Infosec Compliance Analyst III, IS&T Information Security

INFOSEC COMPLIANCE ANALYST III, IS&T Information Security

Boston, MA, United States

Salary Range: $ – $. The salary of the finalist selected for this role will be set based on a variety of factors, including but not limited to departmental budgets, qualifications, experience, education, licenses, specialty, training and internal pay comparison. The above hiring range represents the University's good faith and reasonable estimate of the range of possible compensation at the time of posting.

Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community. You will join as an Information Security Compliance Analyst III where you will work with academic and administrative units, Principal Investigators (PIs), researchers, and clinicians to ensure that technology solutions deployed by the university are compliant with applicable legal, regulatory, and contractual obligations as well as University policies and standards.

As part of the Information Security compliance team, you will report to the Information Security Compliance Manager. This position is hybrid remote/in‑office, with an expectation that you can come to campus when needed.

• Build relationships and communicate compliance requirements with academic, research, and clinical stakeholders, including Principal Investigators and external sponsors.
• Be the Subject Matter Expert on compliance topics, participating in committees and project teams to inform decisions and best practices.
• Independently partner with technology staff to validate physical, technical, and administrative controls and ensure alignment with compliance requirements.
• Lead or coordinate risk and gap assessments to identify needs and areas of concern and guide the development of solutions.
• Help design and implement compliant solutions for IS&T‑run services.
• Oversee compliance‑related projects, managing resources and deliverables.
• Monitor and investigate current and emerging compliance topics to inform strategic direction.

• Knowledge of controls required by NIST 800‑53, NIST 800‑171, and CMMC.
• Proficiency in completing NIST 800‑53 and/or NIST 800‑171 System Security Plans.
• The ability to translate regulatory and technical compliance requirements into clear guidance for IT staff, management, and researchers.
• A history of collaborating with technical teams, departments, and external partners to achieve compliance goals.
• Skill in evaluating risks, identifying gaps, and recommending improvements.
• A proven track record of mediating conflicts and coordinating deliverables to achieve compliance while meeting timelines.
• Alternative qualifications that may substitute for formal education, such as military service, certifications, or substantial hands‑on work in compliance and risk management.

• Relevant professional certifications (e.g., CISSP, CCP, CISM, or equivalent).
• Completion of bootcamps or hands‑on experience in compliance and security controls.

• Time Off:
  In addition to PTO and leave policy, BU employees have a paid intersession break and 13 paid holidays.
• Retirement:
  University‑funded retirement plan with full vesting after 2 years of eligible service.
• Tuition Assistance Program:
  Competitive tuition assistance program for yourself and family members.
• Professional development:
  Lunch and learn sessions, extensive library of online courses, and opportunities to engage with peers at NERCOMP and EDUCAUSE events.

If you require a reasonable accommodation in order to complete the employment application process, please contact the Equal Opportunity Office at . We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, and citizenship.