Simplify Logo

Full-Time

Senior Cybersecurity Risk & Compliance Associate

Posted on 9/30/2025

Wind River

Wind River

1,001-5,000 employees

Real-time OS and embedded software solutions

Compensation Overview

$100k - $140k/yr

+ Bonus

Boston, MA, USA + 3 more

More locations: Troy, MI, USA | Alameda, CA, USA | Cupertino, CA, USA

Hybrid

Relocation to Alameda, CA or Boston, MA may be required; on-site three days per week in office.

US Citizenship, US Top Secret Clearance Required

Category
IT & Security (1)
Requirements
  • 5+ years of cybersecurity, compliance, or GRC experience
  • Familiarity with ISO 27001, NIST 800-171, and enterprise GRC operations
  • Strong writing skills, with experience contributing to SSPs and POA&Ms
  • Working knowledge of ZenGRC or similar tools
  • Demonstrated ability to work across matrixed teams
  • Experience with customer audit responses and regulatory compliance
  • U.S. citizenship required due to regulatory requirements
  • Must be a local resident (or willing to relocate to) Alameda, CA or Boston, MA and agree to being on site three days per week in the office.
Responsibilities
  • Regulatory & Standards Support: Contribute to all ISO 27001 activities, including internal audit readiness, external recertification, and ongoing control maintenance.
  • Support NIST 800-171 compliance efforts, including maintenance of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and gap assessments.
  • Have working knowledge and able support GDPR, NIST CSF, CMMC, TISAX, ITAR, and AI related compliance as well as the ability to gain knowledge on future certification and regulation requirements.
  • Assist in engagement with government compliance stakeholders and maintain awareness of requirements.
  • Risk & Compliance Operations Governance Risk and Compliance (GRC) and Third-Party Risk Management (TPRM):
  • Maintain the Wind River Risk Register and track mitigation progress across all functional areas.
  • Coordinate the Security Exception process, ensuring proper documentation, approvals, and governance.
  • Including vendor assessments, reviews, remediation follow-up, and monitoring.
  • Write and update policy and standards and provide governance, oversight, and assurance.
  • Administer GRC/TPRM tooling (ZenGRC) and ensure evidence management and workflows are maintained and audit-ready. Have an understanding or ability to use ServiceNow and AuditBoard risk management products.
  • Audit & Customer Response:
  • Prepare audit documentation and assist with responses for internal and external audits.
  • Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, and program updates.
  • Support customer assurance efforts related to ISO, NIST, and general cyber compliance.
  • Lead internal audits and assessments against Wind River.
  • Program Execution & Scalability:
  • Help implement scalable, repeatable governance processes for policy and standard creation and lifecycle management.
  • Assist in developing compliance procedures, checklists, and review frameworks.
  • Support workflows for User Access Reviews (UAR), TPRM, and continuous monitoring.
  • Collaboration:
  • Work cross-functionally with Aptiv Cybersecurity, IT, Legal, HR, and Engineering, across Aptiv, HellermannTyton, Winchester, and Intercable.
  • Support communication and coordination with external auditors and internal stakeholders (including Primary Security Officer, Aptiv Legal, WR and Aptiv leadership).
  • Support Cybersecurity Training at Wind River.
Desired Qualifications
  • Experience supporting government-mandated compliance frameworks
  • Involvement in ISO 27001 recertification efforts or similar standards
  • Experience with third-party risk tools (e.g., BlueVoyant, BitSight)
  • Familiarity with Wind River or embedded systems companies is a plus
Wind River

Wind River

View
Website

Wind River provides embedded systems software platforms for mission-critical industries. Its products include VxWorks RTOS for deterministic real-time performance, Wind River Linux as a configurable Linux-based OS, plus development tools and compilers to build and optimize software, with security updates and services. It differentiates itself with an end-to-end embedded software stack and a long track record in aerospace/defense, emphasizing safety, security, and bounded performance. Its goal is to help customers design, deploy, and maintain reliable, secure embedded systems for critical applications.

Company Size

1,001-5,000

Company Stage

Acquired

Total Funding

$5.2B

Headquarters

Alameda, California

Founded

1981

Simplify Jobs

Simplify's Take

What believers are saying

  • Vodafone partnership deploys AI-RAN on Open RAN in 2026.
  • AMD collaboration unifies O-RAN and AI-RAN on EPYC CPUs.
  • Hyundai Rotem adopts Studio for software-defined rail CI/CD.

What critics are saying

  • Aptiv diverts resources to automotive, eroding aerospace VxWorks share.
  • Zephyr RTOS undercuts VxWorks licensing in IoT by 2027.
  • BlackBerry QNX captures Hyundai Mobis SDV deals via BMW partnerships.

What makes Wind River unique

  • VxWorks RTOS powers mission-critical systems since 1987.
  • Wind River Studio enables cloud-native development for edge-to-cloud.
  • Helix Virtualization Platform consolidates safety-certified workloads.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Dental Insurance

Life Insurance

Disability Insurance

401(k) Company Match

Hybrid Work Options

Flexible Work Hours

Mental Health Support

Professional Development Budget

Company News

DataCenterNews
Mar 16th, 2026
Wind River and Vodafone test AI-RAN automation to manage growing Open RAN complexity

Wind River and Vodafone test AI-RAN automation to manage growing Open RAN complexity. Last updated: March 16, 2026 10:32 am Published March 16, 2026 Wind River and Vodafone introduced a collaboration to operationalize AI-RAN for Open RAN Networks showcased at MWC Barcelona 2026 earlier this month. AI-RAN transforms the anomaly detection from hours lengthy to minutes, permitting for autonomous community operation based mostly on reside community conduct. "Open RAN basically modifications how networks are constructed; AI-RAN modifications how they're operated," remarked Paul Miller, CTO, Wind River. "Operators are shifting from static infrastructure to dynamic, software-defined environments the place complexity grows quicker than human operators can handle. Our collaboration with Vodafone demonstrates how AI-RAN can flip operational information into steady intelligence, enabling networks that detect points earlier, adapt quicker, and transfer nearer to autonomous operation. Collectively, we're displaying how AI-RAN can change into the operational spine of next-generation telecom infrastructure." The answer is powered by Vodafone's O-Cloud platform mixed with its 5G community, and Wind River Cloud Platform for real-time analytics and predictive decision of points. The partnership is geared to chop operational bills, improve service reliability, and deal with the expansion of bigger and distributed networks with out comparable will increase in human capital. AI-RAN replaces reactive troubleshooting with proactive and autonomous community administration, optimizing telecom infrastructure efficiency. The joint answer demonstrates that AI-RAN is now a deployable functionality, addressing the telecom business's want for operational scalability. Late final yr Vodafone expanded Open RAN rollout in Europe with Wind River's cloud platform. Associated. 5G networks | AI-RAN | community automation | Open RAN | telecom infrastructure | Vodafone | Wind River

Business Wire
Mar 2nd, 2026
Wind River and AMD launch unified O-RAN and AI-RAN platform to cut infrastructure costs

Wind River, an Aptiv company, is collaborating with AMD to deliver what it claims is the industry's first commercially available platform unifying open radio access network functions and AI-powered RAN workloads on shared hardware. The solution combines AMD EPYC CPUs with Wind River Cloud Platform. The platform addresses operators' infrastructure challenges by enabling virtualized RAN functions and AI inference to run side by side, eliminating the need for separate systems that can double capital costs. It supports real-time AI capabilities including traffic prediction, anomaly detection and energy optimisation at the network edge. The jointly engineered solution features automated lifecycle management across thousands of distributed sites and allows operators to add AI capabilities without hardware replacement. Live demonstrations are available at MWC Barcelona 2026.

Business Wire
Feb 27th, 2026
Wind River and Vodafone demonstrate AI-RAN operations for Open RAN networks

Wind River and Vodafone are collaborating to operationalise AI-RAN for Open RAN networks, with the joint solution being showcased at MWC Barcelona from 2–5 March. The solution continuously ingests telemetry streams across RAN and cloud layers, using AI models to detect deviations, predict issues and guide remediation before customer experience is affected. Built on Vodafone's 5G network and Wind River Cloud Platform with Wind River Analytics, it processes over 70TB of network data weekly. The technology reduces anomaly detection time from hours to minutes and enables operators to manage larger Open RAN networks without proportional increases in operational costs. The collaboration demonstrates AI-RAN's shift from future concept to deployable operational capability for autonomous network management.

TelecomTV
Jan 21st, 2026
Intel's and Wind River's roles in Vodafone's European Open RAN rollout

Intel's and Wind River's roles in Vodafone's European Open RAN rollout. Jan 21, 2026 Embed Transcript Sponsored by Cristina Rodriguez, Intel Corporation & Nastasi Karaiskos, Wind River. In this interview from Fyuz 2025 in Dublin, Cristina Rodriguez of Intel and Nastasi Karaiskos of Wind River share their companies' roles in Vodafone's European Open RAN rollout. They discuss the significance of deploying open and virtualised network architectures, the impact of Intel's Xeon 6 system-on-chip (SoC) with built-in AI, and Wind River's focus on network optimisation and sustainability. Featuring: * Cristina Rodriguez, VP Network & Edge Group, Intel Corporation * Nastasi Karaiskos, VP Global Sales, Telecom, Wind River Recorded November 2025

Telematics Wire
Nov 13th, 2025
Wind River & Hyundai Rotem partner to transform rail software development

Wind River & Hyundai Rotem partner to transform rail software development. Press Release, 13 November 2025 Wind River, a leader in edge-software for mission-critical systems, has announced a significant collaboration with Hyundai Rotem aimed at modernising its rail-system development environment. Over decades of partnership (Hyundai Rotem has been a Wind River - VxWorks customer for around 30 years), the two firms are now moving toward a cloud-native, software-defined approach that promises faster development, improved automation and increased agility. Under the deal, Hyundai Rotem will adopt Wind River's Studio Developer platform and Cloud Platform infrastructure, enabling use of modern DevOps practices like continuous integration/continuous deployment (CI/CD) and cloud-native deployment. Meanwhile, Wind River's real-time operating system VxWorks will continue to power Hyundai Rotem's safety-certified signalling and train-control systems. This hybrid architecture supports both legacy safety workloads and newer, agile applications - critical in the transportation environment where reliability and security are non-negotiable. The move signals Hyundai Rotem's shift toward software-defined rail systems - a transformation expected to reduce time-to-market, cut costs and bolster innovation across its rail-vehicle and smart-logistics portfolios. At the same time, Wind River gains a strong reference in rail and smart-mobility, reinforcing its position in the intelligent-transportation ecosystem.

INACTIVE