Job Description

IT GRC Analyst, Axcelis Technologies Location: Beverly, MA. Role is on-site or hybrid. Axcelis Technologies is seeking an IT GRC (Governance, Risk, and Compliance) Analyst to lead and support our enterprise-wide cybersecurity, audit, and compliance initiatives. This role is pivotal in strengthening our IT controls environment, ensuring compliance with regulatory frameworks such as NIST 2.0, CMMC, COBIT, ISO 27001, SOX 404, and serving as a key liaison between IT, Finance, and internal/external auditors. Key Responsibilities Act as the primary IT liaison for internal and external audits. Coordinate requests and meetings for information (PBC lists). Ensure accurate and timely responses to auditor inquiries. Write, design, document, and maintain IT General Controls (ITGC) and IT Application Controls (ITAC) aligned with NIST, CMMC, COBIT, ISO 27001, and SOX 404. Lead, perform, facilitate, and coordinate control self‑assessments and internal risk reviews to ensure controls effectiveness and operation. Maintain and enhance the NIST Cybersecurity Framework and CMMC compliance posture. Guide Axcelis through its compliance journey toward NIST 2.0 and CMMC certification. Coordinate and support SOX testing with internal/external auditors, IT, and Finance teams. Provide IT audit and compliance support for operational, financial, and advisory engagements. Respond to customer security questionnaires and manage third‑party risk assessments. Oversee vulnerability assessments, participate in penetration testing, and track remediation. Facilitate reporting and metrics for key areas of cybersecurity (vulnerability management, patch management, coverage, etc.). Act as a project manager for corrective action plans to drive resolution. Monitor and interpret changes in regulatory and compliance requirements. Develop and maintain security policies, standards, and procedures. Lead root‑cause analysis and remediation planning for control deficiencies. Continuously improve audit methodologies, technologies, and best practices. Qualifications 7+ years of experience in IT GRC, cybersecurity compliance, or IT audit. Strong knowledge of NIST and CMMC. Strong knowledge of SOX 404, ITGC, ITAC, COBIT. Experience managing external audits and audit documentation. Familiarity with vulnerability management, risk assessments, and incident response. Excellent written and verbal communication skills. Strong project coordination and stakeholder engagement abilities. Preferred Bachelor’s degree in information systems, cybersecurity, or related field. Certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Auditor. Understanding of cloud security and data protection regulations. Experience with AI risk assessment is a plus.

EQUAL OPPORTUNITY STATEMENT

It is the policy of Axcelis to provide equal opportunity in all areas of employment for all persons free from discrimination based on race, sex, religion, age, color, national origin, disability status, medical condition (including pregnancy), veteran status, sexual orientation, marital status, or any other characteristic protected by federal, state or local law. Axcelis will provide reasonable accommodation necessary to enable a disabled candidate or employee to perform the essential functions of the position, unless the accommodation would create an undue hardship for the Company.

U.S. BASE SALARY RANGE

$106,804.00 - $160,206.00 Base salary range reflects the typical compensation for this role across U.S. locations. Base pay is part of a total compensation package that includes eligibility in the Axcelis Team Incentive bonus plan and comprehensive benefits for regular employees working 20+ hours a week. #J-18808-Ljbffr Axcelis Technologies

Job Tags

Local area,

Similar Jobs