CrawlJobs Logo
Aptiv plc Logo Aptiv plc · IT - Administration

Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

United States, Boston 120000.00 - 180000.00 USD / Year · Job Posted February 19, 2026
Apply Position
Job Link Share

Job Description

We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp, CMMC and TISAX. While the Director maintains strategic ownership of all four functional areas (GRC, TPRM, Training, and Resilience), this role will provide hands-on coverage for Wind River’s TPRM and Training efforts, working closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment. In addition, this role will own GRC workstreams supporting OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding. This position is critical to stabilizing day-to-day operations and enabling long-term scalability across the enterprise.

Job Responsibility

  • Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness
  • Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise
  • Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity
  • Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement
  • Provide daily operational support to maintain compliance posture and support regulatory assessments
  • Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises
  • Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal
  • Maintain continuity playbooks, incident response records, and recovery planning materials
  • Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking
  • Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners
  • Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts
  • Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies
  • Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support
  • Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews
  • Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests
  • Coordinate audit response activities across control owners, internal SMEs, and external parties
  • Support cybersecurity onboarding and governance alignment for newly acquired companies
  • Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration
  • Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity
  • Support Director-led strategic initiatives through dependable execution and documentation follow-through
  • Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress
  • Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps

Requirements

  • 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience
  • Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts
  • Proficiency with GRC platforms and internal controls execution
  • Strong writing and documentation skills
  • Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly
  • United States Citizenship required

Nice to have

  • Experience working in a multi-entity environment or during M&A integration
  • Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns
  • CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred
  • Strong stakeholder management and execution discipline across matrixed teams

What we offer

  • Hybrid work model for workplace flexibility
  • Comprehensive health, dental, and life insurance
  • Short and long-term disability coverage
  • RRSP matching for financial security
  • Flexible time-off policies for work-life balance
  • Employee assistance program for mental well-being
  • Learning benefits, including a LinkedIn Learning subscription and seminars
Aptiv plc - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

8 matching positions

Global Chief Information Security Officer

The Global Chief Information Security Officer (GCISO) will lead Allied Universal...
Location
Location
United States , Irvine
Salary
Salary:
275000.00 - 350000.00 USD / Year
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in computer science, Information Technology, cybersecurity, or a related field
  • Minimum of fifteen (15) years of progressive experience in cybersecurity
  • Minimum of seven (7) years in a senior management role in an information security function
  • Experience in managing, responding to, and mitigating cyber incidents
  • Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements
  • Hands-on cyber incident response coordination and oversight experience
  • Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.)
  • Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance
  • Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges
  • Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams
Job Responsibility
Job Responsibility
  • Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal's business objectives
  • Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company's diverse global operations
  • Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions
  • Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement
  • Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities
  • Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts
  • Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value
  • Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies
  • Coordinate, develop, and implement programs designed to train Allied Universal's workforce regarding the company's cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats
  • Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company's cybersecurity posture as appropriate
What we offer
What we offer
  • Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance
  • Eight paid holidays annually, five sick days, and four personal days
  • Executive Flex Vacation Plan
  • annual bonus
  • equity package
  • Fulltime
Read More
Arrow Right

Global Chief Information Security Officer

The Global Chief Information Security Officer (GCISO) will lead Allied Universal...
Location
Location
United States , Irvine
Salary
Salary:
275000.00 - 350000.00 USD / Year
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in computer science, Information Technology, cybersecurity, or a related field
  • Minimum of fifteen (15) years of progressive experience in cybersecurity
  • Minimum of seven (7) years in a senior management role in an information security function
  • Experience in managing, responding to, and mitigating cyber incidents
  • Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements
  • Hands-on cyber incident response coordination and oversight experience
  • Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.)
  • Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance
  • Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges
  • Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams
Job Responsibility
Job Responsibility
  • Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal's business objectives
  • Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company's diverse global operations
  • Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions
  • Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement
  • Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities
  • Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts
  • Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value
  • Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies
  • Coordinate, develop, and implement programs designed to train Allied Universal's workforce regarding the company's cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats
  • Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company's cybersecurity posture as appropriate
What we offer
What we offer
  • Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance
  • Eight paid holidays annually, five sick days, and four personal days
  • Executive Flex Vacation Plan
  • Fulltime
Read More
Arrow Right

Vice President - Information Technology and Cyber Risk Management

The Vice President, Information Technology and Cyber Risk Management (ITCRM) pos...
Location
Location
United States Of America , NEW YORK NY OR ISELIN NJ
Salary
Salary:
150000.00 - 185000.00 USD / Year
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • College Degree BA/BS
  • 5+ years of experience with oversight responsibilities in Operational Risk, Information Technology, Cybersecurity and/or Operational Resilience within a 2nd Line of Defence function such as Risk Management or Compliance OR 8-15 years of experience in risk related functions such as 1st line Governance Risk, and Compliance (GRC) or 3rd Line Internal Audit functions focused on Information Technology, Cyber Security, and/or Operational Resilience
  • Certified in Risk and Information Systems Control (CRISC)
  • Regulatory experience
  • Detailed Oriented, articulate and possessing good communication skills
  • Excellent Analytical Skills
  • Resourceful in identifying, following up and resolving issues
  • Strong team spirit and work ethic
  • Strong written and verbal communication skills
  • Ability to collaborate across the organization and manages relationships
Job Responsibility
Job Responsibility
  • Oversee and provide effective challenge of First Line of Defence implementation of enterprise and operational risk management frameworks for ICT Risks
  • Monitor Key Risk, Key Performance, and Key Control Indicators for Information and Communications Technology across all business units, aggregate reporting to Risk Committees and escalate any breaches of established tolerances and thresholds
  • Support regulatory exams by preparing materials, responding to regulatory inquiries, and presenting on continuous monitoring sessions to regulators
  • Perform analysis on quarterly reports from various US operations and create a consolidated quarterly risk reports to be presented at various risk committees on ICT Risk
  • Manage issues across the issue management lifecycle
  • Monitor regulatory rule changes and conduct training and awareness sessions as needed to business leaders across the 1st line
  • Collaborate with other Risk Management functions to identify top and emerging risks to ensure appropriate visibility of the evolving landscape within Information and Communications Technology
  • Fulltime
Read More
Arrow Right

Head of Operational Resilience Management

The Head of Operational Resilience Management will be responsible for developing...
Location
Location
United States , NEW YORK
Salary
Salary:
200000.00 - 250000.00 USD / Year
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor Degree / BSc Degree or equivalent
  • Minimum 10+ years of experience in information security or related field
  • At least 3 years of experience in a senior leadership role within the banking or financial services industry
  • Incident Management: Ability to analyze, prioritize, and manage security incidents effectively
  • Strategic Thinking: Ability to align cyber risk initiatives with business objectives
  • Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities
  • Leadership and Team Management: Proven track record of building and leading high performing teams
  • Regulatory Compliance: Expertise in navigating banking regulations
  • Industry Thought Leadership: Recognized as a subject matter expert in the cybersecurity or risk management space
  • Technical Knowledge: Strong knowledge with information security technologies such as vulnerability scanning tools, and threat intelligence tools, etc.
Job Responsibility
Job Responsibility
  • Develop and implement a comprehensive operational and cyber resiliency strategy aligned with regulatory requirements and industry standards
  • Define resilience objectives, key risk indicators (KRIs), key performance indicators (KPIs), key control indicators (KCIs) and other relevant metrics to measure the effectiveness of resiliency programs
  • Collaborate with senior leadership to embed resilience principles into business and technology processes
  • Stay ahead of emerging risks, regulatory changes, and threat landscapes to refine and enhance resilience strategies
  • Oversee the development and execution of the bank’s incident management framework, ensuring rapid response and recovery from information security and technology incidents
  • Lead and design tabletop exercises and simulations to test cyber incident response and business recovery capabilities
  • Coordinate with internal and external stakeholders (e.g., regulators, law enforcement, third-party service providers) during cyber events
  • Ensure integration of cyber resilience into broader enterprise risk management and IT security functions
  • Develop and maintain enterprise-wide business continuity and disaster recovery plans, ensuring readiness to sustain critical business operations during disruptions
  • Conduct regular BC/DR testing, audits, and training sessions to validate effectiveness and improve preparedness
  • Fulltime
Read More
Arrow Right

Security GRC Analyst

Juni is seeking a Security GRC (Governance, Risk, and Compliance) Analyst to pla...
Location
Location
Sweden , Stockholm; Gothenburg
Salary
Salary:
Not provided
juni.co Logo
Juni
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2 to 4 years of experience in information security governance, risk, or compliance roles
  • Demonstrated experience with compliance frameworks and regulations (e.g., PCI DSS, ISO 27001, GDPR, PSD2, EBA outsourcing and DORA)
  • Degree in Cybersecurity or Information Systems or similar
  • Knowledge of security frameworks (e.g., CIS Controls, NIST CSF)
  • Solid understanding of risk assessment methodologies and hands-on experience with risk registers and third-party risk management
  • Experience in coordinating activities for security certifications and audits
  • Ability to develop and track security metrics (KPIs)
  • Strong analytical, problem-solving, and organisational skills
  • Excellent communication skills, comfortable presenting to various stakeholders
  • A proactive and independent worker who is also a strong team player
Job Responsibility
Job Responsibility
  • Maintain and update core security documentation, including policies, procedures, and instructions, ensuring they remain current and relevant
  • Identify, collect, and analyse data to track key security performance indicators (KPIs) and metrics, generating reports and dashboards to communicate security performance to stakeholders
  • Maintain the risk register and support daily risk management activities with growing independence
  • Follow up on the remediation of risks identified in new projects, third-party engagements, and other business initiatives
  • Conduct thorough security posture assessments of new vendors and perform periodic reviews of existing ones
  • Support our 3rd party procurement process
  • Monitor the implementation and effectiveness of security controls across the organisation
  • Coordinate and support activities to maintain key security certifications, including PCI-DSS and ISO 27001
  • Coordinate and support the implementation of remediation plans to address identified compliance gaps
  • Provide support in responding to security-related questions during partner due diligence and assist in providing necessary information for cyber insurance renewals
What we offer
What we offer
  • Work hybrid
  • Meet all Junis IRL at the company onsite each year
  • Diversity is at our core
  • Progress your career whether you choose to manage people or not
  • Stock options
  • Vacation 30 days
  • Private Health insurance
  • Beautiful offices in central Gothenburg and Stockholm, front row sea view
  • Fulltime
Read More
Arrow Right

Information Security Officer

Klohn Crippen Berger is seeking an experienced and strategic Information Securit...
Location
Location
Canada , Vancouver
Salary
Salary:
110000.00 - 130000.00 CAD / Year
klohn.com Logo
Klohn Crippen Berger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Computer Science, Information Security, Business Administration, or a related field
  • Minimum 7 years of experience in cybersecurity or information risk management, including 5 years in a leadership role
  • Relevant certifications (e.g., CISSP, CISM, or similar) are considered an asset
  • Strong knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements
  • Strong knowledge of cybersecurity technologies, identity and access management, network security, and cloud security (e.g., Azure, AWS)
  • Deep understanding of secure software development lifecycles, data classification, and regulatory compliance
  • Experience leading teams and managing performance, development, and recruitment
  • Ability to manage multiple priorities in a fast-paced, evolving environment
  • Strong communication skills with the ability to translate complex security topics into business impact terms for technical and non-technical stakeholders
  • Proven ability to handle sensitive, complex, and confidential matters with sound judgment and discretion
Job Responsibility
Job Responsibility
  • Lead the development and execution of KCB’s cybersecurity strategy and operating model
  • Oversee security governance, including policies, standards, and compliance activities
  • Design and deliver cybersecurity awareness and training programs
  • Identify vulnerabilities through regular risk assessments and audits, and implement mitigation plans across infrastructure, applications, and cloud services
  • Identify, assess, and report on cybersecurity, IT, and regulatory risks to information assets
  • Establish and maintain security policies, standards, and procedures to comply with applicable frameworks such as ISO/IEC 27001, NIST, and GDPR
  • Establish resilience standards aligned with enterprise risk and business continuity objectives
  • Lead second-line assurance functions, including audits and control effectiveness reviews
  • Direct and coordinate incident detection and response procedures, including investigation, escalation, remediation, and post-mortem analysis
  • Develop and manage incident response and recovery plans to ensure business continuity
What we offer
What we offer
  • Hybrid work opportunities
  • Annual performance and salary review
  • Vacation policy that aligns with your experience
  • Flexible benefits, including Registered Savings Plan, social, and mental well-being initiatives
  • Commitment to global Environmental Social Governance standards
Read More
Arrow Right

Director of Information Security

Join Brandeis University as Director of Information Security. Brandeis Universit...
Location
Location
United States , Waltham
Salary
Salary:
160000.00 - 174800.00 USD / Year
brandeis.edu Logo
Brandeis University
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • Master’s preferred
  • 8+ years of information security experience
  • 3–5 years in supervisory roles
  • Expertise in cybersecurity frameworks (NIST, CIS), compliance requirements, risk management, and incident response
  • Strong communication and collaboration skills across technical and non-technical stakeholders
  • Discretion, sound judgment, and the ability to balance mission and security priorities
Job Responsibility
Job Responsibility
  • Lead the Information Security Program: Develop, implement, and manage policies, governance, and risk management programs that protect the university’s digital assets and data
  • Drive Cybersecurity Operations & Resilience: Monitor threats, manage vulnerabilities, and oversee incident response and business continuity planning
  • Ensure Compliance & Vendor Security: Support regulatory adherence (FERPA, GLBA, federal research mandates) and manage third-party risk assessments
  • Engage Campus Partners: Advise leadership, faculty, researchers, and staff on security risks, emerging threats, and mitigation strategies
  • Promote Security Awareness: Build a culture of cybersecurity through training, outreach, and community engagement
  • Fulltime
Read More
Arrow Right

GRC Engineer

Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in engineering, Computer Science, Cyber Security, or any related field from a reputable university
  • Preferably have one of the following certifications: CCNA Security, CompTIA Security +, CISA, ISA27001
  • Fluency in Arabic and English
  • Fresh graduates with cybersecurity related certificate to 1 year experience in information security
  • Ability to: Identify systemic security issues based on the analysis of vulnerability and configuration data
  • Answer questions in a clear and concise manner
  • Ask clarifying questions
  • Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
  • Design valid and reliable assessments
  • Apply critical reading/thinking skills
Job Responsibility
Job Responsibility
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
  • Plan and conduct security authorization reviews and assurance case development for new and existing installation of systems and networks to confirm that risk is within acceptable limits
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)
  • Verify and update security documentation reflecting the application/system security design features
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
  • Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers)
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc
  • Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals
Read More
Arrow Right