City of Boston

Governance, Risk, and Compliance Analyst

Posted Date 1 month ago(10/29/2021 11:45 AM)
Req ID
Dpt of Innovation & Technology
Regular Full-Time
ASD-Mgmt Information Systems
Salary Min
Salary Max
Contact Email


Brief Job Description:


The City of Boston, Department of Innovation and Technology  (DoIT), Cyber Security Team is actively growing and seeking to hire a Governance, Risk & Compliance Analyst. This role will further implement and enhance our current governance model(s). This person will serve as an expert for the governance and protection of the IT security data and as the lead for other relevant IT policies. This role will report directly to the Chief of Security Officer (CISO), and collaborate closely with the Director of Cyber Security, CIO and other City departments including legal and policy staff members.


  • Builds a strong governance structure that is participatory, collaborative, transparent, effective, and follows the rule of law.
  • Develops collaborations with outside partners, consult with legal experts and serve as the primary subject matter expert for the City’s IT security governance models/policies. 
  • Identifies top Cyber Security and IT Governance objectives in an effort to create, enhance and modify the existing legacy governance structure for the City of Boston.
  • Review all current IT related policies and research best practices to help minimize redundancy and out-dated frameworks. 
  • Effectively ensure policies, and agreed upon strategies,  are implemented as intended and comply with the law.
  • Creates monitoring mechanisms to ensure policies are adhered to and/or edited to keep the course of governance stable and current. 
  • Drafts correspondence and memorandums on various subjects, e.g., Cyber Security guidance, strategic information technology plan updates, continuous monitoring strategy
  • Coordinates necessary committees and meetings to include all necessary stakeholders who should be notified and/or involved with policy-making. 
  • Consistently updates and communicates the flow of information as changes and modifications may occur monthly and/or annually. 
  • Performs related work as required.

Minimum Entrance Qualifications:


  • Three (3) years of full-time, or equivalent part-time, experience in legal, governance, or business related fields. A Bachelor's degree in a related field may be substituted for two (2) years of the required experience. A Master's degree can be substituted for three (3) years of the required experience.
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Ability to interpret and apply laws, regulations, policies, ethical standards and guidance relevant to organizations Cyber Security &/or IT related objectives throughout the DoIT department and citywide. 
  • Experience managing, developing, and implementing enterprise cyber security policies and governance activities.
  • Proven ability to work with other teams to create new processes and procedures to meet security and compliance requirements.
  • Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
  • Abitlity to communicate effectively and orally in writing.
  • Ability to exercise good judgement and focus on detail as required by the job.





Union/Salary Plan/Grade:   SENA/MM1-8


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed