Senior IT Risk Security Analyst

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The Senior IT Security Analyst will work as a team member of WGU’s Governance, Risk, and Compliance (GRC) team, functioning as a senior lead to mentor more junior team members. This individual will have practical experience in cyber & IT risk management practices.

Essential Functions and Responsibilities:

• Function as a lead analyst in with risk analysis, third-party risk analysis, exception to policy analysis, and support security awareness, privacy, governance and compliance, internal audit and other security efforts.

• Provide expertise in two or more domains of information security.

• Bring advanced knowledge and specialization to the work.  Will provide mentoring, training, and work assignments for less experienced security analysts.

• Recommend and support the creation of tools, processes, and communications that support information security initiatives. Support and contribute to the development of security policies, standards and procedures.  

• Facilitate development and refinement of Information Security programs.

• Develop and apply standards and procedures regarding security tools.

• Participate in, and sometimes lead, tactical projects as they arise to clarify and respond to identified security risks across different technical domains. 

• Conduct security risk assessments related to internal systems, projects, third-parties, suppliers, etc. based on industry accepted best practices; including, but not limited to NIST and similar frameworks.

• Conduct Open-Source Intelligence (OSINT) research on third-parties, suppliers, and applications with regards to the security profile of the Target of Evaluation (ToE).

• Work with engineers, architects, and other security professionals to understand risk of a system, project, third-party, supplier, or application and recommend security controls to mitigate known risks.

• Work with IT and business unit management to assure third-parties, applications, and suppliers are aligned with the university’s security requirements.

• Provide guidance and assistance to operational teams and third-parties to remediate security deficiencies identified in risk assessments.

• Knowledge of NIST, FERPA, GLBA, GDPR, and other regulations and frameworks as they relate to education institutions. Contribute to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.

• Measure, collect, and report on key information security services and risk indicators.

• Act as an advocate for Information Security to help the business understand information security risks, standards, and best practices.

• Participate in internal system audits and participate in external audits where appropriate.

• Ability to identify internal and external trends to articulate risks. 

• Ability to articulate risk to management.

• Incrementally improve practices where appropriate and collaborate in identifying and formulating new practices where possible.

• Process service request tickets efficiently and reliably.

• Perform other job-related duties as assigned.

Knowledge, Skill and Abilities:

• Good oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy.

• Excellent analytical, problem solving, and decision-making skills.

• Ability to take a solution-driven approach to problem-solving.

• Ability to train and mentor other team members.

• Strong understanding of GLBA, FERPA, FAFSA, and other regulatory requirements as they pertain to education institutions.

• Ability to function equally well in abstract, conceptual, and architectural work as in granular technical implementation and configuration work.

• Strong knowledge of risk management and / or auditing frameworks.

• Subject matter expert in several security areas.

Job Qualifications:

Minimum Qualifications:

• Bachelor’s degree in cyber security or related field or equivalent work experience.

• Risk and information security certification ( ex. CISSP, CISM, CCSP, CISA, CTPRP).

• 5-8 years relevant experience in cyber & IT risk management, security awareness, governance and compliance, privacy, and / or IT audit.

• Experience with risk management best practices and frameworks.

• Experience with security industry standards and best practices. Proven experience with interpretation and implementation of those standards in a corporate environment.

• Experience recommending additional security requirements and safeguards. 

• Experience with cyber security and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data.

• Ability to work with team members in multiple locations.

Preferred Qualifications:

• Additional relevant security certifications (CRISC, CISA, CISSP).

• Experience with risk management and other GRC best practices and frameworks.

• Experience with IT audit practices and privacy regulations.

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.

• Must be able to lift up to 15 pounds at times.

Disclaimer: This Job Description has been designed to indicate the general nature, essential duties, and responsibilities of work performed by employees within this classification. It does not contain a comprehensive inventory of all duties, responsibilities, and qualifications that are required of the employee to do this job.  Duties, responsibilities and activities may change at any time with or without notice. This Job Description does not constitute a contract of employment and the University may exercise its employment-at-will rights at any time.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
 

How to apply: apply online

Full-time Regular Positions (FT classification, standard working hours = 40)

This is a full-time, regular position that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

The University is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.