Job Description

Overview Axcelis Technologies is seeking an IT GRC (Governance, Risk, and Compliance) Analyst to lead and support our enterprise-wide cybersecurity, audit, and compliance initiatives. This role strengthens our IT controls environment and ensures compliance with regulatory frameworks such as NIST 2.0, CMMC, COBIT, ISO 27001, and SOX 404. The position serves as a key liaison between IT, Finance, and internal/external auditors. This role is based in Beverly, MA and will be onsite, or hybrid. Responsibilities Act as the primary IT liaison for internal and external audits. Coordinate requests and meetings for information (PBC lists). Ensure accurate and timely responses to auditor inquiries. Write, design, document, and maintain IT General Controls (ITGC) and IT Application Controls (ITAC) aligned with NIST, CMMC, COBIT, ISO 27001, and SOX 404. Lead, perform, facilitate, and coordinate control self-assessments and internal risk reviews. This is a management-driven review to ensure controls are effective and operational. Maintain and enhance the NIST Cybersecurity Framework and CMMC compliance posture. Guide Axcelis through its compliance journey toward NIST 2.0 and CMMC certification. Coordinate and support SOX testing with internal/external auditors, IT, and Finance teams. Provide IT audit and compliance support for operational, financial, and advisory engagements. Respond to customer security questionnaires and manage third-party risk assessments. Oversee vulnerability assessments, participate in penetration testing, and track remediation. Facilitate reporting and metrics for key areas of cybersecurity (vulnerability management, patch management, coverage, etc.). Act as a project manager for corrective action plans to drive resolution. Monitor and interpret changes in regulatory and compliance requirements. Develop and maintain security policies, standards, and procedures. Lead root-cause analysis and remediation planning for control deficiencies. Continuously improve audit methodologies, technologies, and best practices. Required Qualifications 7+ years of experience in IT GRC, cybersecurity compliance, or IT audit. Strong knowledge of NIST and CMMC. Strong knowledge of SOX 404, ITGC, ITAC, COBIT. Experience managing external audits and audit documentation. Familiarity with vulnerability management, risk assessments, and incident response. Excellent written and verbal communication skills. Strong project coordination and stakeholder engagement abilities. Preferred Qualifications Bachelor’s degree in information systems, cybersecurity, or related field. Certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Auditor. Understanding of cloud security and data protection regulations. Experience with AI risk assessment is a plus. Equal Opportunity IT is the policy of Axcelis to provide equal opportunity in all areas of employment for all persons free from discrimination based on race, sex, religion, age, color, national origin, disability status, medical condition (including pregnancy), veteran status, sexual orientation, marital status, or any other characteristic protected by federal, state or local law. Axcelis will provide reasonable accommodation necessary to enable a disabled candidate or employee to perform the essential functions of the position, unless the accommodation would create an undue hardship for the Company. Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Semiconductor Manufacturing Data Analyst - Corporate Technology Data Engineering & Analytics Newton Centre, MA $75,000 - $82,000 6 hours ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr Axcelis Technologies

Job Tags

Similar Jobs