Sr InfoSec Compliance & Risk Analyst

About The Position

Requirements

• 5 years of experience in cybersecurity, with a strong emphasis on governance, risk, and compliance (GRC).
• Bachelor’s degree in Cybersecurity, Information Technology, Business, or a related field.
• Strong knowledge of regulatory frameworks and standards (e.g., NIST, ISO, GDPR, NIS2, CMMC).
• Excellent interpersonal skills and the ability to engage with diverse teams across all levels of the organization.
• Experience with GRC tools and platforms.
• Demonstrated success in communicating and promoting security initiatives.
• Self-starter with strong problem-solving skills and a proactive mindset.
• Possess a working knowledge of information security and IT best practices.

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, CGRC, FAIR or similar are highly desirable.
• Project management skills.
• Understand Information Security risk quantification practices.

Responsibilities

• Lead and manage security compliance initiatives across the organization (e.g., ISO 27001, SOC 2, NIST CSF, CMMC, NIST AI RMF, etc.), including audit readiness, external certifications, and ongoing control maintenance.
• Aid in the ongoing development of Waters GRC program by supporting and advancing Waters IT compliance efforts.
• Assist our IT organization by determining appropriate security measures in guiding the enterprise in implementing technical, operational and administrative controls throughout Waters IT ecosystem.
• Coordinate the maintenance and development of Waters IT security documentation (policies, standards, architectures, designs, procedures, and guidelines), ensuring change control and document availability.
• Contribute to the administration of Waters Information Security Management System.
• Collaborate with internal stakeholders to ensure security policies and procedures are understood and followed.
• Aid in monitoring regulatory changes and emerging risks; advise leadership on potential impacts and required actions.
• Develop and deliver security awareness and compliance training programs.
• Prepare and support internal and external audits, including evidence collection and response coordination.
• Respond to security questionnaires and demonstrate IT compliance with security frameworks.
• Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.
• Participate in Waters’ third-party risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.
• Participate in reporting on Security risk to IT senior leadership and other key organizational stakeholders.
• Maintain and improve the organization’s risk register and treatment plans.
• Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.