Infosec Compliance Analyst III, IS&T Information Security

Overview

Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community. You will join as an Information Security Compliance Analyst III where you will work with academic and administrative units, Principal Investigators (PIs), researchers, and clinicians to ensure that technology solutions deployed by the university are compliant with applicable legal, regulatory, and contractual obligations as well as University policies and standards.

As part of the Information Security compliance team, you will report to the Information Security Compliance Manager. This position is hybrid remote/in-office, with an expectation that you can come to campus when needed.

• Build relationships and communicate compliance requirements with academic, research, and clinical stakeholders, including Principal Investigators and external sponsors.
• Be the Subject Matter Expert on compliance topics, participating in committees and project teams to inform decisions and best practices.
• Independently partner with technology staff to validate physical, technical, and administrative controls and ensure alignment with compliance requirements.
• Lead or coordinate risk and gap assessments to identify needs and areas of concern and guide the development of solutions.
• Help design and implement compliant solutions for IS&T-run services.
• Oversee compliance-related projects, managing resources and deliverables.
• Monitor and investigate current and emerging compliance topics to inform strategic direction.

• Knowledge of controls required by NIST 800-53, NIST 800-171, and CMMC.
• Proficiency in completing NIST 800-53 and/or NIST 800-171 System Security Plans.
• The ability to translate regulatory and technical compliance requirements into clear guidance for IT staff, management, and researchers.
• A history of collaborating with technical teams, departments, and external partners to achieve compliance goals.
• Skill in evaluating risks, identifying gaps, and recommending improvements.
• A proven track record of mediating conflicts and coordinating deliverables to achieve compliance while meeting timelines.
• Alternative qualifications that may substitute for formal education, such as military service, certifications, or substantial hands-on work in compliance and risk management.

• Relevant professional certifications (e.g., CISSP, CCP, CISM, or equivalent), completion of bootcamps, or hands-on experience in compliance and security controls.

Boston University offers an excellent benefits package including time off (PTO and leave policy, paid intersession break, and 13 paid holidays). Retirement:
University-funded retirement plan with full vesting after 2 years of eligible service. Tuition Assistance Program:
Competitive tuition assistance program for yourself and family members. For more information, check BU wellness and part-time employee perks pages. We promote staff learning including lunch and learn sessions, an extensive library of online courses, and engagement opportunities with peers at events and forums.

If you require a reasonable accommodation in order to complete the employment application process, please contact the Equal Opportunity Office.