Security Compliance Manager

Security Compliance Manager

Locations: Boston, MA | NY, NY |Almeda, CA

Aptiv is a global technology company that develops safe, green, and connected solutions that enable the future of mobility. The company has over 180,000 total employees and operates 12 major technical centers and 126 manufacturing locations in 44 countries. Geographically diversified, with revenues in North America representing roughly 35% of total revenues, Europe representing 34%, Asia Pacific 30%, and South America representing 1% of total revenues. As a technology company, approximately 18,200 of our 24,000 salaried employees are engineers. Our salaried workforce has the following breakdown regionally: 25% in North America, 46% in Europe, and 27% in Asia Pacific.

Your Role

The Security Compliance Manager at Aptiv will excel in a dynamic and ever-changing environment, demonstrating adaptability, flexibility, and proactive initiative. This role focuses on continuously monitoring and improving an established security compliance program, ensuring it meets U.S. federal, global, and industry specific security requirements and standards. The manager will collaborate closely with the Primary Security Officer and cross-functional teams.

The Security Compliance Manager will play a vital role in aligning security objectives with broader business goals, effectively communicating progress and potential challenges to stakeholders at various levels. Responsibilities include ensuring compliance with relevant regulations and standards, conducting risk assessments, monitoring controls, developing and implementing security policies and procedures, and overseeing security audits and assessments. The ideal candidate will bring experience in managing a range of security compliance tasks and embrace the exciting challenge of contributing to Aptiv's innovative projects within the automotive and technology sectors. Effective interaction with team members at all levels while upholding a high standard of professionalism is a key aspect of this role.

Your day to day will consist of the following:

• Collaborate closely with the Primary Security Officer to implement and operationalize people, process, and technology policy changes required for compliance with applicable regulations and standards.

• Assist in the continuous improvement of the Security Plan and associated plans, ensuring understanding and implementation of outlined procedures by working with cross-functional stakeholder groups.

• Support the Primary Security Officer in writing the Audit Plan, identifying compliance records from the Security Plan and other plans, and maintaining necessary compliance documentation.

• Ensure the Security Plan components are monitored, including (but not limited to) the Software Assurance Plan for Covered Products, Vendor Review Plan for Covered Products, Software Bill of Materials (SBOM) report, vulnerability testing process enhancements, software development process threat-mitigation techniques and supply chain vendor contract review process.

• Assist in executing a change management program to raise awareness among cross-functional stakeholders about policy changes and their impact.

• Support the implementation of a training program to prepare personnel for compliance with the requirements outlined in the Security Plan.

• Collaborate with the Primary Security Officer to address security-related issues or concerns and provide recommendations for improvement.

• Stay updated on relevant security regulations, industry best practices, and emerging threats to ensure ongoing compliance and security effectiveness.

• Assist in conducting security assessments, audits, and risk assessments as required.

• Collaborate with Primary Security Officer to connect internal teams and external partners and ensure effective implementation of security measures aligned with organizational goals.

• Support incident response and investigation efforts, working closely with the Primary Security Officer and other stakeholders.

• Maintain documentation and records related to security policies, procedures, and compliance activities.

• Assist in development/implementation of security awareness and training programs.

• Stay informed about the latest security technologies and solutions, making recommendations for their adoption when appropriate.

• Collaborate with IT and other departments to ensure security controls are integrated into systems and processes.

• Assist in development/maintenance of security incident response plans/procedure.

• Participate in security-related meetings, committees, and working groups as required.

• Support the Primary Security Officer in deploying, managing and coordinating cross-functional compliance training program.

• Provide regular updates and reports to the Primary Security Officer on security-related activities, compliance status, and any identified risks or issues.

Your Background

Key ingredients for succeeding in this role are your:

• Proven experience (5+ years) in an information security GRC role or a related area such as information security conformity assessments and auditing.

• U.S. Citizen

• Currently reside in/or willingness to relocate to Almeda, CA, NY, NY or Boston, MA for daily in-office work schedule

• Domain expertise in FISMA, FedRAMP, NIST SP 800-53, NIST SP 800-171, and working knowledge of the DoD Cybersecurity Maturity Model Certification (CMMC) with SSP, SAP, and PO&AM development experience.

• High level of judgment and discretion related to sensitive and confidential information and experience handling attorney-client privileged information.

• Strong interpersonal and communication skills (both verbal and written).

• Self-starter; demonstrates resourcefulness with proven ability to anticipate needs and manage multiple tasks.

• Flexible "can do" attitude; able to adapt and reprioritize to shifting or competing priorities.

• Strong organizational skills and attention to detail.

• Motivated by working in a fast-paced, dynamic environment.

• Stays current on and easily adopts new technology.

• Ability to work under pressure and meet deadlines.

• Ability to work independently and as part of a team.

Preferred Qualifications

• Understanding of the software development lifecycle (SDLC)

• Familiar with supply chain and vendor management

• Familiar with vulnerability testing

• Experience designing and implementing broad stakeholder change management

• Previous experience at a global organization, working with a dispersed team

• Good understanding of corporate governance and related policies and procedures

• Proficiency in Microsoft Office Suite, Microsoft Power BI, and SharePoint

• Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA)

Why join us?

• You can grow at Aptiv. Aptiv provides an inclusive work environment where all individuals can grow and develop, regardless of gender, ethnicity or beliefs.

• You can have an impact. Safety is a core Aptiv value; we want a safer world for us and our children, one with: Zero fatalities, Zero injuries, Zero accidents.

• You have support. We ensure you have the resources and support you need to take care of your family and your physical and mental health with a competitive health insurance package.

Your Benefits at Aptiv:

• Private health care effective day 1 of employment

• Life and accident insurance

• Paid Time Off (Holidays, Vacation, Designated time off, Parental leave)

• Relocation assistance may be available

• Learning and development opportunities

• Discount programs with various manufacturers and retailers

• Recognition for innovation and excellence

• Opportunities to give back to the community

• Tuition Reimbursement

• Adoption Assistance

• Fertility Coverage

Apply today, and together let's change tomorrow!

Pay transparency

• Salary range of $135k - $190k

Privacy Notice

• Active Candidates: https://www.aptiv.com/privacy-notice-active-candidates

Aptiv is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other characteristic protected by law.