Sr InfoSec Compliance & Risk Analyst

This role will help lead enterprise-wide information security governance, risk, and compliance initiatives, which align to frameworks such as ISO 27001, SOC 2, NIST CSF, and CMMC. This role drives audit readiness, risk assessments, and third-party vendor reviews while maintaining security documentation and supporting the organization’s GRC program. The analyst collaborates with stakeholders to implement robust security controls, monitor regulatory changes, and deliver awareness training to strengthen the organization’s security posture.

Information Security Governance, Compliance, & Risk Management:

• Lead and manage security compliance initiatives across the organization (e.g., ISO 27001, SOC 2, NIST CSF, CMMC, NIST AI RMF, etc.), including audit readiness, external certifications, and ongoing control maintenance.
• Aid in the ongoing development of Waters GRC program by supporting and advancing Waters IT compliance efforts.
• Assist our IT organization by determining appropriate security measures in guiding the enterprise in implementing technical, operational and administrative controls throughout Waters IT ecosystem.
• Coordinate the maintenance and development of Waters IT security documentation (policies, standards, architectures, designs, procedures, and guidelines), ensuring change control and document availability.
• Contribute to the administration of Waters Information Security Management System.
• Collaborate with internal stakeholders to ensure security policies and procedures are understood and followed.
• Aid in monitoring regulatory changes and emerging risks; advise leadership on potential impacts and required actions.
• Develop and deliver security awareness and compliance training programs.

Audit & Customer Response

• Prepare and support internal and external audits, including evidence collection and response coordination.
• Respond to security questionnaires and demonstrate IT compliance with security frameworks.
• Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.

 Risk Assessment and Quantification:

• Participate in Waters’ third-party risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.
• Participate in reporting on Security risk to IT senior leadership and other key organizational stakeholders.
• Maintain and improve the organization’s risk register and treatment plans.
• Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.

Required Minimum:

• 5 years of experience in cybersecurity, with a strong emphasis on governance, risk, and compliance (GRC).
• Bachelor’s degree in Cybersecurity, Information Technology, Business, or a related field.
• Strong knowledge of regulatory frameworks and standards (e.g., NIST, ISO, GDPR, NIS2, CMMC).
• Excellent interpersonal skills and the ability to engage with diverse teams across all levels of the organization.
• Experience with GRC tools and platforms.
• Demonstrated success in communicating and promoting security initiatives.
• Self-starter with strong problem-solving skills and a proactive mindset.
• Possess a working knowledge of information security and IT best practices.

Preferred:

• Professional certifications such as CISSP, CISM, CRISC, CGRC, FAIR or similar are highly desirable.
• Project management skills.
• Understand Information Security risk quantification practices.

Waters Corporation (NYSE:WAT) is a global leader in analytical instruments, separations technologies, and software, serving the life, materials, food, and environmental sciences for over 65 years. Our Company helps ensure the efficacy of medicines, the safety of food and the purity of water, and the quality and sustainability of products used every day. In over 100 countries, our 7,600+ passionate employees collaborate with customers in laboratories, manufacturing sites, and hospitals to accelerate the benefits of pioneering science. 

 

 

 

Diversity and inclusion are fundamental to our core values at Waters Corporation. It benefits our employees, our products, our customers and our community. Waters complies with all applicable federal, state, and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status, or any other characteristic protected by law. Waters is proud to be an equal opportunity workplace and is an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs at the time.

NIST CSF, GRC, Info Sec, Information Security, Cyber Risk Quantification, ISO 27001, NIST AI RMF, NIST 800-37, Vanta, CGRC, FAIR, ISMS, Compliance, Audit, Information Security Controls