Overview:
Waters is seeking a driven and experienced Sr. Information Security Compliance and Risk Analyst to lead and advance our enterprise-wide GRC program, ensuring our security posture remains resilient, audit-ready, and aligned with industry-leading frameworks such as ISO 27001, SOC 2, NIST CSF, and CMMC. In this high-impact role, you will own risk assessments, compliance initiatives, conduct interal audits within the IT organization, and third-party vendor evaluations while partnering with cross-functional stakeholders to embed a culture of risk aware security accountability across the organization. You will serve as a trusted advisor to IT leadership, translating complex regulatory requirements and emerging threats into clear, actionable strategies that protect our business and our customers. If you bring 5+ years of cybersecurity and GRC expertise, a sharp analytical mindset, and a passion for building world-class security programs, we want to hear from you - certifications like CISSP, CISM, or CRISC are a strong plus.
Responsibilities:
Information Security Governance & Risk Management:
* Lead and manage security compliance initiatives across the organization (e.g., ISO 27001, SOC 2, NIST CSF, CMMC, NIST AI RMF, etc.), including audit readiness, external certifications, and ongoing control maintenance.
* Aid in the ongoing development of Waters GRC program by supporting and maturing Waters Corporate IT compliance efforts.
* Assist our IT organization by determining appropriate security measures and by guiding the enterprise in implementing technical, operational and administrative controls throughout Waters IT ecosystem.
* Coordinate in maintaining and developing Waters IT security documentation (policies, standards, architectures, designs, procedures, and guidelines), ensuring change control and document availability.
* Contribute to the administration of Waters Information Security Management System.
* Collaborate with internal stakeholders to ensure security policies and procedures are understood and followed.
* Aid in monitoring regulatory changes and emerging risks; advise leadership on potential impacts and required actions.
* Develop and deliver security awareness and compliance training programs.
Audit & Customer Response
* Prepare and support internal and external audits, including evidence collection and response coordination.
* Support responding to security questionnaires and demonstrating IT compliance with security frameworks.
* Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.
Governance Risk and Compliance Operations (GRC):
* Participate in Waters third party risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.
* Participate in measuring and reporting on Security risk to IT senior leadership and other key organizational stakeholders.
* Maintain and improve the organization's risk register and compliance documentation.
* Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.
* Support third-party risk management by assessing vendor security practices and compliance.
Qualifications:
Required Minimum:
* 5 years of experience in cybersecurity, with a strong emphasis on governance, risk, and compliance (GRC).
* Bachelor's degree in Cybersecurity, Information Technology, Business, or a related field.
* Strong knowledge of regulatory frameworks and standards (e.g., NIST, ISO, GDPR, NIS2, CMMC).
* Excellent interpersonal skills and the ability to engage with diverse teams across all levels of the organization.
* Experience with GRC tools and platforms.
* Demonstrated success in communicating and promoting security initiatives.
* Self-starter with strong problem-solving skills and a proactive mindset.
* Have a working knowledge of information security and IT best practices.
Preferred:
* Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
* Project management skills.
* Understanding Information Security risk quantification practices.
Share this job:
Share this Job
