Apply on Employer Site

Aptiv · 2 weeks ago

Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

Boston, MA - USA

Full-time

Hybrid

Mid, Senior Level

$120K/yr - $180K/yr

7+ years exp

Wind River is a global leader in delivering software for mission-critical intelligent systems. The company is seeking a Manager to lead the execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv, ensuring regulatory compliance and risk management across multiple frameworks.

AutomotiveAutonomous VehiclesElectric VehicleRide SharingSoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness

Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise

Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity

Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement

Provide daily operational support to maintain compliance posture and support regulatory assessments

Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises

Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal

Maintain continuity playbooks, incident response records, and recovery planning materials

Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking

Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners

Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts

Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies

Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support

Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews

Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests

Coordinate audit response activities across control owners, internal SMEs, and external parties

Support cybersecurity onboarding and governance alignment for newly acquired companies

Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration

Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity

Support Director-led strategic initiatives through dependable execution and documentation follow-through

Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress

Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps

Qualification

Cybersecurity GovernanceRisk ManagementCompliance AuditingISO 27001NIST 800-171SOXGDPRTISAXGRC PlatformsStakeholder ManagementExecution DisciplineCybersecurity AwarenessMulti-Entity ExperienceCISA CertificationCISSP CertificationCISM CertificationISO Lead AuditorWriting Skills