Wind River is hiring: Senior Cybersecurity Risk & Compliance Associate in Alamed

Senior Cybersecurity Risk & Compliance Associate Position at Wind River About Wind River Wind River is a global leader in delivering software for mission‑critical intelligent systems. For more than four decades the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. Wind River serves automotive, aerospace, defense, industrial, medical, and telecommunications industries, helping customers solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world, including NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. Recent 5G milestones include the world’s first successful 5G data session with Verizon and the building of one of the largest Open RAN networks worldwide with Vodafone. The company has received industry recognition for technological innovation and leadership, and for its workplace culture, with global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture built on growth mindset, customer focus, and diversity, equity, inclusion & belonging, come join us and help shape the future, software‑defined world. About the Opportunity We are hiring a professional to support and help lead the Wind River Risk & Compliance function. The primary focus is maintaining our ISO 27001 certification and supporting our obligations on NIST 800‑171. The right candidate will work across Governance Risk and Compliance (GRC) and Third‑Party Risk Management (TPRM), bring structure to our processes, and help stabilize and scale the function. Key Responsibilities Regulatory & Standards Support Contribute to all ISO 27001 activities, including internal audit readiness, external recertification, and ongoing control maintenance. Support NIST 800‑171 compliance efforts, including maintaining System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and gap assessments. Have working knowledge and ability to support GDPR, NIST CSF, CMMC, TISAX, ITAR, and AI related compliance; be able to learn future certification and regulatory requirements. Assist in engagement with government compliance stakeholders and maintain awareness of requirements. Risk & Compliance Operations, Governance Risk and Compliance (GRC) and Third‑Party Risk Management (TPRM) Maintain the Wind River Risk Register and track mitigation progress across all functional areas. Coordinate the Security Exception process, ensuring proper documentation, approvals, and governance. Manage vendor assessments, reviews, remediation follow‑up, and monitoring. Write and update policy and standards and provide governance, oversight, and assurance. Administer GRC/TPRM tooling (ZenGRC) and ensure evidence management and workflows are maintained and audit‑ready. Ability to use ServiceNow and AuditBoard risk management products is an advantage. Audit & Customer Response Prepare audit documentation and assist with responses for internal and external audits. Draft and maintain clear, consistent, and audit‑ready documentation, including policies, control responses, and program updates. Support customer assurance efforts related to ISO, NIST, and general cyber compliance. Lead internal audits and assessments against Wind River. Program Execution & Scalability Help implement scalable, repeatable governance processes for policy and standard creation and lifecycle management. Assist in developing compliance procedures, checklists, and review frameworks. Support workflows for User Access Reviews (UAR), TPRM, and continuous monitoring. Collaboration Work cross‑functionally with Aptiv Cybersecurity, IT, Legal, HR, and Engineering across Aptiv, HellermannTyton, Winchester, and Intercable. Support communication and coordination with external auditors and internal stakeholders (including Primary Security Officer, Aptiv Legal, WR and Aptiv leadership). Support Cybersecurity Training at Wind River. Required Qualifications 5+ years of cybersecurity, compliance, or GRC experience. Familiarity with ISO 27001, NIST 800‑171, and enterprise GRC operations. Strong writing skills, with experience contributing to SSPs and POA&Ms. Working knowledge of ZenGRC or similar tools. Demonstrated ability to work across matrixed teams. Experience with customer audit responses and regulatory compliance. U.S. citizenship required due to regulatory requirements. Must be a local resident (or willing to relocate to) Alameda, CA or Boston, MA and agree to being on site three days per week in the office. Preferred Qualifications Experience supporting government‑mandated compliance frameworks. Involvement in ISO 27001 recertification efforts or similar standards. Experience with third‑party risk tools (e.g., BlueVoyant, BitSight). Familiarity with Wind River or embedded systems companies is a plus. Why This Role Matters Wind River’s ability to operate in national security and critical infrastructure markets depends on strong cybersecurity governance. This role helps ensure we maintain our certifications, deliver on regulatory and contractual obligations, and support internal and external stakeholders with confidence. It also balances workloads spread across teams, positioning the function for long‑term stability. Applicant Privacy Notice Your privacy is of the utmost importance to us. At Wind River, we strictly adhere to all applicable data privacy laws. Please review Wind River's Applicant Privacy Notice. EEO Statement Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation, or any other legally protected status. Benefits Hybrid work model for workplace flexibility. Comprehensive health, dental, and life insurance. Short and long‑term disability coverage. RRSP matching for financial security. Flexible time‑off policies for work‑life balance. Employee assistance program for mental well‑being. Learning benefits, including a LinkedIn Learning subscription and seminars. Security Clearance Requirements Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. In particular, candidates with certain citizenship may not be able to perform such fundamental job duties. Currently, this includes citizens of Belarus; Burma; China; Cuba; Iran; North Korea; Syria; Venezuela; Afghanistan; Cambodia; Central African Republic; Cyprus; Democratic Republic of Congo; Ethiopia; Eritrea; Haiti; Iraq; Lebanon; Libya; Russia; Somalia; South Sudan; Sudan; Zimbabwe. The security clearance process may take a significant amount of time to complete, and any offer of employment will be contingent on the candidate’s legal ability to perform the fundamental job duties. Wind River is committed to meeting its obligations to candidates under applicable human rights law and privacy law in this regard. Compensation The annual base salary range for this role’s listed grade level is currently $100,000 to $130,000 plus a bonus for Boston, MA residents, and $110,000 to $140,000 plus a bonus for SF Bay Area residents. Salary ranges are determined through interviews and a review of the education, experience, knowledge, skills, location, and abilities of the applicant, and equity with other team members. Employees in this role are also eligible for the following benefits in accordance with the terms of the Company’s plans: health, dental, vision insurance, life insurance, flex time off, eligibility to enroll in 401k, and 12 paid holidays. Additional Information Referrals increase your chances of interviewing at Wind River by 2x. #J-18808-Ljbffr