Sr. Analyst, Cybersecurity Risk & Compliance

Aversan Inc. (www.aversan.com ) is a trusted multi-service engineering and electronics manufacturing company. Aversan delivers leading-edge and reliable safety-critical electronics and software systems to the aerospace, defense, and space industries.

We are seeking a Senior Analyst, Cybersecurity Risk & Compliance. to support and help lead the Risk & Compliance function, with a primary focus on maintaining our ISO 27001 certification and supporting our obligations on NIST 800-171. The right candidate will support Risk and Compliance program, which includes Governance Risk and Compliance (GRC), and Third-Party Risk Management (TPRM), bring structure to our processes, and help stabilize and scale the function

Key Responsibilities:

• Contribute to all ISO 27001 activities, including internal audit readiness, external recertification, and ongoing control maintenance.
• Support NIST 800-171 compliance efforts, including maintenance of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and gap assessments.
• Have working knowledge and able support GDPR, NIST CSF, CMMC, TISAX, ITAR, and AI related compliance as well as the ability to gain knowledge on future certification and regulation requirements.
• Assist in engagement with government compliance stakeholders and maintain awareness of requirements.

• Maintain the Risk Register and track mitigation progress across all functional areas.
• Coordinate the Security Exception process, ensuring proper documentation, approvals, and governance.
• Including vendor assessments, reviews, remediation follow-up, and monitoring.
• Write and update policy and standards and provide governance, oversight, and assurance.
• Administer GRC/TPRM tooling (ZenGRC) and ensure evidence management and workflows are maintained and audit-ready. Have an understanding or ability to use ServiceNow and AuditBoard risk management products.

• Prepare audit documentation and assist with responses for internal and external audits.
• Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, and program updates.
• Support customer assurance efforts related to ISO, NIST, and general cyber compliance.
• Lead internal audits and assessments

• Help implement scalable, repeatable governance processes for policy and standard creation and lifecycle management.
• Assist in developing compliance procedures, checklists, and review frameworks.
• Support workflows for User Access Reviews (UAR), TPRM, and continuous monitoring.

• Work cross-functionally with Aptiv Cybersecurity, IT, Legal, HR, and Engineering, across Aptiv, HellermannTyton, Winchester, and Intercable.
• Support communication and coordination with external auditors and internal stakeholders (including Primary Security Officer, Aptiv Legal, WR and Aptiv leadership).
• Support Cybersecurity Training

Basic Qualifications:

• 5+ years of cybersecurity, compliance, or GRC experience
• Familiarity with ISO 27001, NIST 800-171, and enterprise GRC operations
• Strong writing skills, with experience contributing to SSPs and POA&Ms
• Working knowledge of ZenGRC or similar tools
• Demonstrated ability to work across matrixed teams
• Experience with customer audit responses and regulatory compliance

• Experience supporting government-mandated compliance frameworks
• Involvement in ISO 27001 recertification efforts or similar standards
• Experience with third-party risk tools (e.g., BlueVoyant, BitSight)
• U.S. citizenship required due to regulatory requirements