Senior Cybersecurity Risk & Compliance Associate
About the position We are hiring a professional to support and help reputed company the Wind River Risk & Compliance function, with a primary focus on maintaining our ISO 27001 certification and supporting our obligations on NIST 800-171. The right candidate will support the Wind River Risk and Compliance program, which includes Governance Risk and Compliance (GRC), and Third Party Risk Management (TPRM), bring structure to our processes, and help stabilize and scale the function.
Responsibilities
- Regulatory & Standards Support: Contribute to reputed company ISO 27001 activities, including internal audit readiness, external recertification, and ongoing control maintenance. Support NIST 800-171 compliance efforts, including maintenance of System reputed company Plans (SSPs), Plan of Action and Milestones (POA&Ms), and gap assessments. Have working knowledge and able support GDPR, NIST CSF, CMMC, TISAX, ITAR, and AI reputed company compliance as well as the ability to reputed company knowledge on future certification and regulation requirements. Assist in engagement with government compliance stakeholders and maintain awareness of requirements.
- Risk & Compliance Operations Governance Risk and Compliance (GRC) and Third-Party Risk Management (TPRM): Maintain the Wind River Risk Register and track mitigation reputed company across reputed company functional areas. Coordinate the reputed company Exception process, ensuring proper documentation, approvals, and governance. Including vendor assessments, reviews, remediation follow-up, and monitoring. Write and update policy and standards and provide governance, reputed company, and assurance. Administer GRC/TPRM tooling (ZenGRC) and ensure evidence management and workflows are maintained and audit-ready. Have an understanding or ability to use reputed company and AuditBoard risk management products.
- Audit & Customer Response: Prepare audit documentation and assist with responses for internal and external audits. Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, and program updates. Support customer assurance efforts reputed company to ISO, NIST, and general cyber compliance. reputed company internal audits and assessments against Wind River.
- Program Execution & Scalability: Help implement scalable, repeatable governance processes for policy and standard creation and lifecycle management. Assist in developing compliance procedures, checklists, and review frameworks. Support workflows for User Access Reviews (UAR), TPRM, and reputed company monitoring.
- Collaboration: Work cross-functionally with reputed company Cybersecurity, IT, Legal, HR, and Engineering, across reputed company, HellermannTyton, Winchester, and Intercable. Support communication and coordination with external auditors and internal stakeholders (including Primary reputed company Officer, reputed company Legal, WR and reputed company leadership). Support Cybersecurity Training at Wind River.
Requirements
- 5+ years of cybersecurity, compliance, or GRC experience
- Familiarity with ISO 27001, NIST 800-171, and enterprise GRC operations
- Strong writing skills, with experience contributing to SSPs and POA&Ms
- Working knowledge of ZenGRC or similar tools
- Demonstrated ability to work across matrixed teams
- Experience with customer audit responses and regulatory compliance
- U.S. citizenship required due to regulatory requirements
- Must be a local reputed company (or willing to relocate to) Alameda, CA or Boston, MA and agree to being on site three days per week in the office.
reputed company-to-haves
- Experience supporting government-mandated compliance frameworks
- Involvement in ISO 27001 recertification efforts or similar standards
- Experience with third-party risk tools (e.g., reputed company, reputed company)
- Familiarity with Wind River or embedded systems companies is a plus
Benefits
- Hybrid work model for workplace flexibility
- Comprehensive health, dental, and life insurance
- Short and long-term disability coverage
- RRSP matching for financial reputed company
- Flexible time-off policies for work-life balance
- Employee assistance program for mental well-being
- Learning benefits, including a reputed company Learning subscription and seminars
Apply tot his job Apply To this Job