IT Security Risk Analyst II

If youre passionate about building a better future for individuals communities and our countryand youre committed to working hard to play your part in building that futureconsider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online competency-based degree programs WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century one that has received praise from academic industry government and media leaders. Whatever your role working for WGU gives you a part to play in helping students graduate creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU it is not typical for an individual to be hired at or near the top of the range for their position and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Job Description

What Youll Do

• Own and execute third-party and supplier risk assessments using NIST 800-171 and similar frameworks

• Independently scope assessments by identifying data flows CUI exposure inherent risk and assessment approach

• Validate vendor controls and trace conclusions from inherent risk through residual risk with defensible rationale

• Review and analyze vendor evidence such as SOC 2 Type II reports ISO 27001 certifications SIG responses and penetration test summaries

• Evaluate security controls across infrastructure applications and cloud environments including AWS and Azure clearly identifying gaps

• Assess vendor criticality and business impact including breach and termination scenarios

• Conduct OSINT research to inform third-party security posture and risk profile

• Deliver clear actionable risk assessment reports including executive summaries for leadership

• Partner with business units to translate technical risk into business impact and guide remediation efforts

• Contribute to internal risk assessments exception-to-policy evaluations and enterprise risk discussions

• Identify process gaps and propose practical improvements including AI-driven efficiencies to enhance assessment quality and speed

What Youll Bring

• Bachelors degree in Cybersecurity Information Security Computer Science Information Systems or a related field

• 3 or more years of experience in IT security or risk management with direct third-party or vendor risk assessment ownership

• Demonstrated ability to independently deliver end-to-end risk assessments on schedule

• Broad understanding of information security risk beyond TPRM including internal systems projects and policy exceptions

• Hands-on experience evaluating SOC 2 ISO certifications SIG questionnaires and penetration test results

• Practical knowledge of cloud environments and associated security controls

• Strong risk judgment with the ability to weigh evidence and make defensible determinations

• Clear written and verbal communication skills able to articulate risk to technical and non-technical audiences

• Accountability for quality accuracy and timelines without constant oversight

Bonus Points

• Certifications such as CRISC CISA CISM CISSP or cloud security credentials

• Experience in higher education or financial services environments

• Experience with TPRM programs aligned to NIST 800-171 or CMMC

• Knowledge of FERPA and GLBA as applied to third-party data sharing and sensitive data protection

What to Expect

At WGU our mission drives everything we do including how we hire. Our interview experience is designed to give qualified candidates the opportunity to show their best work through meaningful conversations and collaboration.
We thoughtfully review every application and invite forward the candidates whose experience and potential best align with the role and our mission.

Interview Steps

• Introductory call

• Hiring leader interview

• Director interview

Work Location

This is a full-time in-office position at WGUs office in Salt Lake City Utah.

Visa Sponsorship

While we welcome applicants from all backgrounds WGU is not able to provide visa sponsorship for this role.

As an equal opportunity employer we recognize our strength lies in our people and are committed to creating an inclusive environment where all can thrive.

#LI-aw2

Position & Application Details

How to Apply: If interested an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. Its not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.