Sr InfoSec Compliance & Risk Analyst

About the role

Waters is seeking a driven and experienced Sr. Information Security Compliance and Risk Analyst to lead and advance our enterprise-wide GRC program, ensuring our security posture remains resilient, audit-ready, and aligned with industry-leading frameworks such as ISO 27001, SOC 2, NIST CSF, and CMMC. In this high-impact role, you will own risk assessments, compliance initiatives, conduct interal audits within the IT organization, and third-party vendor evaluations while partnering with cross-functional stakeholders to embed a culture of risk aware security accountability across the organization. You will serve as a trusted advisor to IT leadership, translating complex regulatory requirements and emerging threats into clear, actionable strategies that protect our business and our customers. If you bring 5+ years of cybersecurity and GRC expertise, a sharp analytical mindset, and a passion for building world-class security programs, we want to hear from you - certifications like CISSP, CISM, or CRISC are a strong plus.

Responsibilities

• Information Security Governance & Risk Management:
• Lead and manage security compliance initiatives across the organization (e.g., ISO 27001, SOC 2, NIST CSF, CMMC, NIST AI RMF, etc.), including audit readiness, external certifications, and ongoing control maintenance.
• Aid in the ongoing development of Waters GRC program by supporting and maturing Waters Corporate IT compliance efforts.
• Assist our IT organization by determining appropriate security measures and by guiding the enterprise in implementing technical, operational and administrative controls throughout Waters IT ecosystem.
• Coordinate in maintaining and developing Waters IT security documentation (policies, standards, architectures, designs, procedures, and guidelines), ensuring change control and document availability.
• Contribute to the administration of Waters Information Security Management System.
• Collaborate with internal stakeholders to ensure security policies and procedures are understood and followed.
• Aid in monitoring regulatory changes and emerging risks; advise leadership on potential impacts and required actions.
• Develop and deliver security awareness and compliance training programs.
• Audit & Customer Response
• Prepare and support internal and external audits, including evidence collection and response coordination.
• Support responding to security questionnaires and demonstrating IT compliance with security frameworks.
• Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.
• Governance Risk and Compliance Operations (GRC):
• Participate in Waters third party risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.
• Participate in measuring and reporting on Security risk to IT senior leadership and other key organizational stakeholders.
• Maintain and improve the organization's risk register and compliance documentation.
• Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.
• Support third-party risk management by assessing vendor security practices and compliance.

Requirements

• Required Minimum:
• 5 years of experience in cybersecurity, with a strong emphasis on governance, risk, and compliance (GRC).
• Bachelor's degree in Cybersecurity, Information Technology, Business, or a related field.
• Strong knowledge of regulatory frameworks and standards (e.g., NIST, ISO, GDPR, NIS2, CMMC).
• Excellent interpersonal skills and the ability to engage with diverse teams across all levels of the organization.
• Experience with GRC tools and platforms.
• Demonstrated success in communicating and promoting security initiatives.
• Self-starter with strong problem-solving skills and a proactive mindset.
• Have a working knowledge of information security and IT best practices.
• Preferred :
• Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
• Project management skills.
• Understanding Information Security risk quantification practices.
• Company Description

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Waters? Share your experience