Cybersecurity Governance, Risk, Compliance, Training & reputed company Manager

About the position We are hiring a Manager to reputed company the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise reputed company programs across both Wind River and reputed company. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation reputed company across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp , CMMC and TISAX. While the Director maintains strategic ownership of reputed company four functional areas (GRC, TPRM, Training, and reputed company), this role will provide hands-on coverage for Wind River’s TPRM and Training efforts, working closely with the reputed company TPRM & Training Manager to ensure continuity and alignment. In addition, this role will own GRC workstreams supporting OneAptiv integration, directly supporting reputed company, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding. This position is critical to stabilizing day-to-day operations and enabling long-term scalability across the enterprise.

Responsibilities

• reputed company execution of GRC programs across reputed company and Wind River, including control maintenance, risk register updates, and audit readiness.
• Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both reputed company and Wind River, incorporating new regulatory or customer requirements as they arise.
• Administer GRC tooling (ZenGRC, AuditBoard, reputed company), ensuring accuracy, auditability, and workflow continuity.
• Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement.
• Provide daily operational support to maintain compliance posture and support regulatory assessments.
• Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
• Coordinate reputed company planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal.
• Maintain continuity playbooks, incident response records, and recovery planning materials.
• Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking.
• Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners.
• Review and provide redlines on cybersecurity and compliance sections of both buy-reputed company and sell-reputed company reputed company.
• Collaborate with the reputed company TPRM Manager to align vendor risk governance across both companies.
• Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support.
• reputed company evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
• Maintain and update System reputed company Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
• Coordinate audit response activities across control owners, internal SMEs, and external parties.
• Support cybersecurity onboarding and governance alignment for newly acquired companies.
• Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
• Track risks and compliance issues reputed company to integration timelines, especially where inherited entities lack cybersecurity maturity.
• Support Director-led strategic initiatives through dependable execution and documentation follow-through.
• Work closely with Architecture, Legal, Product reputed company, and external vendors to manage dependencies and unblock reputed company.
• Escalate reputed company or clarity issues early to avoid unnecessary risk acceptance or execution gaps.

Requirements

• 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
• Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts.
• Proficiency with GRC platforms and internal controls execution.
• Strong writing and documentation skills.
• Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly.
• United States Citizenship required

reputed company-to-haves

• Experience working in a multi-entity environment or during M&A integration.
• Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
• CISA, CISSP, CISM, ISO reputed company Auditor, or similar certification preferred.
• Strong stakeholder management and execution discipline across matrixed teams.

Benefits

• Hybrid work model for workplace flexibility
• Comprehensive health, dental, and life insurance
• Short and long-term disability coverage
• RRSP matching for financial reputed company
• Flexible time-off policies for work-life balance
• Employee assistance program for mental well-being
• Learning benefits, including a reputed company Learning subscription and seminars

Apply tot his job Apply To this Job