IT Security Risk Analyst II

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:Grade: Technical 407Pay Range: $105,600.00 - $158,400.00Job DescriptionImpact at WGUAs an IT Security Risk Analyst II, you will play a critical role in protecting WGU’s students, data, and mission by ensuring third parties and suppliers meet the university’s security and risk management standards. This is a hands-on, experienced role where you will own vendor risk assessments end to end, contribute to broader enterprise risk initiatives, and help mature WGU’s third-party risk management program through strong judgment, clear communication, and continuous improvement.What You’ll DoOwn and execute third-party and supplier risk assessments using NIST 800-171 and similar frameworksIndependently scope assessments by identifying data flows, CUI exposure, inherent risk, and assessment approachValidate vendor controls and trace conclusions from inherent risk through residual risk with defensible rationaleReview and analyze vendor evidence such as SOC 2 Type II reports, ISO 27001 certifications, SIG responses, and penetration test summariesEvaluate security controls across infrastructure, applications, and cloud environments including AWS and Azure, clearly identifying gapsAssess vendor criticality and business impact, including breach and termination scenariosConduct OSINT research to inform third-party security posture and risk profileDeliver clear, actionable risk assessment reports, including executive summaries for leadershipPartner with business units to translate technical risk into business impact and guide remediation effortsContribute to internal risk assessments, exception-to-policy evaluations, and enterprise risk discussionsIdentify process gaps and propose practical improvements, including AI-driven efficiencies to enhance assessment quality and speedWhat You’ll BringBachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field3 or more years of experience in IT security or risk management with direct third-party or vendor risk assessment ownershipDemonstrated ability to independently deliver end-to-end risk assessments on scheduleBroad understanding of information security risk beyond TPRM, including internal systems, projects, and policy exceptionsHands-on experience evaluating SOC 2, ISO certifications, SIG questionnaires, and penetration test resultsPractical knowledge of cloud environments and associated security controlsStrong risk judgment with the ability to weigh evidence and make defensible determinationsClear written and verbal communication skills, able to articulate risk to technical and non-technical audiencesAccountability for quality, accuracy, and timelines without constant oversightBonus PointsCertifications such as CRISC, CISA, CISM, CISSP, or cloud security credentialsExperience in higher education or financial services environmentsExperience with TPRM programs aligned to NIST 800-171 or CMMCKnowledge of FERPA and GLBA as applied to third-party data sharing and sensitive data protectionWhat to ExpectAt WGU, our mission drives everything we do, including how we hire. Our interview experience is designed to give qualified candidates the opportunity to show their best work through meaningful conversations and collaboration.We thoughtfully review every application and invite forward the candidates whose experience and potential best align with the role and our mission.Interview StepsIntroductory callHiring leader interviewDirector interviewWork LocationThis is a full-time, in-office position at WGU’s office in Salt Lake City, Utah.Visa SponsorshipWhile we welcome applicants from all backgrounds, WGU is not able to provide visa sponsorship for this role.As an equal opportunity employer, we recognize our strength lies in our people and are committed to creating an inclusive environment where all can thrive.Position & Application DetailsFull-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.Additional InformationDisclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.