Information Security GRC Analyst

We are seeking a GRC Analyst with CMMC experience to support CMMC 2.0 Level 2 readiness, certification, and ongoing compliance efforts. This role is ideal for a cybersecurity or compliance professional with hands-on exposure to CMMC or NIST SP 800-171, who is ready to deepen their expertise while working alongside senior assessors and advisors.

You will contribute to CMMC readiness and assessment activities for Government Contractors and commercial organizations, while gaining exposure to broader cybersecurity risk and compliance engagements such as cyber risk assessments, compliance program development, and Information Security support.

This role emphasizes execution, documentation quality, and learning, with increasing responsibility for Waters broader GRC information security program over time.

CMMC & Compliance Execution

Support CMMC 2.0 Level 2 readiness and assessment activities under the guidance of Information Security and Business Leadership.
• Assist with interpreting NIST SP 800-171 and CMMC requirements and mapping them to client or internal controls.
• Help develop, update, and maintain: Next
• System Security Plans (SSPs)
• Plans of Action & Milestones (POA&Ms)
• Policies, procedures, and evidence artifacts
• Participate in gap assessments and risk reviews; help track remediation activities and evidence collection
• Support mock assessments, internal audits, and formal C3PAO assessments by preparing documentation and responding to evidence requests
• Assist with CUI scoping, boundary definitions, and DFARS 252.2047012 documentation activities

Delivery & Cyber Advisory Support

• Contribute to cybersecurity and risk engagements such as:
• CMMC readiness and assessments
• Cyber risk and controls assessments
• Compliance program implementation
• Information security program support
• Prepare workpapers, evidence mappings, and draft assessment documentation in accordance with firm methodology
• Translate technical and compliance requirements into clear, well-organized documentation.
• Maintain a strong service mindset while operating in a complex business environment.

Governance Risk and Compliance Operations (GRC):

• Participate in Waters risk management program, including vendor assessments, reviews, remediation follow-up, and monitoring.
• Participate in reporting security risk to IT senior leadership and other key organizational stakeholders.
• Maintain and improve the organization's risk register and compliance documentation.
• Conduct risk assessments and control gap analyses; develop mitigation strategies and track remediation efforts.

Audit & Customer Response

• Prepare and support internal and external audits, including evidence collection and response coordination.
• Support responding to security questionnaires and demonstrating IT compliance with security frameworks.
• Draft and maintain clear, consistent, and audit-ready documentation, including policies, control responses, program updates and reports.

Learning, Collaboration & Practice Development

• Work closely with senior analysts, managers, and assessors to learn assessment techniques and best practices
• Participate in internal training on CMMC, NIST, ISO, SOC, and emerging cyber standards
• Contribute to improving templates, checklists, and documentation standards
• Share lessons learned and ask questions-this role is designed to grow technical and professional maturity

What Success Looks Like in This Role

• High-quality SSPs, POA&Ms, and evidence artifacts that stand up to assessment scrutiny
• Consistent progress toward CMMC Level 2 readiness and certification
• Increasing independence in handling assigned controls, domains, and documentation tasks
• Strong feedback from senior team members and clients on reliability, accuracy, and professionalism

Required Qualifications

• Associate's degree, or higher in Information Security, Information Systems, Cybersecurity, Computer Science, or a related field
• 2-4 years of experience in one or more of the following:
• Cybersecurity, GRC, or IT risk roles
• Compliance or audit support
• SSP development or security documentation
• Internal controls or implementation of policy
• Foundational knowledge of CMMC 2.0 and NIST SP 800-171171
• Experience supporting compliance documentation (SSPs, POA&Ms, policies, procedures, evidence)
• Strong written communication skills with attention to detail
• Ability to follow structured methodologies and accept feedback

Preferred Qualifications

• CMMC Certified Professional (CCP) or progress toward CCA
• Familiarity with frameworks such as NIST SP 800-53, NIST CSF 2.0, ISO 27001, SOC 2, or FedRAMP53
• Exposure to DoD contractors / DIB environments
• Experience with GRC or evidence management tools (e.g., Vanta, ServiceNow GRC, Archer, OneTrust, ZenGRC)
• Security certifications in progress or completed (e.g., Security+, CGRC, CISSP Associate)

Desired Attributes

• Interest in growing as a CMMC and GRC specialist
• Comfortable working in a structured, assessment-driven environment
• Organized, dependable, and detail-oriented
• Willingness to learn new standards and take on increasing responsibility
• Professional, collaborative, and receptive to coaching

Waters Corporation (NYSE:WAT) is a global leader in life sciences and diagnostics, dedicated to accelerating the benefits of pioneering science through analytical technologies, informatics, and service. With a focus on regulated, high-volume testing environments, our innovative portfolio harnesses deep scientific expertise across chemistry, physics, and biology. We collaborate with customers around the world to advance the release of effective, high-quality medicines, ensure the safety of food and water, and drive better patient outcomes by detecting diseases earlier, managing routine infections, and combating antibiotic resistance. Through a shared culture of relentless innovation, our passionate team of ~16,000 colleagues turn scientific challenges into breakthroughs that improve lives worldwide.

Diversity and inclusion are fundamental to our core values at Waters Corporation. It benefits our employees, our products, our customers and our community. Waters complies with all applicable federal, state, and local laws. Qualified applicants are considered without regard to sex, race, color, ancestry, national origin, citizenship status, religion, age, marital status (including civil unions), military service, veteran status, pregnancy (including childbirth and related medical conditions), genetic information, sexual orientation, gender identity, legally recognized disability, domestic violence victim status, or any other characteristic protected by law. Waters is proud to be an equal opportunity workplace and is an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs at the time.