INFOSEC COMPLIANCE ANALYST III, IS&T Information Security

About the position Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community. You will join as an Information Security Compliance Analyst III where you will work with academic and administrative units, Principal Investigators (PIs), researchers, and clinicians to ensure that technology solutions deployed by the university are compliant with applicable legal, regulatory, and contractual obligations as well as University policies and standards. As part of the Information Security compliance team, you will report to the Information Security Compliance Manager. This position is hybrid remote/in-office, with an expectation that you can come to campus when needed. You Will: Build relationships and communicate compliance requirements with academic, research, and clinical stakeholders, including Principal Investigators and external sponsors. Be the Subject Matter Expert on compliance topics, participating in committees and project teams to inform decisions and best practices. Independently partner with technology staff to validate physical, technical, and administrative controls and ensure alignment with compliance requirements. Lead or coordinate risk and gap assessments to identify needs and areas of concern and guide the development of solutions. Help design and implement compliant solutions for IS&T-run services. Oversee compliance-related projects, managing resources and deliverables. Monitor and investigate current and emerging compliance topics to inform strategic direction. Responsibilities • Build relationships and communicate compliance requirements with academic, research, and clinical stakeholders, including Principal Investigators and external sponsors. • Be the Subject Matter Expert on compliance topics, participating in committees and project teams to inform decisions and best practices. • Independently partner with technology staff to validate physical, technical, and administrative controls and ensure alignment with compliance requirements. • Lead or coordinate risk and gap assessments to identify needs and areas of concern and guide the development of solutions. • Help design and implement compliant solutions for IS&T-run services. • Oversee compliance-related projects, managing resources and deliverables. • Monitor and investigate current and emerging compliance topics to inform strategic direction. Requirements • Knowledge of controls required by NIST 800-53, NIST 800-171, and CMMC. • Proficiency in completing NIST 800-53 and/or NIST 800-171 System Security Plans. • The ability to translate regulatory and technical compliance requirements into clear guidance for IT staff, management, and researchers. • A history of collaborating with technical teams, departments, and external partners to achieve compliance goals. • Skill in evaluating risks, identifying gaps, and recommending improvements. • A proven track record of mediating conflicts and coordinating deliverables to achieve compliance while meeting timelines. • Alternative qualifications that may substitute for formal education, such as military service, certifications, or substantial hands-on work in compliance and risk management. Nice-to-haves • Relevant professional certifications (e.g., CISSP, CCP, CISM, or equivalent), completion of bootcamps, or hands-on experience in compliance and security controls Benefits • Time Off: In addition to PTO and leave policy, BU employees have a paid intersession break and 13 paid holidays. • Retirement: University-funded retirement plan with full vesting after 2 years of eligible service. • Tuition Assistance Program: Competitive tuition assistance program for yourself and family members. • Check out and for more information! • Boston University IS&T invests in our staff and their personal and professional growth. We promote staff learning including lunch and learn sessions, an extensive library of online courses, Fun Advisory Board (FAB) arranges a number of events throughout the year and opportunities to engage with peers at NERCOMP and EDUCAUSE events. Apply tot his job