Information Security GRC Analyst

We are seeking a GRC Analyst with CMMC experience to support CMMC 2.0 Level 2 readiness, certification, and ongoing compliance efforts. This role is ideal for a cybersecurity or compliance professional with hands-on exposure to CMMC or NIST SP 800-171, who is ready to deepen their expertise while working alongside senior assessors and advisors.You will contribute to CMMC readiness and assessment activities for Government Contractors and commercial organizations, while gaining exposure to broader cybersecurity risk and compliance engagements such as cyber risk assessments, compliance program development, and Information Security support.This role emphasizes execution, documentation quality, and learning, with increasing responsibility for Waters broader GRC information security program over time.CMMC & Compliance ExecutionSupport CMMC 2.0 Level 2 readiness and assessment activities under the guidance of Information Security and Business Leadership.Assist with interpreting NIST SP 800-171 and CMMC requirements and mapping them to client or internal controls.Help develop, update, and maintain: Next System Security Plans (SSPs)Plans of Action & Milestones (POA&Ms)Policies, procedures, and evidence artifactsParticipate in gap assessments and risk reviews; help track remediation activities and evidence collectionSupport mock assessments, internal audits, and formal C3PAO assessments by preparing documentation and responding to evidence requestsAssist with CUI scoping, boundary definitions, and DFARS 252.204‑7012 documentation activitiesDelivery & Cyber Advisory SupportContribute to cybersecurity and risk engagements such as:CMMC readiness and assessmentsCyber risk and controls assessmentsCompliance program implementationInformation security program supportPrepare workpapers, evidence mappings, and draft assessment documentation in accordance with firm methodologyTranslate technical and compliance requirements into clear, well-organized documentation.Maintain a strong service mindset while operating in a complex business environment.Governance Risk and Compliance Operations (GRC):Participate in Waters risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.Participate in reporting security risk to IT senior leadership and other key organizational stakeholders.Maintain and improve the organization’s risk register and compliance documentation.Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.Audit & Customer ResponsePrepare and support internal and external audits, including evidence collection and response coordination.Support responding to security questionnaires and demonstrating IT compliance with security frameworks.Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.Learning, Collaboration & Practice DevelopmentWork closely with senior analysts, managers, and assessors to learn assessment techniques and best practicesParticipate in internal training on CMMC, NIST, ISO, SOC, and emerging cyber standardsContribute to improving templates, checklists, and documentation standardsShare lessons learned and ask questions—this role is designed to grow technical and professional maturityWhat Success Looks Like in This RoleHigh-quality SSPs, POA&Ms, and evidence artifacts that stand up to assessment scrutinyConsistent progress toward CMMC Level 2 readiness and certificationIncreasing independence in handling assigned controls, domains, and documentation tasksStrong feedback from senior team members and clients on reliability, accuracy, and professionalismRequired QualificationsAssociate's degree, or higher in Information Security, Information Systems, Cybersecurity, Computer Science, or a related field2-4 years of experience in one or more of the following:Cybersecurity, GRC, or IT risk rolesCompliance or audit supportSSP development or security documentationInternal controls or implementation of policyFoundational knowledge of CMMC 2.0 and NIST SP 800-171‑171Experience supporting compliance documentation (SSPs, POA&Ms, policies, procedures, evidence)Strong written communication skills with attention to detailAbility to follow structured methodologies and accept feedbackPreferred QualificationsCMMC Certified Professional (CCP) or progress toward CCAFamiliarity with frameworks such as NIST SP 800-53, NIST CSF 2.0, ISO 27001, SOC 2, or FedRAMP‑53Exposure to DoD contractors / DIB environmentsExperience with GRC or evidence management tools (e.g., Vanta, ServiceNow GRC, Archer, OneTrust, ZenGRC)Security certifications in progress or completed (e.g., Security+, CGRC, CISSP Associate)Desired AttributesInterest in growing as a CMMC and GRC specialistComfortable working in a structured, assessment-driven environmentOrganized, dependable, and detail-orientedWillingness to learn new standards and take on increasing responsibilityProfessional, collaborative, and receptive to coachingWaters Corporation (NYSE:WAT)is a global leader in life sciences and diagnostics, dedicated to accelerating the benefits of pioneering science through analytical technologies, informatics, and service. With a focus on regulated, high-volume testing environments, our innovative portfolio harnesses deep scientific expertise across chemistry, physics, and biology. We collaborate with customers around the world to advance the release of effective, high-quality medicines, ensure the safety of food and water, and drive better patient outcomes by detecting diseases earlier, managing routine infections, and combating antibiotic resistance. Through a shared culture of relentless innovation, our passionate team of ~16,000 colleagues turn scientific challenges into breakthroughs that improve lives worldwide.Diversity and inclusion are fundamental to our core values at Waters Corporation. It benefits our employees, our products, our customers and our community. Waters complies with all applicable federal, state,and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status,or any other characteristic protected by law. Waters is proud to be an equal opportunity workplace and is an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs at the time.GRC AnalystCMMCNIST 800-171NIST CSF 2.0Information Security AnalystCyber Risk

Created: 2026-03-07