Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

About The Position

Requirements

• 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
• Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts.
• Proficiency with GRC platforms and internal controls execution.
• Strong writing and documentation skills.
• Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly.
• United States Citizenship required

Nice To Haves

• Experience working in a multi-entity environment or during M&A integration.
• Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
• CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
• Strong stakeholder management and execution discipline across matrixed teams.

Responsibilities

• Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
• Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
• Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
• Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement.
• Provide daily operational support to maintain compliance posture and support regulatory assessments.
• Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
• Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal.
• Maintain continuity playbooks, incident response records, and recovery planning materials.
• Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking.
• Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners.
• Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts.
• Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
• Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support.
• Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
• Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
• Coordinate audit response activities across control owners, internal SMEs, and external parties.
• Support cybersecurity onboarding and governance alignment for newly acquired companies.
• Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
• Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.
• Support Director-led strategic initiatives through dependable execution and documentation follow-through.
• Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
• Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.

Benefits

• Hybrid work model for workplace flexibility
• Comprehensive health, dental, and life insurance
• Short and long-term disability coverage
• RRSP matching for financial security
• Flexible time-off policies for work-life balance
• Employee assistance program for mental well-being
• Learning benefits, including a LinkedIn Learning subscription and seminars