IT Compliance Specialist

@ NewMarket Corporation

About Us

NewMarket Corporation, headquartered in Richmond, Virginia, is the parent company of Afton Chemical Corporation (Afton), Ethyl Corporation (Ethyl), and American Pacific Corporation (AMPAC). The Afton and Ethyl companies develop, manufacture, blend, and deliver chemical additives that enhance the performance of petroleum products. AMPAC is a manufacturer of specialty materials primarily used in solid rocket motors for the aerospace and defense industries.

Job Summary

The IT Compliance Specialist supports the organization’s information security and compliance programs by ensuring adherence to corporate policies, industry standards, and regulatory requirements. The role focuses on security compliance management, third-party risk evaluation, and cybersecurity awareness through administering phishing simulations, facilitating training initiatives, coordinating vendor security assessments, and contributing to continuous improvement of the cybersecurity governance framework.

Key Responsibilities

• Security Compliance and Governance: Develop, implement, and maintain IT security policies aligned to TISAX, NIST CSF, ISO 27001, and SOC 2. Conduct periodic audits, prepare evidence, and monitor regulatory changes.
• Third-Party and Vendor Risk Management: Manage security risk assessments for vendors, evaluate SOC 2 and ISO certifications, and maintain a centralized vendor inventory.
• Cybersecurity Awareness and Phishing Simulation: Design and track simulation campaigns, analyze metrics, and deliver security education content.
• Audit Support and Risk Reporting: Coordinate internal/external audits, support risk assessments, and document audit findings and remediation efforts.
• Continuous Improvement and Collaboration: Collaborate with IT, Security, Legal and Procurement teams to improve compliance processes and vendor governance.

Education & Experience

Minimum: Experience in information security, compliance, or IT audit, a Bachelor’s degree in IT, Cybersecurity, or related field, and familiarity with third-party risk management and compliance frameworks.

Preferred: Industry certifications such as CISA, CRISC, CISM, or Security+, and experience with third-party risk platforms and security awareness solutions.

Additional Requirements

Due to ITAR-controlled items, applicants must be a U.S. person as defined by ITAR requirements.

Skills/Abilities

• IT and cybersecurity compliance expertise
• Third-party risk management
• Proficiency with phishing simulation tools
• Strong analytical and documentation skills
• Excellent cross-functional collaboration

Working at NewMarket

NewMarket is a diverse global family focused on innovative R&D programs that drive global growth. Competitive compensation and benefits reinforce a culture built on respect, integrity, and safety.

Key skills/competency

IT compliance, cybersecurity, vendor risk, audit, phishing simulation, training, regulatory, governance, ITAR, documentation