Staff IT Security Analyst

If youre passionate about building a better future for individuals communities and our countryand youre committed to working hard to play your part in building that futureconsider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online competency-based degree programs WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century one that has received praise from academic industry government and media leaders. Whatever your role working for WGU gives you a part to play in helping students graduate creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU it is not typical for an individual to be hired at or near the top of the range for their position and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Grade: Technical 410

Pay Range: $140200.00 - $217200.00

Job Description

Job Summary

The IT Security Auditor Staff serves as an experienced security professional and trusted advisor to internal business units and IT departments. This role requires strong internal audit expertise excellent client relationship skills and the ability to mentor junior team members while independently managing complex audit engagements. The position reports to the Senior Lead Auditor and plays a key role in executing the annual audit plan.

Key Responsibilities

Audit Planning & Execution

Audit Planning Contribution: Actively participate in annual audit planning providing risk insights and recommendations for audit scope and priorities

Engagement Scoping: Improve detailed audit programs and testing procedures for assigned audits determining appropriate scope and resource needs

Multi-Engagement Management: Simultaneously manage 2-3 audit engagements while mentoring junior staff assigned to projects

Methodology Enhancement: Recommend improvements to audit procedures and contribute to methodology development

Internal Client Advisory

Department-Level Advisory: Serve as a trusted security advisor to department heads IT managers and business unit leaders

Risk Consultation: Help internal clients understand security risks and develop practical mitigation strategies

Relationship Management: Build strong collaborative relationships with audit clients to facilitate open communication and effective remediation

Control Design Support: Advise on control design and implementation to prevent issues before they occur

Technical Assessment & Testing

Advanced Testing: Conduct sophisticated technical assessments including configuration reviews penetration test validation and control effectiveness testing

Root Cause Analysis: Identify underlying causes of control failures and systemic issues across the organization

Cross-Functional Reviews: Lead audits spanning multiple departments and technology platforms

Emerging Technology: Assess security controls in cloud environments DevOps pipelines and modern application architectures

Data Analytics: Use data analysis tools to identify anomalies and test large populations of transactions

Communication & Reporting

Management Presentations: Present audit findings and recommendations to the director and VP-level management with confidence and clarity

Risk Communication: Translate technical vulnerabilities into business risks that resonate with non-technical stakeholders

Report Writing: Produce clear concise audit reports that drive action and provide practical recommendations

Issue Negotiation: Navigate disagreements on findings and ratings through collaborative discussion and evidence-based arguments

Status Reporting: Provide regular updates to the Senior Lead Auditor on engagement progress and emerging risks

Compliance & Risk Management

Framework Application: Apply multiple regulatory frameworks (NIST GLBA FERPA ISO 27001 SOC 2) to audit engagements

Risk Assessment: Conduct risk assessments for assigned business areas and contribute to enterprise risk discussions

Control Mapping: Map controls across multiple compliance requirements to identify gaps and redundancies

Regulatory Updates: Stay current with changing regulations affecting assigned audit areas

Process Improvement

Audit Efficiency: Identify opportunities to streamline audit processes through automation or improved procedures

Tool Implementation: Evaluate and implement new audit tools and technologies

Best Practice Research: Research industry best practices and incorporate them into the audit approach

Continuous Monitoring: Contribute to the development of continuous monitoring capabilities

Minimum Qualifications

Education & Experience

Bachelors Degree in Cybersecurity Information Security Computer Science Information Systems or related field

7 years of professional experience in IT security with at least 4 years focused on internal security auditing

Demonstrated experience serving as lead auditor on complex engagements

Proven track record of building strong client relationships and influencing positive security changes

Core Competencies

Internal Audit Expertise: Deep understanding of internal audit standards methodologies and best practices

Client Management: Excellent interpersonal skills with the ability to build trust and manage challenging conversations

Technical Proficiency: Strong technical knowledge across infrastructure applications and cloud environments

Risk Assessment: Ability to identify evaluate and prioritize risks based on business impact

Project Management: Skills to manage multiple engagements and meet deadlines consistently

Technical Requirements

Audit Tools: Proficiency with audit management software data analytics tools and automated testing solutions

Security Technologies: Working knowledge of security controls including IAM encryption logging and monitoring

Compliance Frameworks: Understanding of major frameworks (NIST CSF ISO 27001 COBIT SOC 2)

Cloud Platforms: Familiarity with AWS or Azure security controls and assessment techniques

Preferred Qualifications

Certifications

Professional Certifications: CISA CISM CISSP or CIA

Cloud Certifications: AWS Security Azure Security or equivalent

Specialized Certifications: CRISC CGEIT or relevant industry certifications

Advanced Experience

Consulting Background: Experience in Big 4 or internal audit consulting

Industry Knowledge: Experience in higher education or financial services

Specialized Audits: Background in application security reviews cloud audits or data privacy assessments

15 years of Information Security experience including an understanding of all security domains

Specific Responsibilities

Annual Planning Support

Participate in annual risk assessment workshops

Provide input on audit universe and risk rankings

Recommend audit scope and timing based on client knowledge

Assist in resource planning and scheduling

Contribute to audit plan presentation materials

Client Relationship Management

Maintain regular touchpoints with key client contacts

Proactively identify emerging risks in assigned areas

Facilitate audit planning meetings with clients

Manage remediation follow-up activities

Build network of contacts across the organization

Quality Assurance

Ensure compliance with internal audit standards

Maintain comprehensive audit documentation

Participate in peer reviews

Contribute to quality improvement initiatives

Support external quality assessments

Higher Education Specific Requirements

Understanding of FERPA GLBA compliance requirements

Familiarity with student information systems

Knowledge of research compliance and data security

Experience with Federal Tax Information (FTI) requirements

Understanding of Controlled Unclassified Information (CUI) handling

Awareness of unique higher education IT environment challenge

Work Environment

Location: Salt Lake City Utah (In office 4 days per week)

Work Schedule: Standard business hours with flexibility for project deadlines

Position & Application Details

Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical dental vision telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual flexible paid sick time with no need for accrual 11 paid holidays and other paid leaves including up to 12 weeks of parental leave.

How to Apply: If interested an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. Its not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.