JOB DESCRIPTION
Axcelis Technologies is seeking an IT GRC (Governance, Risk, and Compliance) Analyst to lead and support our enterprise-wide cybersecurity, audit, and compliance initiatives. This role is pivotal in strengthening our IT controls environment, ensuring compliance with regulatory frameworks such as NIST 2.0, CMMC, COBIT, ISO 27001, SOX 404 and serving as a key liaison between IT, Finance, and internal/external auditors. This role is based in Beverly, MA and will be onsite, or hybrid.
The ideal candidate is a proactive, detail-oriented professional with strong communication skills, a passion for cybersecurity, and a proven ability to manage complex compliance programs and risk assessments.
Key Responsibilities
Act as the primary IT liaison for internal and external audits.
Coordinate requests and meetings for information (PBC lists).
Ensuring accurate and timely responses to auditor inquiries.
Write, design, document, and maintain IT General Controls (ITGC) and IT Application Controls (ITAC) aligned with NIST, CMMC, COBIT, ISO 27001, and SOX 404.
Lead, perform, facilitate, and coordinate control self-assessments and internal risk reviews. This is not an independent audit, but a management-driven review to ensure controls effectiveness and are operational.
Maintain and enhance the NIST Cybersecurity Framework and CMMC compliance posture.
Guide Axcelis through its compliance journey toward NIST 2.0 and CMMC certification.
Coordinate and support SOX testing with internal/external auditors, IT, and Finance teams.
Provide IT audit and compliance support for operational, financial, and advisory engagements.
Respond to customer security questionnaires and manage third-party risk assessments.
Oversee vulnerability assessments, participate in penetration testing, and track remediation.
Facilitate reporting and metrics for key areas of cybersecurity (vulnerability management, patch management, coverage, etc…)
Act as a project manager for corrective action plans to drive resolution.
Monitor and interpret changes in regulatory and compliance requirements.
Develop and maintain security policies, standards, and procedures.
Lead root-cause analysis and remediation planning for control deficiencies.
Continuously improve audit methodologies, technologies, and best practices.
Qualifications
Required:
7+ years of experience in IT GRC, cybersecurity compliance, or IT audit.
Strong knowledge of NIST and CMMC.
Strong knowledge SOX 404, ITGC, ITAC, COBIT.
Experience managing external audits and audit documentation.
Familiarity with vulnerability management, risk assessments, and incident response.
Excellent written and verbal communication skills.
Strong project coordination and stakeholder engagement abilities.
Preferred:
Bachelor’s degree in information systems, cybersecurity, or related field.
Certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Auditor.
Understanding of cloud security and data protection regulations.
Experience with AI risk assessment is a plus.
EQUAL OPPORTUNITY STATEMENT
It is the policy of Axcelis to provide equal opportunity in all areas of employment for all persons free from discrimination based on race, sex, religion, age, color, national origin, disability status, medical condition (including pregnancy), veteran status, sexual orientation, marital status, or any other characteristic protected by federal, state or local law. Axcelis will provide reasonable accommodation necessary to enable a disabled candidate or employee to perform the essential functions of the position, unless the accommodation would create an undue hardship for the Company.
U.S. BASE SALARY RANGE
$106,804.00 - $160,206.00This base salary range reflects the typical compensation for this role across U.S. locations.
Our salary ranges are determined by role and level; individual pay is determined based on
multiple factors, including job-related skills, experience, relevant education or training, work
location, and internal equity. The range provides the opportunity for growth and progression as
you develop within the role.
Base pay is one part of our U.S. total compensation package which includes eligibility in the
Axcelis Team Incentive bonus plan, and comprehensive benefits package (for regular
employees working 20+ hours a week).
Top Skills
What We Do
Axcelis Technologies, Inc. is a world-leading provider of equipment and services to the semiconductor manufacturing industry. For over forty five years, chipmakers from around the globe have relied on Axcelis' tools and process expertise to form the transistors that power all electronics - from smartphones and laptops, cameras, personal music players and more.
Our equipment portfolio comprises a powerful suite of manufacturing technologies for ion implantation, one of the most critical steps in the IC manufacturing process. In addition, we provide extensive aftermarket service and support, including spare parts, equipment upgrades, maintenance services, and customer training. Our customers include all of the 20 largest semiconductor manufacturers in the world. More than 3000 of our products are in use worldwide.
At our Advanced Technology Center in Beverly, Mass., we collaborate with customers and other industry experts to develop next-generation applications and process capabilities. We support our customers with a worldwide network of 38 field offices in 10 countries.
In all that we do, our strategy is singular: align every Axcelis innovation and success with our customers' goals. We strive to understand the entirety of their challenges and stand ready to deliver the technology, service and support they need to succeed.
