Sr InfoSec Compliance & Risk Analyst

Waters is seeking a driven and experienced Sr. Information Security Compliance and Risk Analyst to lead and advance our enterprise-wide GRC program, ensuring our security posture remains resilient, audit-ready, and aligned with industry-leading frameworks such as ISO 27001, SOC 2, NIST CSF, and CMMC. In this high-impact role, you will own risk assessments, compliance initiatives, conduct interal audits within the IT organization, and third-party vendor evaluations while partnering with cross-functional stakeholders to embed a culture of risk aware security accountability across the organization. You will serve as a trusted advisor to IT leadership, translating complex regulatory requirements and emerging threats into clear, actionable strategies that protect our business and our customers. If you bring 5+ years of cybersecurity and GRC expertise, a sharp analytical mindset, and a passion for building world-class security programs, we want to hear from you - certifications like CISSP, CISM, or CRISC are a strong plus.

Information Security Governance & Risk Management:

Lead and manage security compliance initiatives across the organization (e.g., ISO 27001, SOC 2, NIST CSF, CMMC, NIST AI RMF, etc.), including audit readiness, external certifications, and ongoing control maintenance.
• Aid in the ongoing development of Waters GRC program by supporting and maturing Waters Corporate IT compliance efforts.
• Assist our IT organization by determining appropriate security measures and by guiding the enterprise in implementing technical, operational and administrative controls throughout Waters IT ecosystem.
• Coordinate in maintaining and developing Waters IT security documentation (policies, standards, architectures, designs, procedures, and guidelines), ensuring change control and document availability.
• Contribute to the administration of Waters Information Security Management System.
• Collaborate with internal stakeholders to ensure security policies and procedures are understood and followed.
• Aid in monitoring regulatory changes and emerging risks; advise leadership on potential impacts and required actions.
• Develop and deliver security awareness and compliance training programs.

Audit & Customer Response

• Prepare and support internal and external audits, including evidence collection and response coordination.
• Support responding to security questionnaires and demonstrating IT compliance with security frameworks.
• Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.

Governance Risk and Compliance Operations (GRC):

• Participate in Waters third party risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.
• Participate in measuring and reporting on Security risk to IT senior leadership and other key organizational stakeholders.
• Maintain and improve the organization's risk register and compliance documentation.
• Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.
• Support third-party risk management by assessing vendor security practices and compliance.
  
  

Required Minimum:

• 5 years of experience in cybersecurity, with a strong emphasis on governance, risk, and compliance (GRC).
• Bachelor's degree in Cybersecurity, Information Technology, Business, or a related field.
• Strong knowledge of regulatory frameworks and standards (e.g., NIST, ISO, GDPR, NIS2, CMMC).
• Excellent interpersonal skills and the ability to engage with diverse teams across all levels of the organization.
• Experience with GRC tools and platforms.
• Demonstrated success in communicating and promoting security initiatives.
• Self-starter with strong problem-solving skills and a proactive mindset.
• Have a working knowledge of information security and IT best practices.

Preferred:

• Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
• Project management skills.
• Understanding Information Security risk quantification practices.

Waters Corporation (NYSE:WAT) is a global leader in analytical instruments, separations technologies, and software, serving the life, materials, food, and environmental sciences for over 65 years. Our Company helps ensure the efficacy of medicines, the safety of food and the purity of water, and the quality and sustainability of products used every day. In over 100 countries, our 7,600+ passionate employees collaborate with customers in laboratories, manufacturing sites, and hospitals to accelerate the benefits of pioneering science.

Diversity and inclusion are fundamental to our core values at Waters Corporation. It benefits our employees, our products, our customers and our community. Waters complies with all applicable federal, state, and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status, or any other characteristic protected by law. Waters is proud to be an equal opportunity workplace and is an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs at the time.