Sr InfoSec Compliance & Risk Analyst
Not Disclosed•Full-TimeHybrid
location_on58;60, Emmons Street, Milford, Worcester County, Massachusetts, 01757, United States
About Waters Corporation
Waters Corporation (NYSE: WAT) is a global leader in analytical instruments, separations technologies, and software, serving the life, materials, food, and environmental sciences for over 65 years. Our mission is to ensure the efficacy of medicines, the safety of food, the purity of water, and the quality and sustainability of products used every day. With over 7,600 passionate employees across more than 100 countries, we collaborate with customers in laboratories, manufacturing sites, and hospitals to accelerate the benefits of pioneering science.
About the Role
We are seeking a driven and experienced Sr. Information Security Compliance and Risk Analyst to lead and advance our enterprise-wide GRC program. In this high-impact role, you will ensure our security posture remains resilient, audit-ready, and aligned with industry-leading frameworks such as ISO 27001, SOC 2, NIST CSF, and CMMC.
You will serve as a trusted advisor to IT leadership, translating complex regulatory requirements and emerging threats into clear, actionable strategies that protect our business and our customers. Your day-to-day will involve owning risk assessments, driving compliance initiatives, conducting internal audits within the IT organization, and evaluating third-party vendors. Beyond technical execution, you will partner with cross-functional stakeholders to embed a culture of risk-aware security accountability across the entire organization, ensuring that security policies are understood and followed at every level.
Our Culture and Values
Diversity and inclusion are fundamental to our core values at Waters Corporation. We believe that a diverse workforce benefits our employees, our products, our customers, and our community. Waters is proud to be an equal opportunity workplace and an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs at the time. We comply with all applicable federal, state, and local laws and consider qualified applicants without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status, military service, veteran status, pregnancy, genetic information, sexual orientation, gender identity, disability, domestic violence victim status, or any other characteristic protected by law.
Work location
Work model: Hybrid
58;60, Emmons Street, Milford, Worcester County, Massachusetts, 01757, United States
Similar Job Opportunities
Skills, education and keywords
Skills: Iso 27001, Soc 2, Nist CSF, CMMC, Nist Ai RMF, Cissp, Cism, Crisc, Nist, Iso.
Education: Bachelor's degree in Cybersecurity, Information Technology, Business, or related field required.
Frequently asked questions about Sr InfoSec Compliance & Risk Analyst at Waters Corporation
What does a Sr InfoSec Compliance & Risk Analyst at Waters Corporation do?expand_more
In this Sr InfoSec Compliance & Risk Analyst at Waters Corporation role, you will lead enterprise-wide grc program and security compliance initiatives across iso 27001, soc 2, nist, and cmmc frameworks; conduct internal it audits, risk assessments, and control gap analyses to drive remediation efforts; manage third-party risk management program including vendor assessments, reviews, and compliance monitoring; and develop and maintain it security documentation including policies, standards, procedures, and control responses.
What are the requirements for this Sr InfoSec Compliance & Risk Analyst role?expand_more
To qualify for the Sr InfoSec Compliance & Risk Analyst at Waters Corporation position, applicants should have: 5 years of experience in cybersecurity with GRC emphasis; Bachelor's degree in Cybersecurity, Information Technology, Business, or related field; Strong knowledge of regulatory frameworks (NIST, ISO, GDPR, NIS2, CMMC); Experience with GRC tools and platforms; Working knowledge of information security and IT best practices; and CISSP, CISM, CRISC, or similar certifications preferred.