Job Details

Wind River Systems

Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

IT & Security • Cupertino, California

About Wind River

Wind River is a global leader in delivering software for mission‑critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability. We help customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company's software powers generation after generation of the safest, most secure systems in the world. Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We've achieved recent 5G milestones including the world's first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone. The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture where experience is based on our cultural attributes of growth mindset, customer‑focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software‑defined world.

About the Opportunity

We are hiring a Manager to lead the day‑to‑day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual‑entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp, CMMC and TISAX. While the Director maintains strategic ownership of all four functional areas (GRC, TPRM, Training, and Resilience), this role will provide hands‑on coverage for Wind River's TPRM and Training efforts, working closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment. In addition, this role will own GRC workstreams supporting OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding. This position is critical to stabilizing day‑to‑day operations and enabling long‑term scalability across the enterprise.

Key Responsibilities

• Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
• Maintain documentation, controls, and audit‑ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC, and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
• Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
• Manage internal risk exceptions, maturity roadmaps, and control owners' engagement.
• Provide daily operational support to maintain compliance posture and support regulatory assessments.
• Own documentation and execution for business impact assessments, continuity planning, and tabletop exercises.
• Coordinate resilience planning with cross‑functional partners including IT, Facilities, Cyber Defense, and Legal.
• Maintain continuity playbooks, incident response records, and recovery planning materials.
• Provide execution support for Wind River's third‑party risk assessments, evidence collection, and remediation tracking.
• Execute and drive enforcement of cybersecurity right‑to‑audit clauses with vendors and partners.
• Review and provide redlines on cybersecurity and compliance sections of both buy‑side and sell‑side contracts.
• Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
• Help coordinate Wind River's cybersecurity awareness campaigns, mandatory training compliance, and role‑based content support.
• Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
• Maintain and update System Security Plans, Plans of Action & Milestones, and customer documentation requests.
• Coordinate audit response activities across control owners, internal SMEs, and external parties.
• Support cybersecurity onboarding and governance alignment for newly acquired companies.
• Assist with Transitional Services Agreements by managing control design, evidence preparation, and GRC tooling integration.
• Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.
• Support Director‑led strategic initiatives through dependable execution and documentation follow‑through.
• Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
• Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.

Required Qualifications

• 10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
• Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts.
• Proficiency with GRC platforms and internal controls execution.
• Strong writing and documentation skills.
• Must reside in Greater Boston area with ability to be present on site at least 3 days per week.
• United States Citizenship required.

Preferred Qualifications

• Experience working in a multi‑entity environment or during M&A integration.
• Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
• CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
• Strong stakeholder management and execution discipline across matrixed teams.

Benefits

• Hybrid work model for workplace flexibility.
• Comprehensive health, dental, and life insurance.
• Short and long‑term disability coverage.
• RRSP matching for financial security.
• Flexible time‑off policies for work‑life balance.
• Employee assistance program for mental well‑being.
• Learning benefits, including a LinkedIn Learning subscription and seminars.

Security Clearance Requirements

Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. In particular, candidates with certain citizenship may not be able to perform such fundamental job duties. Currently, this includes citizens of the following countries: Belarus, Burma, China, Cuba, Iran, North Korea, Syria, Venezuela, Afghanistan, Cambodia, Central African Republic, Cyprus, Democratic Republic of Congo, Ethiopia, Eritrea, Haiti, Iraq, Lebanon, Libya, Russia, Somalia, South Sudan, Sudan, Zimbabwe. The security clearance process may take a significant amount of time to complete, and any offer of employment will be contingent on the candidate's legal ability to perform the fundamental job duties. Wind River is committed to meeting its obligations to candidates under applicable human rights law and privacy law in this regard.

Applicant Privacy Notice

Your privacy is of the utmost importance to us. At Wind River, we strictly adhere to all applicable data privacy laws. Please review Wind River's Applicant Privacy Notice, which can be found here.

Join us at Wind River, where we're not just shaping technology; we're shaping the future of a safer, more connected world. Your journey to make a meaningful impact begins here.

PI280352067