IT GRC Analyst
Description:
Axcelis Technologies is seeking an IT GRC (Governance, Risk, and Compliance) Analyst to lead and support our enterprise-wide cybersecurity, audit, and compliance initiatives. This role is pivotal in strengthening our IT controls environment, ensuring compliance with regulatory frameworks such as NIST 2.0, CMMC, COBIT, ISO 27001, SOX 404 and serving as a key liaison between IT, Finance, and internal/external auditors. This role is based in Beverly, MA and can be onsite, hybrid, or remote.
The ideal candidate is a proactive, detail-oriented professional with strong communication skills, a passion for cybersecurity, and a proven ability to manage complex compliance programs and risk assessments.
Key Responsibilities
Act as the primary IT liaison for internal and external audits.
Coordinate requests and meetings for information (PBC lists).
Ensuring accurate and timely responses to auditor inquiries.
Write, design, document, and maintain IT General Controls (ITGC) and IT Application Controls (ITAC) aligned with NIST, CMMC, COBIT, ISO 27001, and SOX 404.
Lead, perform, facilitate, and coordinate control self-assessments and internal risk reviews. This is not an independent audit, but a management-driven review to ensure controls effectiveness and are operational.
Maintain and enhance the NIST Cybersecurity Framework and CMMC compliance posture.
Guide Axcelis through its compliance journey toward NIST 2.0 and CMMC certification.
Coordinate and support SOX testing with internal/external auditors, IT, and Finance teams.
Provide IT audit and compliance support for operational, financial, and advisory engagements.
Respond to customer security questionnaires and manage third-party risk assessments.
Oversee vulnerability assessments, participate in penetration testing, and track remediation.
Facilitate reporting and metrics for key areas of cybersecurity (vulnerability management, patch management, coverage, etc…)
Act as a project manager for corrective action plans to drive resolution.
Monitor and interpret changes in regulatory and compliance requirements.
Develop and maintain security policies, standards, and procedures.
Lead root-cause analysis and remediation planning for control deficiencies.
Continuously improve audit methodologies, technologies, and best practices.
Qualifications
Required:
7+ years of experience in IT GRC, cybersecurity compliance, or IT audit.
Strong knowledge of NIST and CMMC.
Strong knowledge SOX 404, ITGC, ITAC, COBIT.
Experience managing external audits and audit documentation.
Familiarity with vulnerability management, risk assessments, and incident response.
Excellent written and verbal communication skills.
Strong project coordination and stakeholder engagement abilities.
Preferred:
Bachelor’s degree in information systems, cybersecurity, or related field.
Certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Auditor.
Understanding of cloud security and data protection regulations.
Experience with AI risk assessment is a plus.
EQUAL OPPORTUNITY STATEMENT
It is the policy of Axcelis to provide equal opportunity in all areas of employment for all persons free from discrimination based on race, sex, religion, age, color, national origin, disability status, medical condition (including pregnancy), veteran status, sexual orientation, marital status, or any other characteristic protected by federal, state or local law. Axcelis will provide reasonable accommodation necessary to enable a disabled candidate or employee to perform the essential functions of the position, unless the accommodation would create an undue hardship for the Company.
11207