If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.
Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.
The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is :
Grade : Technical 410
Pay Range : $140,200.00 - $217,200.00
Job Description
Job Summary
The Senior Staff IT Security Auditor (one level under Principal-level) serves as an experienced security professional and trusted advisor to internal business units and IT departments. This role requires strong internal audit expertise, excellent client relationship skills, and the ability to mentor junior team members while independently managing complex audit engagements. The position reports to the Senior Manager of Information Security and plays a key role in executing the annual audit plan.
Key Responsibilities
Audit Planning & Execution
- Audit Planning Contribution : Actively participate in annual audit planning, providing risk insights and recommendations for audit scope and priorities
- Engagement Scoping : Improve detailed audit programs and testing procedures for assigned audits, determining appropriate scope and resource needs
- Multi-Engagement Management : Simultaneously manage 2-3 audit engagements while mentoring junior staff assigned to projects
- Methodology Enhancement : Recommend improvements to audit procedures and contribute to methodology development
Internal Client Advisory
Department-Level Advisory : Serve as a trusted security advisor to department heads, IT managers, and business unit leadersRisk Consultation : Help internal clients understand security risks and develop practical mitigation strategiesRelationship Management : Build strong, collaborative relationships with audit clients to facilitate open communication and effective remediationControl Design Support : Advise on control design and implementation to prevent issues before they occurTechnical Assessment & Testing
Advanced Testing : Conduct sophisticated technical assessments, including configuration reviews, penetration test validation, and control effectiveness testingRoot Cause Analysis : Identify underlying causes of control failures and systemic issues across the organizationCross-Functional Reviews : Lead audits spanning multiple departments and technology platformsEmerging Technology : Assess security controls in cloud environments, DevOps pipelines, and modern application architecturesData Analytics : Use data analysis tools to identify anomalies and test large populations of transactionsCommunication & Reporting
Management Presentations : Present audit findings and recommendations to the director and VP-level management with confidence and clarityRisk Communication : Translate technical vulnerabilities into business risks that resonate with non-technical stakeholdersReport Writing : Produce clear, concise audit reports that drive action and provide practical recommendationsIssue Negotiation : Navigate disagreements on findings and ratings through collaborative discussion and evidence-based argumentsStatus Reporting : Provide regular updates to the Senior Lead Auditor on engagement progress and emerging risksCompliance & Risk Management
Framework Application : Apply multiple regulatory frameworks (NIST, GLBA, FERPA, ISO 27001, SOC 2) to audit engagementsRisk Assessment : Conduct risk assessments for assigned business areas and contribute to enterprise risk discussionsControl Mapping : Map controls across multiple compliance requirements to identify gaps and redundanciesRegulatory Updates : Stay current with changing regulations affecting assigned audit areasProcess Improvement
Audit Efficiency : Identify opportunities to streamline audit processes through automation or improved proceduresTool Implementation : Evaluate and implement new audit tools and technologiesBest Practice Research : Research industry best practices and incorporate them into the audit approachContinuous Monitoring : Contribute to the development of continuous monitoring capabilitiesMinimum Qualifications
Education & Experience
Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or related field7 years of professional experience in IT security, with at least 4 years focused on internal security auditingDemonstrated experience serving as lead auditor on complex engagementsProven track record of building strong client relationships and influencing positive security changesCore Competencies
Internal Audit Expertise : Deep understanding of internal audit standards, methodologies, and best practicesClient Management : Excellent interpersonal skills with the ability to build trust and manage challenging conversationsTechnical Proficiency : Strong technical knowledge across infrastructure, applications, and cloud environmentsRisk Assessment : Ability to identify, evaluate, and prioritize risks based on business impactProject Management : Skills to manage multiple engagements and meet deadlines consistentlyTechnical Requirements
Audit Tools : Proficiency with audit management software, data analytics tools, and automated testing solutionsSecurity Technologies : Working knowledge of security controls, including IAM, encryption, logging, and monitoringCompliance Frameworks : Understanding of major frameworks (NIST CSF, ISO 27001, COBIT, SOC 2)Cloud Platforms : Familiarity with AWS or Azure, security controls and assessment techniquesPreferred Qualifications
Certifications
Professional Certifications : CISA, CISM, CISSP, or CIACloud Certifications : AWS Security, Azure Security, or equivalentSpecialized Certifications : CRISC, CGEIT, or relevant industry certificationsAdvanced Experience
Consulting Background : Experience in Big 4 or internal audit consultingIndustry Knowledge : Experience in higher education or financial servicesSpecialized Audits : Background in application security reviews, cloud audits, or data privacy assessments15 years of Information Security experience, including an understanding of all security domainsSpecific Responsibilities
Annual Planning Support
Participate in annual risk assessment workshopsProvide input on audit universe and risk rankingsRecommend audit scope and timing based on client knowledgeAssist in resource planning and schedulingContribute to audit plan presentation materialsClient Relationship Management
Maintain regular touchpoints with key client contactsProactively identify emerging risks in assigned areasFacilitate audit planning meetings with clientsManage remediation follow-up activitiesBuild network of contacts across the organizationQuality Assurance
Ensure compliance with internal audit standardsMaintain comprehensive audit documentationParticipate in peer reviewsContribute to quality improvement initiativesSupport external quality assessmentsHigher Education Specific Requirements
Understanding of FERPA, GLBA compliance requirementsFamiliarity with student information systemsKnowledge of research compliance and data securityExperience with Federal Tax Information (FTI) requirementsUnderstanding of Controlled Unclassified Information (CUI) handlingAwareness of unique higher education IT environment challengeWork Environment
Location : Salt Lake City, Utah (In office 4 days per week)Work Schedule : Standard business hours with flexibility for project deadlinesPosition & Application Details
Full-Time Regular Positions (classified as regular and working 40 standard weekly hours) : This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.
How to Apply : If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.
Additional Information
Disclaimer : The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.
Accommodations : Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.
Equal Employment Opportunity : All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.
