Full-Time
Cybersecurity Governance
Risk, Compliance
Posted on 9/30/2025
Wind River
1,001-5,000 employees
Real-time OS and embedded software solutions
Compensation Overview
$120k - $210.2k/yr
Boston, MA, USA
Hybrid
Must reside in Greater Boston area; on-site attendance required 3 days per week.
US Top Secret Clearance Required
 IT & Security (1) |
|---|
- 7–10+ years of cybersecurity risk, compliance, audit, or GRC program experience.
- Experience managing or contributing to ISO 27001, NIST 800-171, SOX, GDPR, or TISAX efforts.
- Proficiency with GRC platforms and internal controls execution.
- Strong writing and documentation skills.
- Must reside in Greater Boston area with ability to be present on site at least 3 days/weekly.
- United States Citizenship required
- Lead execution of GRC programs across Aptiv and Wind River, including control maintenance, risk register updates, and audit readiness.
- Maintain documentation, controls, and audit-ready evidence for ISO 27001, NIST 800-171, TISAX, SOX, NIS2, CMMC and GDPR across both Aptiv and Wind River, incorporating new regulatory or customer requirements as they arise.
- Administer GRC tooling (ZenGRC, AuditBoard, ServiceNow), ensuring accuracy, auditability, and workflow continuity.
- Manage internal risk exceptions, maturity roadmaps, and control owners’ engagement.
- Provide daily operational support to maintain compliance posture and support regulatory assessments.
- Own documentation and execution for business impact assessments (BIAs), continuity planning, and tabletop exercises.
- Coordinate resilience planning with cross-functional partners including IT, Facilities, Cyber Defense, and Legal.
- Maintain continuity playbooks, incident response records, and recovery planning materials.
- Provide execution support for Wind River’s third-party risk assessments, evidence collection, and remediation tracking.
- Execute and drive enforcement of cybersecurity right-to-audit clauses with vendors and partners.
- Review and provide redlines on cybersecurity and compliance sections of both buy-side and sell-side contracts.
- Collaborate with the Aptiv TPRM Manager to align vendor risk governance across both companies.
- Help coordinate Wind River’s cybersecurity awareness campaigns, mandatory training compliance, and role-based content support.
- Lead evidence preparation and walkthroughs for external audits, customer assessments, and internal audit reviews.
- Maintain and update System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and customer documentation requests.
- Coordinate audit response activities across control owners, internal SMEs, and external parties.
- Support cybersecurity onboarding and governance alignment for newly acquired companies.
- Assist with Transitional Services Agreements (TSA) by managing control design, evidence preparation, and GRC tooling integration.
- Track risks and compliance issues related to integration timelines, especially where inherited entities lack cybersecurity maturity.
- Support Director-led strategic initiatives through dependable execution and documentation follow-through.
- Work closely with Architecture, Legal, Product Security, and external vendors to manage dependencies and unblock progress.
- Escalate capacity or clarity issues early to avoid unnecessary risk acceptance or execution gaps.
- Experience working in a multi-entity environment or during M&A integration.
- Familiarity with SBOM, secure SDLC, vendor risk workflows, and cybersecurity awareness campaigns.
- CISA, CISSP, CISM, ISO Lead Auditor, or similar certification preferred.
- Strong stakeholder management and execution discipline across matrixed teams.
Wind River provides embedded systems software platforms for mission-critical industries. Its products include VxWorks RTOS for deterministic real-time performance, Wind River Linux as a configurable Linux-based OS, plus development tools and compilers to build and optimize software, with security updates and services. It differentiates itself with an end-to-end embedded software stack and a long track record in aerospace/defense, emphasizing safety, security, and bounded performance. Its goal is to help customers design, deploy, and maintain reliable, secure embedded systems for critical applications.
Company Size
1,001-5,000
Company Stage
Acquired
Total Funding
$5.2B
Headquarters
Alameda, California
Founded
1981
Simplify's Take
What believers are saying
- Vodafone partnership deploys AI-RAN on Open RAN in 2026.
- AMD collaboration unifies O-RAN and AI-RAN on EPYC CPUs.
- Hyundai Rotem adopts Studio for software-defined rail CI/CD.
What critics are saying
- Aptiv diverts resources to automotive, eroding aerospace VxWorks share.
- Zephyr RTOS undercuts VxWorks licensing in IoT by 2027.
- BlackBerry QNX captures Hyundai Mobis SDV deals via BMW partnerships.
What makes Wind River unique
- VxWorks RTOS powers mission-critical systems since 1987.
- Wind River Studio enables cloud-native development for edge-to-cloud.
- Helix Virtualization Platform consolidates safety-certified workloads.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Health Insurance
Dental Insurance
Life Insurance
Disability Insurance
401(k) Company Match
Hybrid Work Options
Flexible Work Hours
Mental Health Support
Professional Development Budget
Company News
Wind River and Vodafone test AI-RAN automation to manage growing Open RAN complexity. Last updated: March 16, 2026 10:32 am Published March 16, 2026 Wind River and Vodafone introduced a collaboration to operationalize AI-RAN for Open RAN Networks showcased at MWC Barcelona 2026 earlier this month. AI-RAN transforms the anomaly detection from hours lengthy to minutes, permitting for autonomous community operation based mostly on reside community conduct. "Open RAN basically modifications how networks are constructed; AI-RAN modifications how they're operated," remarked Paul Miller, CTO, Wind River. "Operators are shifting from static infrastructure to dynamic, software-defined environments the place complexity grows quicker than human operators can handle. Our collaboration with Vodafone demonstrates how AI-RAN can flip operational information into steady intelligence, enabling networks that detect points earlier, adapt quicker, and transfer nearer to autonomous operation. Collectively, we're displaying how AI-RAN can change into the operational spine of next-generation telecom infrastructure." The answer is powered by Vodafone's O-Cloud platform mixed with its 5G community, and Wind River Cloud Platform for real-time analytics and predictive decision of points. The partnership is geared to chop operational bills, improve service reliability, and deal with the expansion of bigger and distributed networks with out comparable will increase in human capital. AI-RAN replaces reactive troubleshooting with proactive and autonomous community administration, optimizing telecom infrastructure efficiency. The joint answer demonstrates that AI-RAN is now a deployable functionality, addressing the telecom business's want for operational scalability. Late final yr Vodafone expanded Open RAN rollout in Europe with Wind River's cloud platform. Associated. 5G networks | AI-RAN | community automation | Open RAN | telecom infrastructure | Vodafone | Wind River
Wind River, an Aptiv company, is collaborating with AMD to deliver what it claims is the industry's first commercially available platform unifying open radio access network functions and AI-powered RAN workloads on shared hardware. The solution combines AMD EPYC CPUs with Wind River Cloud Platform. The platform addresses operators' infrastructure challenges by enabling virtualized RAN functions and AI inference to run side by side, eliminating the need for separate systems that can double capital costs. It supports real-time AI capabilities including traffic prediction, anomaly detection and energy optimisation at the network edge. The jointly engineered solution features automated lifecycle management across thousands of distributed sites and allows operators to add AI capabilities without hardware replacement. Live demonstrations are available at MWC Barcelona 2026.
Wind River and Vodafone are collaborating to operationalise AI-RAN for Open RAN networks, with the joint solution being showcased at MWC Barcelona from 2–5 March. The solution continuously ingests telemetry streams across RAN and cloud layers, using AI models to detect deviations, predict issues and guide remediation before customer experience is affected. Built on Vodafone's 5G network and Wind River Cloud Platform with Wind River Analytics, it processes over 70TB of network data weekly. The technology reduces anomaly detection time from hours to minutes and enables operators to manage larger Open RAN networks without proportional increases in operational costs. The collaboration demonstrates AI-RAN's shift from future concept to deployable operational capability for autonomous network management.
Intel's and Wind River's roles in Vodafone's European Open RAN rollout. Jan 21, 2026 Embed Transcript Sponsored by Cristina Rodriguez, Intel Corporation & Nastasi Karaiskos, Wind River. In this interview from Fyuz 2025 in Dublin, Cristina Rodriguez of Intel and Nastasi Karaiskos of Wind River share their companies' roles in Vodafone's European Open RAN rollout. They discuss the significance of deploying open and virtualised network architectures, the impact of Intel's Xeon 6 system-on-chip (SoC) with built-in AI, and Wind River's focus on network optimisation and sustainability. Featuring: * Cristina Rodriguez, VP Network & Edge Group, Intel Corporation * Nastasi Karaiskos, VP Global Sales, Telecom, Wind River Recorded November 2025
Wind River & Hyundai Rotem partner to transform rail software development. Press Release, 13 November 2025 Wind River, a leader in edge-software for mission-critical systems, has announced a significant collaboration with Hyundai Rotem aimed at modernising its rail-system development environment. Over decades of partnership (Hyundai Rotem has been a Wind River - VxWorks customer for around 30 years), the two firms are now moving toward a cloud-native, software-defined approach that promises faster development, improved automation and increased agility. Under the deal, Hyundai Rotem will adopt Wind River's Studio Developer platform and Cloud Platform infrastructure, enabling use of modern DevOps practices like continuous integration/continuous deployment (CI/CD) and cloud-native deployment. Meanwhile, Wind River's real-time operating system VxWorks will continue to power Hyundai Rotem's safety-certified signalling and train-control systems. This hybrid architecture supports both legacy safety workloads and newer, agile applications - critical in the transportation environment where reliability and security are non-negotiable. The move signals Hyundai Rotem's shift toward software-defined rail systems - a transformation expected to reduce time-to-market, cut costs and bolster innovation across its rail-vehicle and smart-logistics portfolios. At the same time, Wind River gains a strong reference in rail and smart-mobility, reinforcing its position in the intelligent-transportation ecosystem.