Senior Analyst, Cybersecurity Risk & Compliance

1 Month ago • 5 Years + • Cyber Security • $100,000 PA - $140,000 PA

Job Summary

Job Description

The Senior Analyst, Cybersecurity Risk & Compliance will lead and support the Wind River Risk & Compliance function. This includes maintaining ISO 27001 certification and supporting obligations on NIST 800-171, including Governance Risk and Compliance (GRC) and Third Party Risk Management (TPRM). The role involves contributing to all ISO 27001 activities, supporting NIST 800-171 compliance efforts, and assisting in engagement with government compliance stakeholders. Furthermore, the role will be responsible for maintaining the Wind River Risk Register, coordinating the Security Exception process, and administering GRC/TPRM tooling. Additional responsibilities include preparing audit documentation, supporting customer assurance efforts, and implementing scalable governance processes.
Must have:
  • 5+ years of cybersecurity, compliance, or GRC experience.
  • Familiarity with ISO 27001, NIST 800-171 and GRC operations.
  • Strong writing skills, experience contributing to SSPs and POA&Ms.
  • Working knowledge of ZenGRC or similar tools.
  • Demonstrated ability to work across matrixed teams.
  • Experience with customer audit responses and regulatory compliance.
  • U.S. citizenship required.
Good to have:
  • Experience supporting government-mandated compliance frameworks.
  • Involvement in ISO 27001 recertification efforts or similar standards.
  • Experience with third-party risk tools.
  • Familiarity with Wind River or embedded systems companies.
Perks:
  • health, dental, vision insurance
  • life insurance
  • flex time off
  • eligibility to enroll in 401k
  • 12 paid holidays

Job Details

Description

Position at Wind River

Position Title: Senior Analyst, Cybersecurity Risk & Compliance (Hybrid)

Reports To: Director of Aptiv and Wind River Cybersecurity Risk, Compliance & Resilience

 Overview:

We are hiring a professional to support and help lead the Wind River Risk & Compliance function, with a primary focus on maintaining our ISO 27001 certification and supporting our obligations on NIST 800-171. The right candidate will support the Wind River Risk and Compliance program, which includes Governance Risk and Compliance (GRC), and Third Party Risk Management (TPRM), bring structure to our processes, and help stabilize and scale the function.

 

Key Responsibilities:

 

Regulatory & Standards Support:

  • Contribute to all ISO 27001 activities, including internal audit readiness, external recertification, and ongoing control maintenance.
  • Support NIST 800-171 compliance efforts, including maintenance of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and gap assessments.
  • Have working knowledge and able support GDPR, NIST CSF, CMMC, TISAX, ITAR, and AI related compliance as well as the ability to gain knowledge on future certification and regulation requirements.
  • Assist in engagement with government compliance stakeholders and maintain awareness of requirements.

 

Risk & Compliance Operations Governance Risk and Compliance (GRC) and Third-Party Risk Management (TPRM):

  • Maintain the Wind River Risk Register and track mitigation progress across all functional areas.
  • Coordinate the Security Exception process, ensuring proper documentation, approvals, and governance.
  • Including vendor assessments, reviews, remediation follow-up, and monitoring.
  • Write and update policy and standards and provide governance, oversight, and assurance.
  • Administer GRC/TPRM tooling (ZenGRC) and ensure evidence management and workflows are maintained and audit-ready. Have an understanding or ability to use ServiceNow and AuditBoard risk management products.

 

Audit & Customer Response:

  • Prepare audit documentation and assist with responses for internal and external audits.
  • Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, and program updates.
  • Support customer assurance efforts related to ISO, NIST, and general cyber compliance.
  • Lead internal audits and assessments against Wind River.

 

Program Execution & Scalability:

  • Help implement scalable, repeatable governance processes for policy and standard creation and lifecycle management.
  • Assist in developing compliance procedures, checklists, and review frameworks.
  • Support workflows for User Access Reviews (UAR), TPRM, and continuous monitoring.

 

Collaboration:

  • Work cross-functionally with Aptiv Cybersecurity, IT, Legal, HR, and Engineering, across Aptiv, HellermannTyton, Winchester, and Intercable.
  • Support communication and coordination with external auditors and internal stakeholders (including Primary Security Officer, Aptiv Legal, WR and Aptiv leadership).
  • Support Cybersecurity Training at Wind River.

 

Required Qualifications:

  • 5+ years of cybersecurity, compliance, or GRC experience
  • Familiarity with ISO 27001, NIST 800-171, and enterprise GRC operations
  • Strong writing skills, with experience contributing to SSPs and POA&Ms
  • Working knowledge of ZenGRC or similar tools
  • Demonstrated ability to work across matrixed teams
  • Experience with customer audit responses and regulatory compliance
  • U.S. citizenship required due to regulatory requirements
  • Must be a local resident (or willing to relocate to) Alameda, CA or Boston, MA and agree to being on site three days per week in the office. 

 

Preferred Qualifications:

  • Experience supporting government-mandated compliance frameworks
  • Involvement in ISO 27001 recertification efforts or similar standards
  • Experience with third-party risk tools (e.g., BlueVoyant, BitSight)
  • Familiarity with Wind River or embedded systems companies is a plus

 

Why This Role Matters:

Wind River's ability to operate in national security and critical infrastructure markets depends on strong cybersecurity governance. This role helps ensure we maintain our certifications, deliver on regulatory and contractual obligations, and support internal and external stakeholders with confidence. It also supports balancing workloads currently spread across teams and positions the function for long-term stability.

Join us at Wind River, where we're not just shaping technology; we're shaping the future of a safer, more connected world. Your journey to make a meaningful impact begins here.   
 
APPLICANT PRIVACY NOTICE:  
Your privacy is of the utmost importance to us. At Wind River, we strictly adhere to all applicable data privacy laws. Please review Wind River's Applicant Privacy Notice, which can be found here.   
Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Compensation 
The annual base salary range for this role’s listed grade level is currently $100,000 to $130,00 plus a bonus for Boston, MA residents, and $110,000 to $140,000 plus a bonus for SF Bay Area residents. Salary ranges are determined through interviews and a review of the education, experience, knowledge, skills, location, and abilities of the applicant, and equity with other team members. Employees in this role are also eligible for the following benefits in accordance with the terms of the Company's plans: health, dental, vision insurance, life insurance, flex time off, eligibility to enroll in 401k, and 12 paid holidays.
 #LI-JP1

 

Similar Jobs

PwC - Manager, Risk Management

PwC

Bangkok, Bangkok, Thailand (On-Site)
8 Months ago
bytedance - Music Product Counsel - Global Legal

bytedance

Seattle, Washington, United States (On-Site)
7 Months ago
GoTo Group - IT Auditor Associate

GoTo Group

Jakarta, Jakarta, Indonesia (On-Site)
3 Months ago
Haleon - CMO Procurement Lead, ISC

Haleon

Gurugram, Haryana, India (On-Site)
2 Weeks ago
Interactive Brokers - Regulatory Correspondence Counsel

Interactive Brokers

Washington, District Of Columbia, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

TransUnion - Account Director - Banking

TransUnion

United Kingdom (Remote)
1 Month ago
PwC - Senior Auditor - Napoli [ADT]

PwC

Naples, Florida, United States (On-Site)
8 Months ago
Razer - Senior Financial Analyst

Razer

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
1 Week ago
Reddit - Senior Site Reliability Engineer

Reddit

London, England, United Kingdom (On-Site)
1 Month ago
Springer Group - Head Of Procurement Operations

Springer Group

London, England, United Kingdom (Hybrid)
6 Days ago
Mercury - Senior Product Manager - Account Fraud

Mercury

San Francisco, California, United States (On-Site)
1 Month ago
PwC - Experienced Associate - Financial Risk Management

PwC

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
8 Months ago
bounteous - Java Developer

bounteous

Montreal, Quebec, Canada (Hybrid)
1 Month ago
PwC - Associate - Business & Risk Consulting

PwC

Karachi, Sindh, Pakistan (On-Site)
8 Months ago
PwC - Asistente de Auditoria

PwC

Santo Domingo, Distrito Nacional, Dominican Republic (On-Site)
8 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Boston, Massachusetts, United States

skillz - Senior Web Full Stack Engineer

skillz

Las Vegas, Nevada, United States (On-Site)
3 Weeks ago
London stock Exchange - Senior Research Specialist, Weather

London stock Exchange

Chicago, Illinois, United States (Hybrid)
4 Weeks ago
Alation - Cybersecurity Engineer

Alation

Redwood City, California, United States (Hybrid)
1 Month ago
AppLovin - Principal Total Rewards Consultant

AppLovin

Palo Alto, California, United States (Hybrid)
1 Month ago
Glocomms - Director, Application Security Architecture

Glocomms

Tampa, Florida, United States (Hybrid)
1 Month ago
WebMD - Implementation Manager

WebMD

Newark, New Jersey, United States (On-Site)
1 Month ago
HCL Tech - Senior Automation Tester with selenium, Java

HCL Tech

Illinois, United States (On-Site)
1 Month ago
Postman - Senior Product Manager, API Collaboration

Postman

New York, New York, United States (Hybrid)
1 Month ago
Zenoti - Billing and Collections Intern

Zenoti

Seattle, Washington, United States (On-Site)
1 Week ago
HP - Channel Sales Enablement

HP

Texas, United States (On-Site)
1 Week ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Chennai, Tamil Nadu, India (On-Site)

Bengaluru, Karnataka, India (On-Site)

Walnut Creek, California, United States (Remote)

Walnut Creek, California, United States (On-Site)

New York, United States (Hybrid)

Ottawa, Ontario, Canada (On-Site)

Galați, Județul Galați, Romania (On-Site)

View All Jobs

Get notified when new jobs are added by Wind River

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug