GRC Analyst

Thorlabs is pleased to play a role in advancing science through the components, instruments, and systems we design and manufacture. We believe that science and innovation have great potential to improve the world around us and are committed to advancing photonics (i.e., light-based) technologies that positively impact our customers, employees, and communities. Via educational outreach and more sustainable business practices, we continuously invest in a brighter future. We recognize that each of our employees is a unique individual with the ability to contribute to our success and seek to find great people who will thrive in our fun, fast-paced culture

The GRC Analyst supports the organization’s Governance, Risk, and Compliance (GRC) initiatives by assisting in policy development, risk assessments, compliance audits, and reporting. This role provides a path to grow into more senior positions in information security and compliance, such as Senior GRC Analyst or Information Security Manager, by gaining hands-on experience with frameworks, tools, and processes critical to the organization’s security posture.

Although the location of the position is in Newton, NJ, from time to time it may be required to undertake duties at other Thorlabs locations.

Essential Job Functions include the following, but are not limited to:

Governance and Policy Support

• Assist in the development, review, and maintenance of information security policies, standards, and procedures.
• Support alignment with regulatory frameworks such as PCI-DSS, CMMC 2.0, and ISO27001.
• Collaborate with teams to promote awareness of governance and compliance requirements.

Risk Assessment and Management

• Conduct risk assessments to identify, document, and report on information security risks.
• Monitor and track risk mitigation efforts and recommend improvements.
• Assist in generating Key Risk Indicator (KRI) reports and metrics.

Compliance Monitoring and Auditing

• Support compliance efforts with frameworks like PCI-DSS, CMMC, and ISO27001.
• Assist in preparing evidence and documentation for internal and external audits.
• Help coordinate responses to auditor inquiries and follow-up actions.

Reporting and Documentation

• Prepare and maintain dashboards and reports on GRC activities, including audit results and compliance metrics.
• Document findings and recommendations from audits, risk assessments, and compliance reviews.

The Company retains the right to change or assign other duties to this position.

Physical Activities:

This is largely a sedentary role; however, it may require the ability to lift, bend or stand as necessary. The employee may occasionally lift or move objects up to 25 pounds.

Requirements

Experience:

• 4+ years of professional experience, including 2+ years in information security with a focus on GRC.
• Exposure to regulatory frameworks (e.g., PCI-DSS, CMMC, ISO27001, NIST) is preferred.
• Experience with GRC tools (e.g., RSA Archer, ServiceNow GRC) or a strong willingness to learn.

Education:

• Bachelor’s degree in Information Security, Computer Science, IT, Business Administration, or a related field (or equivalent experience).

Specialized Knowledge and Skills:

• Foundational understanding of risk management concepts and security frameworks.
• Strong organizational skills with the ability to manage multiple priorities.
• Excellent written and verbal communication skills, including report writing.
• Strong analytical and problem-solving skills to assess risks, understand controls, and suggest mitigations.
• Security engineering or software development experience is highly advantageous; experience with data visualization tools is a plus.
• Hands-on experience with vulnerability management tools (e.g., Qualys, Nessus, Rapid7) and attack surface management solutions is a big plus.

Other:

• Compliance with International Traffic in Arms Regulations (ITAR).

Thorlabs values its diverse environment and is proud to be an Equal Employment Opportunity/Affirmative Action Employer.  All qualified individuals will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. Job descriptions are not intended as and do not create employment contracts.  The organization maintains its status as an at-will employer.  Employees can be terminated for any reason not prohibited by law.

Benefits

Thorlabs offers a complete benefits package that includes medical, dental and vision insurance, company paid life insurance, a generous PTO package, a 401(k) plan, and tuition reimbursement just to name a few..