IT GRC Analyst

About the position Axcelis Technologies is seeking an IT GRC (Governance, Risk, and Compliance) Analyst to lead and support our enterprise-wide cybersecurity, audit, and compliance initiatives. This role is pivotal in strengthening our IT controls environment, ensuring compliance with regulatory frameworks such as NIST 2.0, CMMC, COBIT, ISO 27001, SOX 404 and serving as a key liaison between IT, Finance, and internal/external auditors. This role is based in Beverly, MA and will be onsite, or hybrid. The ideal candidate is a proactive, detail-oriented professional with strong communication skills, a passion for cybersecurity, and a proven ability to manage complex compliance programs and risk assessments. Responsibilities • Act as the primary IT liaison for internal and external audits. • Coordinate requests and meetings for information (PBC lists). • Ensuring accurate and timely responses to auditor inquiries. • Write, design, document, and maintain IT General Controls (ITGC) and IT Application Controls (ITAC) aligned with NIST, CMMC, COBIT, ISO 27001, and SOX 404. • Lead, perform, facilitate, and coordinate control self-assessments and internal risk reviews. • Maintain and enhance the NIST Cybersecurity Framework and CMMC compliance posture. • Guide Axcelis through its compliance journey toward NIST 2.0 and CMMC certification. • Coordinate and support SOX testing with internal/external auditors, IT, and Finance teams. • Provide IT audit and compliance support for operational, financial, and advisory engagements. • Respond to customer security questionnaires and manage third-party risk assessments. • Oversee vulnerability assessments, participate in penetration testing, and track remediation. • Facilitate reporting and metrics for key areas of cybersecurity (vulnerability management, patch management, coverage, etc…) • Act as a project manager for corrective action plans to drive resolution. • Monitor and interpret changes in regulatory and compliance requirements. • Develop and maintain security policies, standards, and procedures. • Lead root-cause analysis and remediation planning for control deficiencies. • Continuously improve audit methodologies, technologies, and best practices. Requirements • 7+ years of experience in IT GRC, cybersecurity compliance, or IT audit. • Strong knowledge of NIST and CMMC. • Strong knowledge SOX 404, ITGC, ITAC, COBIT. • Experience managing external audits and audit documentation. • Familiarity with vulnerability management, risk assessments, and incident response. • Excellent written and verbal communication skills. • Strong project coordination and stakeholder engagement abilities. Nice-to-haves • Bachelor’s degree in information systems, cybersecurity, or related field. • Certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Auditor. • Understanding of cloud security and data protection regulations. • Experience with AI risk assessment is a plus. Apply tot his job