We are hiring a Manager to lead the day‑to‑day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual‑entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800‑171, SOX, GDPR, FedRamp, CMMC and TISAX.
Work closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment. The role also supports OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding.
Key Responsibilities
Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
Maintain documentation, controls, and audit‑ready evidence for ISO 27001, NIST 800‑171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement.
Provide daily operational support to maintain compliance posture and support regulatory assessments.
Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
Coordinate resilience planning with cross‑functional partners including IT, Facilities, Cyber Defense, and Legal.
Maintain continuity playbooks, incident response records, and recovery planning materials.
Provide execution support for Wind River’s third‑party risk assessments, evidence collection, and remediation tracking.
Execute and drive enforcement of cybersecurity right‑to‑audit clauses with vendors and partners.
Review and provide redlines on cybersecurity and compliance sections of both buy‑side and sell‑side contracts.
Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role‑based content support.
Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
Coordinate audit response activities across control owners, internal SMEs, and external parties.
Support cybersecurity onboarding and governance alignment for newly acquired companies.
Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.
Support Director‑led strategic initiatives through dependable execution and documentation follow‑through.
Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.
Required Qualifications
7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
Experience managing or contributing to ISO 27001, NIST 800‑171, SOX, GDPR, or TISAX efforts.
Proficiency with GRC platforms and internal controls execution.
Strong writing and documentation skills.
Must reside in Greater Boston area with ability to be present on site at least 3 days a week.
United States Citizenship required.
Preferred Qualifications
Experience working in a multi‑entity environment or during M&A integration.
Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
Strong stakeholder management and execution discipline across matrixed teams.
Benefits
Hybrid work model for workplace flexibility.
Comprehensive health, dental, and life insurance.
Short and long‑term disability coverage.
RRSP matching for financial security.
Flexible time‑off policies for work‑life balance.
Employee assistance program for mental well‑being.
Learning benefits, including a LinkedIn Learning subscription and seminars.
Applicant Privacy Notice Your privacy is of the utmost importance to us. At Wind River, we strictly adhere to all applicable data privacy laws. Please review Wind River's Applicant Privacy Notice, which can be found
here .
Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Security Clearance Requirements Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. Candidates from specific countries may not be eligible.
#J-18808-Ljbffr
Wind River
to make a meaningful impact in a mission‑critical environment.
About Wind River
Wind River is a global leader in delivering software for mission‑critical intelligent systems. For more than four decades the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.
Description
We are hiring a Manager to lead the day‑to‑day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual‑entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800‑171, SOX, GDPR, FedRamp, CMMC and TISAX.
Work closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment. The role also supports OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding.
Key Responsibilities
Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
Maintain documentation, controls, and audit‑ready evidence for ISO 27001, NIST 800‑171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement.
Provide daily operational support to maintain compliance posture and support regulatory assessments.
Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
Coordinate resilience planning with cross‑functional partners including IT, Facilities, Cyber Defense, and Legal.
Maintain continuity playbooks, incident response records, and recovery planning materials.
Provide execution support for Wind River’s third‑party risk assessments, evidence collection, and remediation tracking.
Execute and drive enforcement of cybersecurity right‑to‑audit clauses with vendors and partners.
Review and provide redlines on cybersecurity and compliance sections of both buy‑side and sell‑side contracts.
Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role‑based content support.
Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
Coordinate audit response activities across control owners, internal SMEs, and external parties.
Support cybersecurity onboarding and governance alignment for newly acquired companies.
Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.
Support Director‑led strategic initiatives through dependable execution and documentation follow‑through.
Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.
Required Qualifications
7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
Experience managing or contributing to ISO 27001, NIST 800‑171, SOX, GDPR, or TISAX efforts.
Proficiency with GRC platforms and internal controls execution.
Strong writing and documentation skills.
Must reside in Greater Boston area with ability to be present on site at least 3 days a week.
United States Citizenship required.
Preferred Qualifications
Experience working in a multi‑entity environment or during M&A integration.
Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
Strong stakeholder management and execution discipline across matrixed teams.
Benefits
Hybrid work model for workplace flexibility.
Comprehensive health, dental, and life insurance.
Short and long‑term disability coverage.
RRSP matching for financial security.
Flexible time‑off policies for work‑life balance.
Employee assistance program for mental well‑being.
Learning benefits, including a LinkedIn Learning subscription and seminars.
Applicant Privacy Notice Your privacy is of the utmost importance to us. At Wind River, we strictly adhere to all applicable data privacy laws. Please review Wind River's Applicant Privacy Notice, which can be found
here .
Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Security Clearance Requirements Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. Candidates from specific countries may not be eligible.
#J-18808-Ljbffr