Infosec Compliance Analyst III, IS&T Information Security

INFOSEC COMPLIANCE ANALYST III, IS&T Information Security

Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community. You will join as an Information Security Compliance Analyst III where you will work with academic and administrative units, Principal Investigators (PIs), researchers, and clinicians to ensure that technology solutions deployed by the university are compliant with applicable legal, regulatory, and contractual obligations as well as University policies and standards.

As part of the Information Security compliance team, you will report to the Information Security Compliance Manager. This position is hybrid remote/in-office, with an expectation that you can come to campus when needed.

Location: Boston, MA, United States

Position Type: Full-Time/Regular

Salary: $ - $ (Grade 51)

• Build relationships and communicate compliance requirements with academic, research, and clinical stakeholders, including Principal Investigators and external sponsors.
• Be the Subject Matter Expert on compliance topics, participating in committees and project teams to inform decisions and best practices.
• Independently partner with technology staff to validate physical, technical, and administrative controls and ensure alignment with compliance requirements.
• Lead or coordinate risk and gap assessments to identify needs and areas of concern and guide the development of solutions.
• Help design and implement compliant solutions for IS&T‑run services.
• Oversee compliance‑related projects, managing resources and deliverables.
• Monitor and investigate current and emerging compliance topics to inform strategic direction.

• Knowledge of controls required by NIST 800‑53, NIST 800‑171, and CMMC.
• Proficiency in completing NIST 800‑53 and/or NIST 800‑171 System Security Plans.
• The ability to translate regulatory and technical compliance requirements into clear guidance for IT staff, management, and researchers.
• A history of collaborating with technical teams, departments, and external partners to achieve compliance goals.
• Skill in evaluating risks, identifying gaps, and recommending improvements.
• A proven track record of mediating conflicts and coordinating deliverables to achieve compliance while meeting timelines.
• Alternative qualifications that may substitute for formal education, such as military service, certifications, or substantial hands‑on work in compliance and risk management.

• Relevant professional certifications (e.g., CISSP, CCP, CISM, or equivalent), completion of bootcamps, or hands‑on experience in compliance and security controls.

BOS University offers an excellent benefits package including Time Off (paid intersession break, 13 paid holidays, PTO and leave policy), Retirement (University‑funded plan with full vesting after 2 years), Tuition Assistance Program, wellness resources, professional development opportunities such as lunch & learn sessions, online courses, and events at NERCOMP and EDUCAUSE.

Equal Employment Opportunity: If you require a reasonable accommodation to complete the application process, please contact the Equal Opportunity Office at 617‑353‑6474. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, mar…