Favorites ()

Recent Searches

loading
Favorite Favorite

Senior Analyst, Cybersecurity Risk & Compliance

Alameda, CA

Order: 19587
Temp

Senior Analyst, Cybersecurity Risk & Compliance

Key Responsibilities:

 

Regulatory & Standards Support:

  • Contribute to all ISO 27001 activities, including internal audit readiness, external recertification, and ongoing control maintenance.

  • Support NIST 800-171 compliance efforts, including maintenance of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and gap assessments.

  • Have working knowledge and able support GDPR, NIST CSF, CMMC, TISAX, ITAR, and AI related compliance as well as the ability to gain knowledge on future certification and regulation requirements.

  • Assist in engagement with government compliance stakeholders and maintain awareness of requirements.

 

Risk & Compliance Operations Governance Risk and Compliance (GRC) and Third-Party Risk Management (TPRM):

  • Maintain the Wind River Risk Register and track mitigation progress across all functional areas.

  • Coordinate the Security Exception process, ensuring proper documentation, approvals, and governance.

  • Including vendor assessments, reviews, remediation follow-up, and monitoring.

  • Write and update policy and standards and provide governance, oversight, and assurance.

  • Administer GRC/TPRM tooling (ZenGRC) and ensure evidence management and workflows are maintained and audit-ready. Have an understanding or ability to use ServiceNow and AuditBoard risk management products.

 

Audit & Customer Response:

  • Prepare audit documentation and assist with responses for internal and external audits.

  • Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, and program updates.

  • Support customer assurance efforts related to ISO, NIST, and general cyber compliance.

  • Lead internal audits and assessments against Wind River.

 

Program Execution & Scalability:

  • Help implement scalable, repeatable governance processes for policy and standard creation and lifecycle management.

  • Assist in developing compliance procedures, checklists, and review frameworks.

  • Support workflows for User Access Reviews (UAR), TPRM, and continuous monitoring.

 

Collaboration:

  • Work cross-functionally with Aptiv Cybersecurity, IT, Legal, HR, and Engineering, across Aptiv, HellermannTyton, Winchester, and Intercable.

  • Support communication and coordination with external auditors and internal stakeholders (including Primary Security Officer, Aptiv Legal, WR and Aptiv leadership).

  • Support Cybersecurity Training at Wind River.

 

Required Qualifications:

  • 5+ years of cybersecurity, compliance, or GRC experience

  • Familiarity with ISO 27001, NIST 800-171, and enterprise GRC operations

  • Strong writing skills, with experience contributing to SSPs and POA&Ms

  • Working knowledge of ZenGRC or similar tools

  • Demonstrated ability to work across matrixed teams

  • Experience with customer audit responses and regulatory compliance

  • U.S. citizenship required due to regulatory requirements

 

Preferred Qualifications:

  • Experience supporting government-mandated compliance frameworks

  • Involvement in ISO 27001 recertification efforts or similar standards

  • Experience with third-party risk tools (e.g., BlueVoyant, BitSight)

  • Familiarity with Wind River or embedded systems companies is a plus

Skills:

Favorite Favorite