CrawlJobs Logo

Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

United States, Boston 120000.00 - 180000.00 USD / Year · Job Posted February 19, 2026
Apply Position
Job Link Share

Job Description

We are hiring a Manager to lead the day-to-day execution of cybersecurity Governance, Risk & Compliance (GRC) and enterprise resilience programs across both Wind River and Aptiv. This dual-entity role will serve as a key operational leader, ensuring regulatory compliance, audit readiness, risk tracking, and documentation integrity across multiple frameworks including ISO 27001, NIST 800-171, SOX, GDPR, FedRamp, CMMC and TISAX. While the Director maintains strategic ownership of all four functional areas (GRC, TPRM, Training, and Resilience), this role will provide hands-on coverage for Wind River’s TPRM and Training efforts, working closely with the Aptiv TPRM & Training Manager to ensure continuity and alignment. In addition, this role will own GRC workstreams supporting OneAptiv integration, directly supporting Aptiv, Wind River, and other OneAptiv companies as needed, including TSA execution and M&A onboarding. This position is critical to stabilizing day-to-day operations and enabling long-term scalability across the enterprise.

Job Responsibility

  • Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness
  • Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise
  • Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity
  • Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement
  • Provide daily operational support to maintain compliance posture and support regulatory assessments
  • Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises
  • Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal
  • Maintain continuity playbooks, incident response records, and recovery planning materials
  • Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking
  • Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners
  • Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts
  • Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies
  • Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support
  • Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews
  • Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests
  • Coordinate audit response activities across control owners, internal SMEs, and external parties
  • Support cybersecurity onboarding and governance alignment for newly acquired companies
  • Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration
  • Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity
  • Support Director-led strategic initiatives through dependable execution and documentation follow-through
  • Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress
  • Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps

Requirements

  • 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience
  • Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts
  • Proficiency with GRC platforms and internal controls execution
  • Strong writing and documentation skills
  • Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly
  • United States Citizenship required

Nice to have

  • Experience working in a multi-entity environment or during M&A integration
  • Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns
  • CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred
  • Strong stakeholder management and execution discipline across matrixed teams

What we offer

  • Hybrid work model for workplace flexibility
  • Comprehensive health, dental, and life insurance
  • Short and long-term disability coverage
  • RRSP matching for financial security
  • Flexible time-off policies for work-life balance
  • Employee assistance program for mental well-being
  • Learning benefits, including a LinkedIn Learning subscription and seminars

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Cybersecurity Governance, Risk, Compliance, Training & Resilience Manager

8 matching positions

SOC Manager

Sopra Steria offers tailored, end-to-end corporate technology and software solut...
Location
Location
Belgium , Libin
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 7 years of experience in cybersecurity operations, including SOC or incident response
  • At least 3 years in a leadership or management role within a SOC environment
  • Hands-on experience with SIEM, SOAR, EDR, threat detection, and incident response workflows
  • Strong understanding of SOC operations, including processes, SLAs, escalation models, and reporting
  • Experience working in regulated or large enterprise environments
  • Proven people management skills, including coaching and performance management
  • Excellent communication skills, with the ability to translate technical issues into clear, actionable insights
  • Structured and process-oriented mindset with a focus on operational excellence
  • Ability to remain calm and make effective decisions under pressure
  • Fluent in English, both written and spoken
Job Responsibility
Job Responsibility
  • Lead daily Security Operations Center (SOC) activities across Tier 1–3 analysts and SOC engineers
  • Ensure 24/7 operational coverage, effective workload distribution, and adherence to SLAs
  • Oversee the full incident lifecycle, including detection, triage, escalation, and response governance
  • Maintain and continuously improve SOC procedures, playbooks, and key performance indicators (KPIs)
  • Ensure high quality, consistency, and accuracy in alert handling and incident reporting
  • Manage, coach, and develop SOC analysts and engineers
  • Define performance objectives, conduct regular evaluations, and support career progression
  • Design and implement training and continuous improvement plans to enhance SOC maturity
  • Foster a high-performing, resilient, and engaged team culture
  • Own the operational onboarding and offboarding of SOC clients and services
What we offer
What we offer
  • Mobility options (including a company car)
  • Insurance coverage
  • Meal vouchers
  • Eco-cheques
  • Continuous learning opportunities through the Sopra Steria Academy
  • The opportunity to connect with fellow Sopra Steria colleagues at various team events
  • Fulltime
Read More
Arrow Right

Cybersecurity Director

Reporting to the Senior Director of IT, the Director of Cybersecurity is respons...
Location
Location
Canada , Saint-Augustin-de-Desmaures
Salary
Salary:
Not provided
leclerc.ca Logo
Biscuits Leclerc Ltd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in IT engineering or a related discipline
  • 12 to 15 years in similar roles, ideally in a manufacturing environment
  • Deep technical expertise in security technologies, protocols, operating systems, databases, and networks (on-premise and cloud)
  • Mastery of protection tools: firewalls, antivirus, access management systems, monitoring solutions
  • Management, communication, and crisis management skills
  • Ability to withstand stress and effectively coordinate teams during a cyberattack
  • Strategic leadership to challenge internal practices and improve overall security posture
  • Ability to lead audits, penetration tests, and simulations to strengthen security
  • Professional certifications are an asset: CISSP, CISM, CEH, ITIL
Job Responsibility
Job Responsibility
  • Define and lead the company's overall cybersecurity strategy, in alignment with IT objectives and top management
  • Implement the necessary tools, processes, and policies to protect critical data, systems, and infrastructures
  • Provide security and governance expertise across all areas of the company by advising management and employees
  • Strengthen organizational resilience against cyber threats through concrete actions and proactive communication
  • Develop defense plans approved by management, including required financial investments
  • Monitor and present performance indicators to demonstrate risk management and reassure management
  • Maintain a culture of digital security by implementing ongoing training and awareness initiatives
  • Supervise internal and external teams dedicated to information systems security
  • Cover all aspects of cybersecurity: prevention, detection, response, compliance, and awareness
  • Define and centralize IT defense solutions, ensuring their deployment within deadlines and budgets
What we offer
What we offer
  • Paid and adapted training
  • Complete benefits program (drug and dental insurance, 1 week of sick leave, telemedicine, group RRSP with employer participation)
  • Quality meals at low prices in the cafeteria (unlimited coffee, tea, cookies and bars)
  • Free use of the sports facilities (basketball court, training room and cardio room)
  • Savings on products and exclusive novelties
  • Job security and opportunities for advancement
  • Rich company culture (Christmas, birthday and maternity gifts, use of the Poka platform)
  • Excellent salary and benefits
  • Fulltime
Read More
Arrow Right

Ai Security Architect

We are currently seeking a AI Security Architect to join our team in Bangalore o...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity architecture with proven experience securing large-scale LLM deployments and multi-agent workflows
  • Hands-on capability with agent frameworks (e.g., LangChain, LangGraph, AutoGen) and MLOps platforms
  • Deep familiarity with model risk management principles and AI security standards
Job Responsibility
Job Responsibility
  • Defining security architecture and implementing robust security controls for AI/ML systems and their underlying platforms
  • Serving as the team’s technical mentor and architecture authority, driving secure-by-design patterns across the AI/ML lifecycle (data, training, evaluation, deployment, and production monitoring)
  • Proactively mitigating AI-specific threats such as model integrity risks, data poisoning, adversarial attacks, prompt injection, model extraction, and inference-time abuse
  • Leading technically, setting standards, and guiding engineers day-to-day through architecture, reviews, and delivery
  • Ensuring AI systems are secure, compliant, and resilient by implementing data protection, threat detection, guardrails, and ongoing risk monitoring across the AI lifecycle
  • Agent Security: Define strict Role-Based Access Control (RBAC) and least-privilege models for AI agents
  • Design runtime environments with restricted permissions
  • Implement defenses against adversarial attacks, prompt injections, jailbreaking, and sensitive data leakage (DLP) across agent workflows
  • Observability & Monitoring: Architect logging and monitoring standards for decision traceability
  • Monitor models and prompt templates for behavioral drift, anomalies, and attacks
  • Fulltime
Read More
Arrow Right

Head of Operational Resilience Management

The Head of Operational Resilience Management will be responsible for developing...
Location
Location
United States , NEW YORK
Salary
Salary:
200000.00 - 250000.00 USD / Year
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor Degree / BSc Degree or equivalent
  • Minimum 10+ years of experience in information security or related field
  • At least 3 years of experience in a senior leadership role within the banking or financial services industry
  • Incident Management: Ability to analyze, prioritize, and manage security incidents effectively
  • Strategic Thinking: Ability to align cyber risk initiatives with business objectives
  • Communication and Documentation: Strong ensure thorough documentation and clear communications over security operations activities
  • Leadership and Team Management: Proven track record of building and leading high performing teams
  • Regulatory Compliance: Expertise in navigating banking regulations
  • Industry Thought Leadership: Recognized as a subject matter expert in the cybersecurity or risk management space
  • Technical Knowledge: Strong knowledge with information security technologies such as vulnerability scanning tools, and threat intelligence tools, etc.
Job Responsibility
Job Responsibility
  • Develop and implement a comprehensive operational and cyber resiliency strategy aligned with regulatory requirements and industry standards
  • Define resilience objectives, key risk indicators (KRIs), key performance indicators (KPIs), key control indicators (KCIs) and other relevant metrics to measure the effectiveness of resiliency programs
  • Collaborate with senior leadership to embed resilience principles into business and technology processes
  • Stay ahead of emerging risks, regulatory changes, and threat landscapes to refine and enhance resilience strategies
  • Oversee the development and execution of the bank’s incident management framework, ensuring rapid response and recovery from information security and technology incidents
  • Lead and design tabletop exercises and simulations to test cyber incident response and business recovery capabilities
  • Coordinate with internal and external stakeholders (e.g., regulators, law enforcement, third-party service providers) during cyber events
  • Ensure integration of cyber resilience into broader enterprise risk management and IT security functions
  • Develop and maintain enterprise-wide business continuity and disaster recovery plans, ensuring readiness to sustain critical business operations during disruptions
  • Conduct regular BC/DR testing, audits, and training sessions to validate effectiveness and improve preparedness
  • Fulltime
Read More
Arrow Right

Global Chief Information Security Officer

The Global Chief Information Security Officer (GCISO) will lead Allied Universal...
Location
Location
United States , Irvine
Salary
Salary:
275000.00 - 350000.00 USD / Year
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in computer science, Information Technology, cybersecurity, or a related field
  • Minimum of fifteen (15) years of progressive experience in cybersecurity
  • Minimum of seven (7) years in a senior management role in an information security function
  • Experience in managing, responding to, and mitigating cyber incidents
  • Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements
  • Hands-on cyber incident response coordination and oversight experience
  • Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.)
  • Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance
  • Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges
  • Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams
Job Responsibility
Job Responsibility
  • Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal's business objectives
  • Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company's diverse global operations
  • Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions
  • Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement
  • Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities
  • Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts
  • Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value
  • Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies
  • Coordinate, develop, and implement programs designed to train Allied Universal's workforce regarding the company's cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats
  • Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company's cybersecurity posture as appropriate
What we offer
What we offer
  • Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance
  • Eight paid holidays annually, five sick days, and four personal days
  • Executive Flex Vacation Plan
  • Fulltime
Read More
Arrow Right

Global Chief Information Security Officer

The Global Chief Information Security Officer (GCISO) will lead Allied Universal...
Location
Location
United States , Irvine
Salary
Salary:
275000.00 - 350000.00 USD / Year
aus.com Logo
Allied Universal®
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in computer science, Information Technology, cybersecurity, or a related field
  • Minimum of fifteen (15) years of progressive experience in cybersecurity
  • Minimum of seven (7) years in a senior management role in an information security function
  • Experience in managing, responding to, and mitigating cyber incidents
  • Experience or familiarity with government contracting and public and private company cybersecurity reporting requirements
  • Hands-on cyber incident response coordination and oversight experience
  • Expertise in risk-based frameworks (NIST CSF, ISO 27001, SOC 2, CMMC, NIST 800-171) and familiarity with applicable regulatory regimes (SEC, GDPR, state breach laws, etc.)
  • Proven ability to engage with CEO, Board of Directors, and Executive Team on cybersecurity strategy and governance
  • Ability to operate effectively as both strategist and practitioner, a player-coach who drives global cybersecurity direction while engaging hands-on to guide, mentor, and resolve complex technical and operational challenges
  • Strong leadership skills as well as the ability to work and communicate (verbal, written, and interpersonal) effectively with other leadership and their teams
Job Responsibility
Job Responsibility
  • Develop and execute a global, risk-based cybersecurity strategy and program aligned with Allied Universal's business objectives
  • Establish, communicate, and oversee governance of enterprise-wide cybersecurity policies, standards, and controls that are appropriate for the company's diverse global operations
  • Lead, mentor and manage Regional Cybersecurity Leaders to promote consistency, accountability, and operational effectiveness across all regions
  • Define and monitor key risk indicators, cybersecurity metrics, and maturity objectives to inform executive decision-making and drive ongoing program improvement
  • Oversee global monitoring, detection, and response capabilities that provide 24×7 visibility into potential cyber risks and support timely containment activities
  • Identify and assess emerging threats, technologies, and vulnerabilities to support informed planning and risk mitigation efforts
  • Provide recommendations regarding cybersecurity investments and resource allocation, helping prioritize efforts based on risk, business impact, and value
  • Foster a culture of cybersecurity awareness, ownership, and accountability across all functions and geographies
  • Coordinate, develop, and implement programs designed to train Allied Universal's workforce regarding the company's cybersecurity requirements, including applicable cybersecurity laws and requirements and responding to evolving cybersecurity threats
  • Evaluate emerging threats and vulnerabilities, driving continuous improvement of the company's cybersecurity posture as appropriate
What we offer
What we offer
  • Medical, dental, vision, supplemental income plan with a company match, basic life, AD&D, and disability insurance
  • Eight paid holidays annually, five sick days, and four personal days
  • Executive Flex Vacation Plan
  • annual bonus
  • equity package
  • Fulltime
Read More
Arrow Right

Information Security Officer

Klohn Crippen Berger is seeking an experienced and strategic Information Securit...
Location
Location
Canada , Vancouver
Salary
Salary:
110000.00 - 130000.00 CAD / Year
klohn.com Logo
Klohn Crippen Berger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Computer Science, Information Security, Business Administration, or a related field
  • Minimum 7 years of experience in cybersecurity or information risk management, including 5 years in a leadership role
  • Relevant certifications (e.g., CISSP, CISM, or similar) are considered an asset
  • Strong knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements
  • Strong knowledge of cybersecurity technologies, identity and access management, network security, and cloud security (e.g., Azure, AWS)
  • Deep understanding of secure software development lifecycles, data classification, and regulatory compliance
  • Experience leading teams and managing performance, development, and recruitment
  • Ability to manage multiple priorities in a fast-paced, evolving environment
  • Strong communication skills with the ability to translate complex security topics into business impact terms for technical and non-technical stakeholders
  • Proven ability to handle sensitive, complex, and confidential matters with sound judgment and discretion
Job Responsibility
Job Responsibility
  • Lead the development and execution of KCB’s cybersecurity strategy and operating model
  • Oversee security governance, including policies, standards, and compliance activities
  • Design and deliver cybersecurity awareness and training programs
  • Identify vulnerabilities through regular risk assessments and audits, and implement mitigation plans across infrastructure, applications, and cloud services
  • Identify, assess, and report on cybersecurity, IT, and regulatory risks to information assets
  • Establish and maintain security policies, standards, and procedures to comply with applicable frameworks such as ISO/IEC 27001, NIST, and GDPR
  • Establish resilience standards aligned with enterprise risk and business continuity objectives
  • Lead second-line assurance functions, including audits and control effectiveness reviews
  • Direct and coordinate incident detection and response procedures, including investigation, escalation, remediation, and post-mortem analysis
  • Develop and manage incident response and recovery plans to ensure business continuity
What we offer
What we offer
  • Hybrid work opportunities
  • Annual performance and salary review
  • Vacation policy that aligns with your experience
  • Flexible benefits, including Registered Savings Plan, social, and mental well-being initiatives
  • Commitment to global Environmental Social Governance standards
Read More
Arrow Right

Chief Information Security Officer

Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s/Master’s degree in Information Security, Computer Science, Engineering, or related field from a reputable university
  • 12-15+ years of progressive experience in information security, cybersecurity, or technology risk roles, preferably in banking or financial services
  • Strong knowledge of Central Bank of Egypt cybersecurity frameworks, digital banking guidelines, and financial-sector regulations
  • Deep understanding of security technology, network security, IAM, application security, and SOC operations
  • Experience overseeing incident response, security architecture, and enterprise-wide risk management
  • Professional certifications preferred (CISSP, CISM, CRISC, CCSP or equivalent)
  • Strong knowledge of international standards like ISO 27001/27002 and global best practices for financial data protection
  • Strong leadership, communication, and stakeholder management skills with the ability to influence senior executives and steer enterprise-level decisions
Job Responsibility
Job Responsibility
  • Define and execute the bank’s enterprise information security strategy in alignment with the business and regulatory requirements
  • Establish security governance frameworks, policies, and standards across all technology and business functions
  • Oversee cybersecurity programs including threat detection, incident response, vulnerability management, and security operations
  • Lead enterprise-wide technology risk management, ensuring effective identification, assessment, and mitigation of risks
  • Ensure full compliance with Central Bank of Egypt cybersecurity mandates, digital banking requirements, and data protection regulations
  • Develop and manage the Cloud Security Architecture (e.g., AWS, Azure) strategy, ensuring secure configuration and compliance for all digital infrastructure
  • Establish Security Metrics and Key Risk Indicators (KRIs) for regular reporting to the Board and Executive Committee, demonstrating the effectiveness of the security program
  • Implement and govern API Security standards and best practices to protect data exchange within the digital ecosystem and external partners
  • Formally manage and sign off on outsourcing security agreements (third-party risk) to meet specific CBE requirements for external service providers
  • Coordinate internal and external audits, penetration tests, and security assessments
Read More
Arrow Right