If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.
Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.
The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
Grade: Technical 407
Pay Range: $105,600.00 - $158,400.00
Job Description
Impact at WGU
As an IT Security Risk Analyst II, you will play a critical role in protecting WGU's students, data, and mission by ensuring third parties and suppliers meet the university's security and risk management standards. This is a hands-on, experienced role where you will own vendor risk assessments end to end, contribute to broader enterprise risk initiatives, and help mature WGU's third-party risk management program through strong judgment, clear communication, and continuous improvement.
What You'll Do
*
Own and execute third-party and supplier risk assessments using NIST 800-171 and similar frameworks
*
Independently scope assessments by identifying data flows, CUI exposure, inherent risk, and assessment approach
*
Validate vendor controls and trace conclusions from inherent risk through residual risk with defensible rationale
*
Review and analyze vendor evidence such as SOC 2 Type II reports, ISO 27001 certifications, SIG responses, and penetration test summaries
*
Evaluate security controls across infrastructure, applications, and cloud environments including AWS and Azure, clearly identifying gaps
*
Assess vendor criticality and business impact, including breach and termination scenarios
*
Conduct OSINT research to inform third-party security posture and risk profile
*
Deliver clear, actionable risk assessment reports, including executive summaries for leadership
*
Partner with business units to translate technical risk into business impact and guide remediation efforts
*
Contribute to internal risk assessments, exception-to-policy evaluations, and enterprise risk discussions
*
Identify process gaps and propose practical improvements, including AI-driven efficiencies to enhance assessment quality and speed
What You'll Bring
*
Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field
*
3 or more years of experience in IT security or risk management with direct third-party or vendor risk assessment ownership
*
Demonstrated ability to independently deliver end-to-end risk assessments on schedule
*
Broad understanding of information security risk beyond TPRM, including internal systems,... For full info follow application link.
Western Governors Univeristy is an equal
opportunity employer and does not discriminate on the basis of race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.
