Description

We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp, CMMC and TISAX.

While the Director maintains strategic ownership of all four functional areas (GRC, TPRM, Training, and Resilience), this role will provide hands-on coverage for Wind River’s TPRM and Training efforts, working closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment.

In addition, this role will own GRC workstreams supporting OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding. This position is critical to stabilizing day-to-day operations and enabling long-term scalability across the enterprise.

Key Responsibilities:

Governance, Risk & Compliance (GRC)

• Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
• Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
• Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
• Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement.
• Provide daily operational support to maintain compliance posture and support regulatory assessments.

Enterprise Resilience

• Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
• Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal.
• Maintain continuity playbooks, incident response records, and recovery planning materials.

Wind River Support: TPRM & Training

• Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking.
• Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners.
• Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts.
• Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
• Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support.

Audit & Assurance

• Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
• Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
• Coordinate audit response activities across control owners, internal SMEs, and external parties.

OneAptiv Integration & M&A Execution

• Support cybersecurity onboarding and governance alignment for newly acquired companies.
• Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
• Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.

Cross-Functional Delivery

• Support Director-led strategic initiatives through dependable execution and documentation follow-through.
• Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
• Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.

Required Qualifications:

• 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
• Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts.
• Proficiency with GRC platforms and internal controls execution.
• Strong writing and documentation skills.
• Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly. 
• United States Citizenship required 

Preferred Qualifications:

• Experience working in a multi-entity environment or during M&A integration.
• Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
• CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
• Strong stakeholder management and execution discipline across matrixed teams.

• Hybrid work model for workplace flexibility 
• Comprehensive health, dental, and life insurance 
• Short and long-term disability coverage 
• RRSP matching for financial security 
• Flexible time-off policies for work-life balance 
• Employee assistance program for mental well-being 
• Learning benefits, including a LinkedIn Learning subscription and seminars