If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The current information security landscape is technically complex and constantly changing. The IT Security Analyst II uses their knowledge of current security methods and standards to gather operational information and assess and analyze tools, systems, and processes in defense of applications, systems, and networks and collaborate with Infrastructure and business teams.

About the Role:

The Risk Assessment Analyst II will work as a team member of WGU’s Risk Management Team. This individual will have practical experience in cyber & IT risk management practices, specifically as it relates to information security. The analyst will conduct internal, third-party, and supplier risk assessments and provide control recommendations and oversee control implementation.

Essential Functions and Responsibilities:

• Function as a lead analyst in one or more efforts to assist with risk analysis, third-party risk, exception to policy analysis and other security efforts.
• Recommend and support the creation of tools, processes, and communications that support information security initiatives. Participate in the development of security policies, standards and procedures.
• Develop and apply standards and procedures regarding security tools.
• Participate in tactical projects as they arise to clarify and respond to identified security risks across different technical domains.
• Conduct security risk assessments related to internal systems, projects, third-parties, suppliers, etc. based on industry accepted best practices; including, but not limited to NIST and similar frameworks.
• Conduct Open-Source Intelligence (OSINT) research on third-parties, suppliers, and applications with regards to the security profile of the Target of Evaluation (ToE) .
• Review Exception to Policy requests.
• Work with engineers, architects, and other security professionals to understand risk of a system, project, third-party, supplier, or application and recommend security controls to mitigate known risks.
• Work with IT and business unit management to assure third-parties, applications, and suppliers are aligned with the university’s security requirements.
• Provide guidance and assistance to operational teams and third-parties to remediate security deficiencies identified in risk assessments.
• Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contribute to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.
• Measure, collect, and report on key information security services and risk indicators.
• Identify process gaps; recommend and support process improvement.
• Act as an advocate for Information Security to help the business understand information security risks, standards, and best practices as they relate to third parties and products.
• Ability to identify internal and external trends to identify risks.
• Ability to articulate risk to management.

What you'll need or Minimum qualification:

• Bachelor’s Degree in related field and 2 years of relevant work experience or 4-5 years minimum of Information Security experience.
• Experience with security industry standards and best practices. Proven experience with interpretation and implementation of those standards in a corporate environment.
• Experience recommending additional security requirements and safeguards.
• Experience with cyber-security and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data.
• Knowledge of risk management best practices and frameworks.
• Strong analytical and problem-solving skills.
• Good written and oral communication skills.
• Solution-driven approach to problems.
• Detail oriented and result driven.

Nice to have:

· Industry certification (e.g., CISSP, CISM, CRISC, CISA).

Location: Guadalajara

This role is currently remote within México; the position will shift to a hybrid model once our Guadalajara office opens.

• As an equal opportunity employer, we recognize our strength lies in our people and commit to creating an inclusive environment where all can thrive, regardless of race, age, gender orientation, sexual orientation, religion, or disability.
  
• Job Description Disclaimer: This position description provides the major duties/responsibilities, requirements, and working conditions for the position. It is intended to be an accurate reflection of the current position; however, management reserves the right to revise or change as necessary to meet organizational needs. Other responsibilities may be assigned when circumstances require.
  
• This role includes participation in a rotating on-call schedule shared among team members to ensure support coverage outside regular hours. Rotation may be required depending on team needs. We value the “you build it, you own it” principle — on-call participation reflects our commitment to ownership, accountability, and reliability.

• Learn more about our WGU Mexico Team by clicking here.

#LI-OM1

This role includes participation in a rotating on-call schedule shared among team members to ensure support coverage outside regular hours. Rotation may be required depending on team needs. We value the “you build it, you own it” principle — on-call participation reflects our commitment to ownership, accountability, and reliability.

Learn more about our WGU Mexico Team by clicking here.